Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
07/05/2024, 22:17
General
-
Target
21f540803536903cd73ffa714fcd3408_JaffaCakes118.exe
-
Size
69KB
-
MD5
21f540803536903cd73ffa714fcd3408
-
SHA1
5d4f87a482efbf40770a78c1e511e093a44a10c8
-
SHA256
bfc229406b2dce68ec16b7972d9d3bf6f9c2f0846bc4b1d35a50081a96fae688
-
SHA512
7d0f7c4420343ff14aa75d97ab7db7ae1b297a18f3b57360a28e3ce62db9e67df58132ace55b6a4ce24d75963b835bf84f64dd32607fe43ab6831512eea0f48c
-
SSDEEP
1536:JvQBeOGtrYS3srx93UBWfwC6Ggnouy8WFRxZOQ+p9D:JhOmTsF93UYfwC6GIoutWFfp+vD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 51 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\21f540803536903cd73ffa714fcd3408_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\21f540803536903cd73ffa714fcd3408_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\4206662.exec:\4206662.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\828088.exec:\828088.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrrlr.exec:\rxlrrlr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllrrf.exec:\lfllrrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48000.exec:\48000.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8680062.exec:\8680062.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbbh.exec:\thtbbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42844.exec:\42844.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnhh.exec:\hbnnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrrlf.exec:\rxfrrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\202806.exec:\202806.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\866220.exec:\866220.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxrr.exec:\xxfxxrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtthn.exec:\thtthn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2028440.exec:\2028440.exe17⤵
- Executes dropped EXE
-
\??\c:\tnbntt.exec:\tnbntt.exe18⤵
- Executes dropped EXE
-
\??\c:\442406.exec:\442406.exe19⤵
- Executes dropped EXE
-
\??\c:\xrffrrx.exec:\xrffrrx.exe20⤵
- Executes dropped EXE
-
\??\c:\9htttt.exec:\9htttt.exe21⤵
- Executes dropped EXE
-
\??\c:\u624006.exec:\u624006.exe22⤵
- Executes dropped EXE
-
\??\c:\6644000.exec:\6644000.exe23⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe24⤵
- Executes dropped EXE
-
\??\c:\hthnbh.exec:\hthnbh.exe25⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe26⤵
- Executes dropped EXE
-
\??\c:\042444.exec:\042444.exe27⤵
- Executes dropped EXE
-
\??\c:\i646228.exec:\i646228.exe28⤵
- Executes dropped EXE
-
\??\c:\480644.exec:\480644.exe29⤵
- Executes dropped EXE
-
\??\c:\4644888.exec:\4644888.exe30⤵
- Executes dropped EXE
-
\??\c:\fxlfrxx.exec:\fxlfrxx.exe31⤵
- Executes dropped EXE
-
\??\c:\88426.exec:\88426.exe32⤵
- Executes dropped EXE
-
\??\c:\rlfrflx.exec:\rlfrflx.exe33⤵
- Executes dropped EXE
-
\??\c:\llffrlx.exec:\llffrlx.exe34⤵
- Executes dropped EXE
-
\??\c:\xrllxxf.exec:\xrllxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\602406.exec:\602406.exe36⤵
- Executes dropped EXE
-
\??\c:\frfffll.exec:\frfffll.exe37⤵
- Executes dropped EXE
-
\??\c:\k42466.exec:\k42466.exe38⤵
- Executes dropped EXE
-
\??\c:\0044662.exec:\0044662.exe39⤵
- Executes dropped EXE
-
\??\c:\7xfxxxf.exec:\7xfxxxf.exe40⤵
- Executes dropped EXE
-
\??\c:\dpvdj.exec:\dpvdj.exe41⤵
- Executes dropped EXE
-
\??\c:\thnbbb.exec:\thnbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\48442.exec:\48442.exe43⤵
- Executes dropped EXE
-
\??\c:\02286.exec:\02286.exe44⤵
- Executes dropped EXE
-
\??\c:\6406662.exec:\6406662.exe45⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe46⤵
