Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
08/05/2024, 17:07
General
-
Target
25d9cbbdbb52b1c236b517884fae28ef_JaffaCakes118.exe
-
Size
377KB
-
MD5
25d9cbbdbb52b1c236b517884fae28ef
-
SHA1
c8274516ccc464203f1541cd3a25c2c4e9e96482
-
SHA256
2af3b94af46618ff14c9597e22f42a8b75a7dccbb5e0a7ca6eb5bb156e9bffb4
-
SHA512
e905854181fba867fedb6445221fe29fcf4d5a718015936ab9599f5bbe4b7dfb0aa04261027b914653cac2b6066a86b05a803c9ae5cc264e6ba61c6d7e4d2b31
-
SSDEEP
3072:8hOm2sI93UufdC67cimD5t251UrRE9TTFw8TCK:8cm7ImGddXmNt251UriZFwGCK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\25d9cbbdbb52b1c236b517884fae28ef_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\25d9cbbdbb52b1c236b517884fae28ef_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\flflfxl.exec:\flflfxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrllx.exec:\rlfrllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhn.exec:\hbtbhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrffl.exec:\rxlrffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhtnt.exec:\9nhtnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpd.exec:\jdjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxlrf.exec:\rxrxlrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtb.exec:\bthhtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djvj.exec:\1djvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllllr.exec:\llllllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjp.exec:\jjvjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfflrx.exec:\3lfflrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvvj.exec:\1dvvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrllx.exec:\fxlrllx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtbb.exec:\nnhtbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdj.exec:\jvpdj.exe17⤵
- Executes dropped EXE
-
\??\c:\ttttnh.exec:\ttttnh.exe18⤵
- Executes dropped EXE
-
\??\c:\bnhntt.exec:\bnhntt.exe19⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe20⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe21⤵
- Executes dropped EXE
-
\??\c:\lfrxflx.exec:\lfrxflx.exe22⤵
- Executes dropped EXE
-
\??\c:\3ffxffl.exec:\3ffxffl.exe23⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe24⤵
- Executes dropped EXE
-
\??\c:\nnbhhh.exec:\nnbhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\vvjpd.exec:\vvjpd.exe26⤵
- Executes dropped EXE
-
\??\c:\lfrrflr.exec:\lfrrflr.exe27⤵
- Executes dropped EXE
-
\??\c:\5jppd.exec:\5jppd.exe28⤵
- Executes dropped EXE
-
\??\c:\1frrffx.exec:\1frrffx.exe29⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe30⤵
- Executes dropped EXE
-
\??\c:\7lflxxf.exec:\7lflxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\tnbbbb.exec:\tnbbbb.exe32⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe33⤵
- Executes dropped EXE
-
\??\c:\tnhtbn.exec:\tnhtbn.exe34⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe35⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe36⤵
- Executes dropped EXE
-
\??\c:\lxxfrlx.exec:\lxxfrlx.exe37⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe38⤵
- Executes dropped EXE
-
\??\c:\pvpvp.exec:\pvpvp.exe39⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe40⤵
- Executes dropped EXE
-
\??\c:\lllrllf.exec:\lllrllf.exe41⤵
- Executes dropped EXE
-
\??\c:\btbbhn.exec:\btbbhn.exe42⤵
- Executes dropped EXE
-
\??\c:\1hbbtb.exec:\1hbbtb.exe43⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe44⤵
- Executes dropped EXE
-
\??\c:\5xrxxxl.exec:\5xrxxxl.exe45⤵
- Executes dropped EXE
-
\??\c:\btnbth.exec:\btnbth.exe46⤵
- Executes dropped EXE
-
