Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05-05-2024 08:12
General
-
Target
16c404b1b2457e774eef9decec245e74_JaffaCakes118.exe
-
Size
215KB
-
MD5
16c404b1b2457e774eef9decec245e74
-
SHA1
2a941d253d0088f487f5838a585247ea84aaf8b6
-
SHA256
19c238f30458b392902f9bfe66d65ab0d72e6964ba648faca28902907ffddcb2
-
SHA512
a3d8019f0027813b144b88cb58ea3a7a365675bb0fca773fee66efa9be4c5c9621789b5485035470f4bc015dc2a98d9ba7250078149f6fc5a22d5ac6942e70cc
-
SSDEEP
1536:evQBeOGtrYSSsrc93UBIfdC67m6AJiqzgLrTKBk3IU39TeYmKH:ehOm2sI93UufdC67ciRLPvx3teYmS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 48 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 57 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\16c404b1b2457e774eef9decec245e74_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\16c404b1b2457e774eef9decec245e74_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vhrhfrt.exec:\vhrhfrt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lnddxld.exec:\lnddxld.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxnd.exec:\xfxnd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxddlv.exec:\bxddlv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dltjf.exec:\dltjf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtftv.exec:\vtftv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnptld.exec:\rnptld.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjfjtd.exec:\vvjfjtd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thrfptn.exec:\thrfptn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jphlp.exec:\jphlp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnttxr.exec:\pnttxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vttfht.exec:\vttfht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbfhhj.exec:\lbfhhj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhttpjr.exec:\dhttpjr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhddth.exec:\bhddth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfptpr.exec:\dfptpr.exe17⤵
- Executes dropped EXE
-
\??\c:\trffjvf.exec:\trffjvf.exe18⤵
- Executes dropped EXE
-
\??\c:\rddrh.exec:\rddrh.exe19⤵
- Executes dropped EXE
-
\??\c:\phlbhv.exec:\phlbhv.exe20⤵
- Executes dropped EXE
-
\??\c:\dhlfndv.exec:\dhlfndv.exe21⤵
- Executes dropped EXE
-
\??\c:\jbjpdr.exec:\jbjpdr.exe22⤵
- Executes dropped EXE
-
\??\c:\dtnff.exec:\dtnff.exe23⤵
- Executes dropped EXE
-
\??\c:\hjjjt.exec:\hjjjt.exe24⤵
- Executes dropped EXE
-
\??\c:\htptppx.exec:\htptppx.exe25⤵
- Executes dropped EXE
-
\??\c:\hpjnbp.exec:\hpjnbp.exe26⤵
- Executes dropped EXE
-
\??\c:\xhrpv.exec:\xhrpv.exe27⤵
- Executes dropped EXE
-
\??\c:\xrflth.exec:\xrflth.exe28⤵
- Executes dropped EXE
-
\??\c:\hpbjx.exec:\hpbjx.exe29⤵
- Executes dropped EXE
-
\??\c:\fjlprf.exec:\fjlprf.exe30⤵
- Executes dropped EXE
-
\??\c:\jfxvhh.exec:\jfxvhh.exe31⤵
- Executes dropped EXE
-
\??\c:\ndlbrn.exec:\ndlbrn.exe32⤵
- Executes dropped EXE
-
\??\c:\xjljpd.exec:\xjljpd.exe33⤵
- Executes dropped EXE
-
\??\c:\djnjf.exec:\djnjf.exe34⤵
- Executes dropped EXE
-
\??\c:\jvldl.exec:\jvldl.exe35⤵
- Executes dropped EXE
-
\??\c:\rxrjrd.exec:\rxrjrd.exe36⤵
- Executes dropped EXE
-
\??\c:\hljnrl.exec:\hljnrl.exe37⤵
- Executes dropped EXE
-
\??\c:\ntrvtxf.exec:\ntrvtxf.exe38⤵
- Executes dropped EXE
-
\??\c:\hlhltt.exec:\hlhltt.exe39⤵
- Executes dropped EXE
-
\??\c:\bphdrpn.exec:\bphdrpn.exe40⤵
- Executes dropped EXE
-
\??\c:\thrdr.exec:\thrdr.exe41⤵
- Executes dropped EXE
-
\??\c:\vhpdf.exec:\vhpdf.exe42⤵
