Analysis
-
max time kernel
150s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
05-05-2024 08:12
General
-
Target
16c404b1b2457e774eef9decec245e74_JaffaCakes118.exe
-
Size
215KB
-
MD5
16c404b1b2457e774eef9decec245e74
-
SHA1
2a941d253d0088f487f5838a585247ea84aaf8b6
-
SHA256
19c238f30458b392902f9bfe66d65ab0d72e6964ba648faca28902907ffddcb2
-
SHA512
a3d8019f0027813b144b88cb58ea3a7a365675bb0fca773fee66efa9be4c5c9621789b5485035470f4bc015dc2a98d9ba7250078149f6fc5a22d5ac6942e70cc
-
SSDEEP
1536:evQBeOGtrYSSsrc93UBIfdC67m6AJiqzgLrTKBk3IU39TeYmKH:ehOm2sI93UufdC67ciRLPvx3teYmS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\16c404b1b2457e774eef9decec245e74_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\16c404b1b2457e774eef9decec245e74_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnbh.exec:\nttnbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjv.exec:\7vpjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhbnn.exec:\1hhbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbthh.exec:\hbbthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfxlxr.exec:\3lfxlxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtn.exec:\hbbbtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhhbn.exec:\9bhhbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhhtt.exec:\5nhhtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvvp.exec:\5dvvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvj.exec:\dddvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxr.exec:\rllfxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlffx.exec:\flrlffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxrfxl.exec:\9lxrfxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjd.exec:\pvdjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxrrl.exec:\frfxrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbhh.exec:\tbhbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\1djdd.exec:\1djdd.exe24⤵
- Executes dropped EXE
-
\??\c:\lrfxllr.exec:\lrfxllr.exe25⤵
- Executes dropped EXE
-
\??\c:\btttnh.exec:\btttnh.exe26⤵
- Executes dropped EXE
-
\??\c:\5jdvj.exec:\5jdvj.exe27⤵
- Executes dropped EXE
-
\??\c:\xlxrlll.exec:\xlxrlll.exe28⤵
- Executes dropped EXE
-
\??\c:\1tnhbb.exec:\1tnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe30⤵
- Executes dropped EXE
-
\??\c:\1fxrffx.exec:\1fxrffx.exe31⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnnbh.exec:\tnnnbh.exe33⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\ffxxlll.exec:\ffxxlll.exe35⤵
- Executes dropped EXE
-
\??\c:\flrlffx.exec:\flrlffx.exe36⤵
- Executes dropped EXE
-
\??\c:\bhnhhh.exec:\bhnhhh.exe37⤵
- Executes dropped EXE
-
\??\c:\5vppj.exec:\5vppj.exe38⤵
- Executes dropped EXE
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\7rfxffl.exec:\7rfxffl.exe40⤵
- Executes dropped EXE
-
\??\c:\7bhhbb.exec:\7bhhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\7nnnhh.exec:\7nnnhh.exe42⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe43⤵
- Executes dropped EXE
-
\??\c:\5flfllr.exec:\5flfllr.exe44⤵
- Executes dropped EXE
-
\??\c:\xxlfxrr.exec:\xxlfxrr.exe45⤵
- Executes dropped EXE
-
\??\c:\hhhbth.exec:\hhhbth.exe46⤵
- Executes dropped EXE
-
\??\c:\ttnhtt.exec:\ttnhtt.exe47⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe48⤵
- Executes dropped EXE
-
\??\c:\rffxxxr.exec:\rffxxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\thhbtt.exec:\thhbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\pdpvj.exec:\pdpvj.exe53⤵
- Executes dropped EXE
-
\??\c:\xrrlxfx.exec:\xrrlxfx.exe54⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\nnnbnn.exec:\nnnbnn.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\rfxrxxr.exec:\rfxrxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\rflllll.exec:\rflllll.exe59⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\btbthh.exec:\btbthh.exe61⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\lrxrffx.exec:\lrxrffx.exe63⤵
- Executes dropped EXE
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\5thbtt.exec:\5thbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\bbbnhh.exec:\bbbnhh.exe66⤵
-
\??\c:\1jpjv.exec:\1jpjv.exe67⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe68⤵
-
\??\c:\lrfxrrr.exec:\lrfxrrr.exe69⤵
-
\??\c:\9ttnnn.exec:\9ttnnn.exe70⤵
-
\??\c:\1hhbnn.exec:\1hhbnn.exe71⤵
-
\??\c:\ffrrllr.exec:\ffrrllr.exe72⤵
-
\??\c:\nnnhhn.exec:\nnnhhn.exe73⤵
-
\??\c:\9thbbh.exec:\9thbbh.exe74⤵
-
\??\c:\5jddp.exec:\5jddp.exe75⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe76⤵
-
\??\c:\llllffx.exec:\llllffx.exe77⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe78⤵
-
\??\c:\hbnhhb.exec:\hbnhhb.exe79⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe80⤵
-
\??\c:\9lflxxx.exec:\9lflxxx.exe81⤵
-
\??\c:\xrrrllr.exec:\xrrrllr.exe82⤵
-
\??\c:\9tbbtt.exec:\9tbbtt.exe83⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe84⤵
-
\??\c:\lfrllrx.exec:\lfrllrx.exe85⤵
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe86⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe87⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe88⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe89⤵
-
\??\c:\xfxfrlx.exec:\xfxfrlx.exe90⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe91⤵
-
\??\c:\nhhbbn.exec:\nhhbbn.exe92⤵
-
\??\c:\jpddd.exec:\jpddd.exe93⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe94⤵
-
\??\c:\fflffff.exec:\fflffff.exe95⤵
-
\??\c:\1tbbht.exec:\1tbbht.exe96⤵
-
\??\c:\bbthhb.exec:\bbthhb.exe97⤵
-
\??\c:\ddddp.exec:\ddddp.exe98⤵
-
\??\c:\xlxrrll.exec:\xlxrrll.exe99⤵
-
\??\c:\hhnnhb.exec:\hhnnhb.exe100⤵
-
\??\c:\ttthht.exec:\ttthht.exe101⤵
-
\??\c:\9pjdv.exec:\9pjdv.exe102⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe103⤵
-
\??\c:\xxrrflx.exec:\xxrrflx.exe104⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe105⤵
-
\??\c:\bbthhn.exec:\bbthhn.exe106⤵
-
\??\c:\5ppjd.exec:\5ppjd.exe107⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe108⤵
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe109⤵
-
\??\c:\nbnhhn.exec:\nbnhhn.exe110⤵
-
\??\c:\hnnhbh.exec:\hnnhbh.exe111⤵
-
\??\c:\3vvvj.exec:\3vvvj.exe112⤵
-
\??\c:\frxrlxx.exec:\frxrlxx.exe113⤵
-
\??\c:\frllffl.exec:\frllffl.exe114⤵
-
\??\c:\9nnnnn.exec:\9nnnnn.exe115⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe116⤵
-
\??\c:\btbnnh.exec:\btbnnh.exe117⤵
-
\??\c:\3bbhtb.exec:\3bbhtb.exe118⤵
-
\??\c:\vdddp.exec:\vdddp.exe119⤵
-
\??\c:\1xfffff.exec:\1xfffff.exe120⤵
-
\??\c:\rlrxxxx.exec:\rlrxxxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-