\??\c:\tthnnt.exec:\tthnnt.exe47⤵
- Executes dropped EXE
-
\??\c:\5vdpv.exec:\5vdpv.exe48⤵
- Executes dropped EXE
-
\??\c:\lfxfrfx.exec:\lfxfrfx.exe49⤵
- Executes dropped EXE
-
\??\c:\tnbhnh.exec:\tnbhnh.exe50⤵
- Executes dropped EXE
-
\??\c:\hbbbnh.exec:\hbbbnh.exe51⤵
- Executes dropped EXE
-
\??\c:\7ddjv.exec:\7ddjv.exe52⤵
- Executes dropped EXE
-
\??\c:\rxrrffl.exec:\rxrrffl.exe53⤵
- Executes dropped EXE
-
\??\c:\xfrxlrr.exec:\xfrxlrr.exe54⤵
- Executes dropped EXE
-
\??\c:\hhthtn.exec:\hhthtn.exe55⤵
- Executes dropped EXE
-
\??\c:\jddjp.exec:\jddjp.exe56⤵
- Executes dropped EXE
-
\??\c:\5vpdp.exec:\5vpdp.exe57⤵
- Executes dropped EXE
-
\??\c:\fffrxxf.exec:\fffrxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\fxrxlrr.exec:\fxrxlrr.exe59⤵
- Executes dropped EXE
-
\??\c:\1hbtnt.exec:\1hbtnt.exe60⤵
- Executes dropped EXE
-
\??\c:\1vjjv.exec:\1vjjv.exe61⤵
- Executes dropped EXE
-
\??\c:\3fxfrrf.exec:\3fxfrrf.exe62⤵
- Executes dropped EXE
-
\??\c:\1tntnb.exec:\1tntnb.exe63⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe64⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe65⤵
- Executes dropped EXE
-
\??\c:\ffrrrrx.exec:\ffrrrrx.exe66⤵
-
\??\c:\ffxfrxf.exec:\ffxfrxf.exe67⤵
-
\??\c:\bttthh.exec:\bttthh.exe68⤵
-
\??\c:\vddvv.exec:\vddvv.exe69⤵
-
\??\c:\3frxllx.exec:\3frxllx.exe70⤵
-
\??\c:\rxffrrl.exec:\rxffrrl.exe71⤵
-
\??\c:\nhbnbn.exec:\nhbnbn.exe72⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe73⤵
-
\??\c:\3xrlllr.exec:\3xrlllr.exe74⤵
-
\??\c:\lllrxlr.exec:\lllrxlr.exe75⤵
-
\??\c:\tnntbb.exec:\tnntbb.exe76⤵
-
\??\c:\7pjvj.exec:\7pjvj.exe77⤵
-
\??\c:\xrffllx.exec:\xrffllx.exe78⤵
-
\??\c:\fxrrffx.exec:\fxrrffx.exe79⤵
-
\??\c:\ntbbnt.exec:\ntbbnt.exe80⤵
-
\??\c:\7ttnhn.exec:\7ttnhn.exe81⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe82⤵
-
\??\c:\llflffl.exec:\llflffl.exe83⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe84⤵
-
\??\c:\3ntbth.exec:\3ntbth.exe85⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe86⤵
-
\??\c:\xrrxlxl.exec:\xrrxlxl.exe87⤵
-
\??\c:\hnhtnh.exec:\hnhtnh.exe88⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe89⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe90⤵
-
\??\c:\rlrfrxx.exec:\rlrfrxx.exe91⤵
-
\??\c:\9rlfrlx.exec:\9rlfrlx.exe92⤵
-
\??\c:\nbtbhn.exec:\nbtbhn.exe93⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe94⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe95⤵
-
\??\c:\3xxfxrf.exec:\3xxfxrf.exe96⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe97⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe98⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe99⤵
-
\??\c:\9lfrrlf.exec:\9lfrrlf.exe100⤵
-
\??\c:\lxrxffr.exec:\lxrxffr.exe101⤵
-
\??\c:\7btbbb.exec:\7btbbb.exe102⤵
-
\??\c:\jdddd.exec:\jdddd.exe103⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe104⤵
-
\??\c:\ffxffrl.exec:\ffxffrl.exe105⤵
-
\??\c:\3bntbh.exec:\3bntbh.exe106⤵
-
\??\c:\btnttb.exec:\btnttb.exe107⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe108⤵
-
\??\c:\rfxfrlx.exec:\rfxfrlx.exe109⤵
-
\??\c:\nhbhbn.exec:\nhbhbn.exe110⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe111⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe112⤵
-
\??\c:\xrflrrf.exec:\xrflrrf.exe113⤵
-
\??\c:\nhbbnb.exec:\nhbbnb.exe114⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe115⤵
-
\??\c:\jvppp.exec:\jvppp.exe116⤵
-
\??\c:\1fxflrl.exec:\1fxflrl.exe117⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe118⤵
-
\??\c:\nhtbtb.exec:\nhtbtb.exe119⤵
-
\??\c:\vppvp.exec:\vppvp.exe120⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-