Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
08-05-2024 17:07
General
-
Target
25d9cbbdbb52b1c236b517884fae28ef_JaffaCakes118.exe
-
Size
377KB
-
MD5
25d9cbbdbb52b1c236b517884fae28ef
-
SHA1
c8274516ccc464203f1541cd3a25c2c4e9e96482
-
SHA256
2af3b94af46618ff14c9597e22f42a8b75a7dccbb5e0a7ca6eb5bb156e9bffb4
-
SHA512
e905854181fba867fedb6445221fe29fcf4d5a718015936ab9599f5bbe4b7dfb0aa04261027b914653cac2b6066a86b05a803c9ae5cc264e6ba61c6d7e4d2b31
-
SSDEEP
3072:8hOm2sI93UufdC67cimD5t251UrRE9TTFw8TCK:8cm7ImGddXmNt251UriZFwGCK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\25d9cbbdbb52b1c236b517884fae28ef_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\25d9cbbdbb52b1c236b517884fae28ef_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxrlr.exec:\fflxrlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbtnt.exec:\3tbtnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlfxl.exec:\fxxlfxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbtbh.exec:\7bbtbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9htnhb.exec:\9htnhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxfx.exec:\fllfxfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbthh.exec:\7hbthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frlffx.exec:\1frlffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrrl.exec:\rllxrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnnt.exec:\hnnnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbthh.exec:\ntbthh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpj.exec:\1vvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhnn.exec:\nbnhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhhb.exec:\hhnhhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffxflf.exec:\1ffxflf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhh.exec:\btbbhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjd.exec:\ppvjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrlff.exec:\rrxrlff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlfxr.exec:\xfrlfxr.exe23⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe24⤵
- Executes dropped EXE
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe26⤵
- Executes dropped EXE
-
\??\c:\thhhtb.exec:\thhhtb.exe27⤵
- Executes dropped EXE
-
\??\c:\5ffrfxr.exec:\5ffrfxr.exe28⤵
- Executes dropped EXE
-
\??\c:\9vjdv.exec:\9vjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\nbhttn.exec:\nbhttn.exe30⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe31⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe32⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe34⤵
- Executes dropped EXE
-
\??\c:\fllffxr.exec:\fllffxr.exe35⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe36⤵
- Executes dropped EXE
-
\??\c:\rxfxxlx.exec:\rxfxxlx.exe37⤵
- Executes dropped EXE
-
\??\c:\9rfffff.exec:\9rfffff.exe38⤵
- Executes dropped EXE
-
\??\c:\tnnttt.exec:\tnnttt.exe39⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe40⤵
- Executes dropped EXE
-
\??\c:\1llrrrr.exec:\1llrrrr.exe41⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe43⤵
- Executes dropped EXE
-
\??\c:\3xxfrrr.exec:\3xxfrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\xlllfff.exec:\xlllfff.exe45⤵
- Executes dropped EXE
-
\??\c:\btnbbt.exec:\btnbbt.exe46⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe47⤵
- Executes dropped EXE
-
\??\c:\xffxllx.exec:\xffxllx.exe48⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe49⤵
- Executes dropped EXE
-
\??\c:\5hnbbt.exec:\5hnbbt.exe50⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\lflffll.exec:\lflffll.exe52⤵
- Executes dropped EXE
-
\??\c:\ntbtbb.exec:\ntbtbb.exe53⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\llrxxxr.exec:\llrxxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\xfrlflf.exec:\xfrlflf.exe56⤵
- Executes dropped EXE
-
\??\c:\1ttnnn.exec:\1ttnnn.exe57⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\lflfxxf.exec:\lflfxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\hhhbbt.exec:\hhhbbt.exe60⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe61⤵
- Executes dropped EXE
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\lfxrrrr.exec:\lfxrrrr.exe63⤵
- Executes dropped EXE
-
\??\c:\thhbbt.exec:\thhbbt.exe64⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe66⤵
-
\??\c:\9bhhbh.exec:\9bhhbh.exe67⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe68⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe69⤵
-
\??\c:\xxxlfrr.exec:\xxxlfrr.exe70⤵
-
\??\c:\5ttttt.exec:\5ttttt.exe71⤵
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe72⤵
-
\??\c:\1tnnhh.exec:\1tnnhh.exe73⤵
-
\??\c:\5pvpp.exec:\5pvpp.exe74⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe75⤵
-
\??\c:\rflfxrr.exec:\rflfxrr.exe76⤵
-
\??\c:\rffrffr.exec:\rffrffr.exe77⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe78⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe79⤵
-
\??\c:\rllxxrr.exec:\rllxxrr.exe80⤵
-
\??\c:\5ntnnn.exec:\5ntnnn.exe81⤵
-
\??\c:\jddvv.exec:\jddvv.exe82⤵
-
\??\c:\rflfffx.exec:\rflfffx.exe83⤵
-
\??\c:\1tthnh.exec:\1tthnh.exe84⤵
-
\??\c:\thttnh.exec:\thttnh.exe85⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe86⤵
-
\??\c:\fflxrlf.exec:\fflxrlf.exe87⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe88⤵
-
\??\c:\htbbbn.exec:\htbbbn.exe89⤵
-
\??\c:\vppjp.exec:\vppjp.exe90⤵
-
\??\c:\lrfxrrl.exec:\lrfxrrl.exe91⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe92⤵
-
\??\c:\tnthbt.exec:\tnthbt.exe93⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe94⤵
-
\??\c:\flllfxr.exec:\flllfxr.exe95⤵
-
\??\c:\7btnnn.exec:\7btnnn.exe96⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe97⤵
-
\??\c:\5xxrlff.exec:\5xxrlff.exe98⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe99⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe100⤵
-
\??\c:\pjppj.exec:\pjppj.exe101⤵
-
\??\c:\rrrlxxf.exec:\rrrlxxf.exe102⤵
-
\??\c:\bnhbhh.exec:\bnhbhh.exe103⤵
-
\??\c:\djjvj.exec:\djjvj.exe104⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe105⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe106⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe107⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe108⤵
-
\??\c:\fxrlffr.exec:\fxrlffr.exe109⤵
-
\??\c:\9llfxrl.exec:\9llfxrl.exe110⤵
-
\??\c:\tnnbtn.exec:\tnnbtn.exe111⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe112⤵
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe113⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe114⤵
-
\??\c:\5ntthh.exec:\5ntthh.exe115⤵
-
\??\c:\5ddpd.exec:\5ddpd.exe116⤵
-
\??\c:\flrxxrr.exec:\flrxxrr.exe117⤵
-
\??\c:\nttthh.exec:\nttthh.exe118⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe119⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe120⤵
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-