- Executes dropped EXE
-
\??\c:\pbbvlh.exec:\pbbvlh.exe43⤵
- Executes dropped EXE
-
\??\c:\txxlbjv.exec:\txxlbjv.exe44⤵
- Executes dropped EXE
-
\??\c:\rndtx.exec:\rndtx.exe45⤵
- Executes dropped EXE
-
\??\c:\xdpnljl.exec:\xdpnljl.exe46⤵
- Executes dropped EXE
-
\??\c:\fndht.exec:\fndht.exe47⤵
- Executes dropped EXE
-
\??\c:\hnxhlx.exec:\hnxhlx.exe48⤵
- Executes dropped EXE
-
\??\c:\hdtdb.exec:\hdtdb.exe49⤵
- Executes dropped EXE
-
\??\c:\vnrlb.exec:\vnrlb.exe50⤵
- Executes dropped EXE
-
\??\c:\brjdnvh.exec:\brjdnvh.exe51⤵
- Executes dropped EXE
-
\??\c:\tnbxhxp.exec:\tnbxhxp.exe52⤵
- Executes dropped EXE
-
\??\c:\prfdf.exec:\prfdf.exe53⤵
- Executes dropped EXE
-
\??\c:\hbjbhbd.exec:\hbjbhbd.exe54⤵
- Executes dropped EXE
-
\??\c:\jxxjj.exec:\jxxjj.exe55⤵
- Executes dropped EXE
-
\??\c:\hjrrb.exec:\hjrrb.exe56⤵
- Executes dropped EXE
-
\??\c:\hnttjfj.exec:\hnttjfj.exe57⤵
- Executes dropped EXE
-
\??\c:\jldjf.exec:\jldjf.exe58⤵
- Executes dropped EXE
-
\??\c:\fbvtvj.exec:\fbvtvj.exe59⤵
- Executes dropped EXE
-
\??\c:\ltbpvnl.exec:\ltbpvnl.exe60⤵
- Executes dropped EXE
-
\??\c:\lpdlllf.exec:\lpdlllf.exe61⤵
- Executes dropped EXE
-
\??\c:\xhnfpj.exec:\xhnfpj.exe62⤵
- Executes dropped EXE
-
\??\c:\lvxlv.exec:\lvxlv.exe63⤵
- Executes dropped EXE
-
\??\c:\dljtnp.exec:\dljtnp.exe64⤵
- Executes dropped EXE
-
\??\c:\xbbdl.exec:\xbbdl.exe65⤵
- Executes dropped EXE
-
\??\c:\lnbbjb.exec:\lnbbjb.exe66⤵
-
\??\c:\nxvpddf.exec:\nxvpddf.exe67⤵
-
\??\c:\vbbbdb.exec:\vbbbdb.exe68⤵
-
\??\c:\hldjh.exec:\hldjh.exe69⤵
-
\??\c:\ljfjp.exec:\ljfjp.exe70⤵
-
\??\c:\lxpvrfv.exec:\lxpvrfv.exe71⤵
-
\??\c:\lndjl.exec:\lndjl.exe72⤵
-
\??\c:\vdtnvd.exec:\vdtnvd.exe73⤵
-
\??\c:\tdnhdd.exec:\tdnhdd.exe74⤵
-
\??\c:\rdvxb.exec:\rdvxb.exe75⤵
-
\??\c:\bndlf.exec:\bndlf.exe76⤵
-
\??\c:\nhtfb.exec:\nhtfb.exe77⤵
-
\??\c:\vdvdpl.exec:\vdvdpl.exe78⤵
-
\??\c:\thrnrl.exec:\thrnrl.exe79⤵
-
\??\c:\thftx.exec:\thftx.exe80⤵
-
\??\c:\rtnvpd.exec:\rtnvpd.exe81⤵
-
\??\c:\vhtlj.exec:\vhtlj.exe82⤵
-
\??\c:\jjjxv.exec:\jjjxv.exe83⤵
-
\??\c:\ntpjld.exec:\ntpjld.exe84⤵
-
\??\c:\vrlbnhr.exec:\vrlbnhr.exe85⤵
-
\??\c:\vnfhv.exec:\vnfhv.exe86⤵
-
\??\c:\dnrlrf.exec:\dnrlrf.exe87⤵
-
\??\c:\txbdjf.exec:\txbdjf.exe88⤵
-
\??\c:\lnvdhtl.exec:\lnvdhtl.exe89⤵
-
\??\c:\ptjll.exec:\ptjll.exe90⤵
-
\??\c:\ppxxnl.exec:\ppxxnl.exe91⤵
-
\??\c:\frjjfx.exec:\frjjfx.exe92⤵
-
\??\c:\rbhtd.exec:\rbhtd.exe93⤵
-
\??\c:\hpvhtnx.exec:\hpvhtnx.exe94⤵
-
\??\c:\vhdfll.exec:\vhdfll.exe95⤵
-
\??\c:\xtxfdp.exec:\xtxfdp.exe96⤵
-
\??\c:\xhfbhj.exec:\xhfbhj.exe97⤵
-
\??\c:\xdlpx.exec:\xdlpx.exe98⤵
-
\??\c:\jxjjbjj.exec:\jxjjbjj.exe99⤵
-
\??\c:\nrxdp.exec:\nrxdp.exe100⤵
-
\??\c:\fvnjrtj.exec:\fvnjrtj.exe101⤵
-
\??\c:\dtpbpf.exec:\dtpbpf.exe102⤵
-
\??\c:\dffnfb.exec:\dffnfb.exe103⤵
-
\??\c:\ntbvr.exec:\ntbvr.exe104⤵
-
\??\c:\pnfjnbj.exec:\pnfjnbj.exe105⤵
-
\??\c:\xnrvr.exec:\xnrvr.exe106⤵
-
\??\c:\xlxjtt.exec:\xlxjtt.exe107⤵
-
\??\c:\btbprr.exec:\btbprr.exe108⤵
-
\??\c:\ltrjnhd.exec:\ltrjnhd.exe109⤵
-
\??\c:\vtxhbl.exec:\vtxhbl.exe110⤵
-
\??\c:\jlrlt.exec:\jlrlt.exe111⤵
-
\??\c:\fllnlp.exec:\fllnlp.exe112⤵
-
\??\c:\xxbhbxb.exec:\xxbhbxb.exe113⤵
-
\??\c:\bphrvbh.exec:\bphrvbh.exe114⤵
-
\??\c:\lvnvx.exec:\lvnvx.exe115⤵
-
\??\c:\jtvbrn.exec:\jtvbrn.exe116⤵
-
\??\c:\bpdbdb.exec:\bpdbdb.exe117⤵
-
\??\c:\nxbjjl.exec:\nxbjjl.exe118⤵
-
\??\c:\jxbhtlb.exec:\jxbhtlb.exe119⤵
-
\??\c:\xtjhlxt.exec:\xtjhlxt.exe120⤵
-
\??\c:\ltxxb.exec:\ltxxb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-