- Executes dropped EXE
-
\??\c:\c862446.exec:\c862446.exe47⤵
- Executes dropped EXE
-
\??\c:\2640644.exec:\2640644.exe48⤵
- Executes dropped EXE
-
\??\c:\68406.exec:\68406.exe49⤵
- Executes dropped EXE
-
\??\c:\208804.exec:\208804.exe50⤵
- Executes dropped EXE
-
\??\c:\ttntbn.exec:\ttntbn.exe51⤵
- Executes dropped EXE
-
\??\c:\k80602.exec:\k80602.exe52⤵
- Executes dropped EXE
-
\??\c:\200026.exec:\200026.exe53⤵
- Executes dropped EXE
-
\??\c:\226246.exec:\226246.exe54⤵
- Executes dropped EXE
-
\??\c:\tthnnt.exec:\tthnnt.exe55⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe56⤵
- Executes dropped EXE
-
\??\c:\xrxfrrx.exec:\xrxfrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\3vpvp.exec:\3vpvp.exe58⤵
- Executes dropped EXE
-
\??\c:\1vjvv.exec:\1vjvv.exe59⤵
- Executes dropped EXE
-
\??\c:\7rflfxf.exec:\7rflfxf.exe60⤵
- Executes dropped EXE
-
\??\c:\hbthhh.exec:\hbthhh.exe61⤵
- Executes dropped EXE
-
\??\c:\xrllrlr.exec:\xrllrlr.exe62⤵
- Executes dropped EXE
-
\??\c:\3jvvj.exec:\3jvvj.exe63⤵
- Executes dropped EXE
-
\??\c:\7nbtnn.exec:\7nbtnn.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxffxx.exec:\rlxffxx.exe65⤵
- Executes dropped EXE
-
\??\c:\1bnthh.exec:\1bnthh.exe66⤵
-
\??\c:\5btnnn.exec:\5btnnn.exe67⤵
-
\??\c:\2002484.exec:\2002484.exe68⤵
-
\??\c:\7nhnbb.exec:\7nhnbb.exe69⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe70⤵
-
\??\c:\80624.exec:\80624.exe71⤵
-
\??\c:\424028.exec:\424028.exe72⤵
-
\??\c:\480022.exec:\480022.exe73⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe74⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe75⤵
-
\??\c:\9bhntb.exec:\9bhntb.exe76⤵
-
\??\c:\xrrrxrf.exec:\xrrrxrf.exe77⤵
-
\??\c:\3lffxrl.exec:\3lffxrl.exe78⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe79⤵
-
\??\c:\u062840.exec:\u062840.exe80⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe81⤵
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe82⤵
-
\??\c:\8022848.exec:\8022848.exe83⤵
-
\??\c:\420460.exec:\420460.exe84⤵
-
\??\c:\7xflfff.exec:\7xflfff.exe85⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe86⤵
-
\??\c:\224400.exec:\224400.exe87⤵
-
\??\c:\42002.exec:\42002.exe88⤵
-
\??\c:\280002.exec:\280002.exe89⤵
-
\??\c:\04446.exec:\04446.exe90⤵
-
\??\c:\hnbhhn.exec:\hnbhhn.exe91⤵
-
\??\c:\482244.exec:\482244.exe92⤵
-
\??\c:\9bttbb.exec:\9bttbb.exe93⤵
-
\??\c:\xxxxxlr.exec:\xxxxxlr.exe94⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe95⤵
-
\??\c:\2000262.exec:\2000262.exe96⤵
-
\??\c:\280826.exec:\280826.exe97⤵
-
\??\c:\4246666.exec:\4246666.exe98⤵
-
\??\c:\5vjpd.exec:\5vjpd.exe99⤵
-
\??\c:\2406224.exec:\2406224.exe100⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe101⤵
-
\??\c:\9nbbhn.exec:\9nbbhn.exe102⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe103⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe104⤵
-
\??\c:\hhnttn.exec:\hhnttn.exe105⤵
-
\??\c:\9rxrrrx.exec:\9rxrrrx.exe106⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe107⤵
-
\??\c:\9ddjj.exec:\9ddjj.exe108⤵
-
\??\c:\bhnbtb.exec:\bhnbtb.exe109⤵
-
\??\c:\xlllllx.exec:\xlllllx.exe110⤵
-
\??\c:\s2686.exec:\s2686.exe111⤵
-
\??\c:\606244.exec:\606244.exe112⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe113⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe114⤵
-
\??\c:\5flflrx.exec:\5flflrx.exe115⤵
-
\??\c:\tnhntn.exec:\tnhntn.exe116⤵
-
\??\c:\4244006.exec:\4244006.exe117⤵
-
\??\c:\m6840.exec:\m6840.exe118⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe119⤵
-
\??\c:\806006.exec:\806006.exe120⤵
-
\??\c:\k24082.exec:\k24082.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-