Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
11/05/2024, 21:11
General
-
Target
3691355d4ded4891d1d5fcde9798c61d_JaffaCakes118.exe
-
Size
65KB
-
MD5
3691355d4ded4891d1d5fcde9798c61d
-
SHA1
3892319bfe2101e8f5655fa5a48f9a82c8430bc3
-
SHA256
b4b93077b2468bdc61426082b559255ab61294b493f6a0c5d55b2627b4c63e58
-
SHA512
ab49950d73dd216ebd662b4f3e68f4b100f138c2891b1dea3b4f129b62c038c4fd1b927d38db0ba1553204a35448c7f236b019b1b0d082434a87c87de37e8cfd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIuyWNSe:ymb3NkkiQ3mdBjFIuyWd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3691355d4ded4891d1d5fcde9798c61d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3691355d4ded4891d1d5fcde9798c61d_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjj.exec:\dvdjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxflr.exec:\ffrxflr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtnt.exec:\hhhtnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpd.exec:\jjdpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlffx.exec:\lxxlffx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbbh.exec:\hhnbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnth.exec:\hhnnth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflxfx.exec:\llflxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrffx.exec:\xffrffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxflrr.exec:\5xxflrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tthbh.exec:\3tthbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpp.exec:\pvjpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrfrx.exec:\ffxrfrx.exe17⤵
- Executes dropped EXE
-
\??\c:\ttnhbn.exec:\ttnhbn.exe18⤵
- Executes dropped EXE
-
\??\c:\ttbbnh.exec:\ttbbnh.exe19⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe20⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe21⤵
- Executes dropped EXE
-
\??\c:\fxllxxf.exec:\fxllxxf.exe22⤵
- Executes dropped EXE
-
\??\c:\3rxllrx.exec:\3rxllrx.exe23⤵
- Executes dropped EXE
-
\??\c:\nhbtbh.exec:\nhbtbh.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhhnt.exec:\hbhhnt.exe25⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe26⤵
- Executes dropped EXE
-
\??\c:\rrrxrrf.exec:\rrrxrrf.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrxxrf.exec:\rlrxxrf.exe28⤵
- Executes dropped EXE
-
\??\c:\hbttbt.exec:\hbttbt.exe29⤵
- Executes dropped EXE
-
\??\c:\5vdjp.exec:\5vdjp.exe30⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe31⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe32⤵
- Executes dropped EXE
-
\??\c:\llxlrxf.exec:\llxlrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\bnhbtb.exec:\bnhbtb.exe34⤵
- Executes dropped EXE
-
\??\c:\ntbttb.exec:\ntbttb.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe36⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe37⤵
- Executes dropped EXE
-
\??\c:\9lfrxxr.exec:\9lfrxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\fxrxffr.exec:\fxrxffr.exe39⤵
- Executes dropped EXE
-
\??\c:\lfffrxf.exec:\lfffrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe44⤵
- Executes dropped EXE
-
\??\c:\rflflfr.exec:\rflflfr.exe45⤵
- Executes dropped EXE
-
\??\c:\fxrxflx.exec:\fxrxflx.exe46⤵
- Executes dropped EXE
-
\??\c:\7bthnb.exec:\7bthnb.exe47⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe48⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\3pdvd.exec:\3pdvd.exe50⤵
- Executes dropped EXE
-
\??\c:\ffflxfx.exec:\ffflxfx.exe51⤵
- Executes dropped EXE
-
\??\c:\rfxxrrx.exec:\rfxxrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\5nhnht.exec:\5nhnht.exe53⤵
- Executes dropped EXE
-
\??\c:\5htbnn.exec:\5htbnn.exe54⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\9pppj.exec:\9pppj.exe57⤵
- Executes dropped EXE
-
\??\c:\ffxxllr.exec:\ffxxllr.exe58⤵
- Executes dropped EXE
-
\??\c:\btnbbn.exec:\btnbbn.exe59⤵
- Executes dropped EXE
-
\??\c:\bttbnn.exec:\bttbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\3vdpd.exec:\3vdpd.exe61⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\rlffflr.exec:\rlffflr.exe63⤵
- Executes dropped EXE
-
\??\c:\3rlxflx.exec:\3rlxflx.exe64⤵
- Executes dropped EXE
-
\??\c:\nnbhbh.exec:\nnbhbh.exe65⤵
- Executes dropped EXE
-
\??\c:\3nbhnb.exec:\3nbhnb.exe66⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe67⤵
-
\??\c:\9rfxflf.exec:\9rfxflf.exe68⤵
-
\??\c:\lfrlfrr.exec:\lfrlfrr.exe69⤵
-
\??\c:\rlxflrf.exec:\rlxflrf.exe70⤵
-
\??\c:\7bbhnn.exec:\7bbhnn.exe71⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe72⤵
-
\??\c:\pjddj.exec:\pjddj.exe73⤵
-
\??\c:\3flxflf.exec:\3flxflf.exe74⤵
-
\??\c:\xrlxrff.exec:\xrlxrff.exe75⤵
-
\??\c:\9tntbh.exec:\9tntbh.exe76⤵
-
\??\c:\vppdp.exec:\vppdp.exe77⤵
-
\??\c:\lrffrrr.exec:\lrffrrr.exe78⤵
-
\??\c:\ffxrxxx.exec:\ffxrxxx.exe79⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe80⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe81⤵
-
\??\c:\djpjj.exec:\djpjj.exe82⤵
-
\??\c:\vpddj.exec:\vpddj.exe83⤵
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe84⤵
-
\??\c:\1xxfllx.exec:\1xxfllx.exe85⤵
-
\??\c:\hhtnbt.exec:\hhtnbt.exe86⤵
-
\??\c:\btnthn.exec:\btnthn.exe87⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe88⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe89⤵
-
\??\c:\9fllflr.exec:\9fllflr.exe90⤵
-
\??\c:\fxllflr.exec:\fxllflr.exe91⤵
-
\??\c:\lxlllfr.exec:\lxlllfr.exe92⤵
-
\??\c:\5htbhn.exec:\5htbhn.exe93⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe94⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe95⤵
-
\??\c:\jdppv.exec:\jdppv.exe96⤵
-
\??\c:\ffxlrrx.exec:\ffxlrrx.exe97⤵
-
\??\c:\lfxflrf.exec:\lfxflrf.exe98⤵
-
\??\c:\7xfxrrf.exec:\7xfxrrf.exe99⤵
-
\??\c:\nbntbb.exec:\nbntbb.exe100⤵
-
\??\c:\hhhnth.exec:\hhhnth.exe101⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe102⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe103⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe104⤵
-
\??\c:\1lxrrlr.exec:\1lxrrlr.exe105⤵
-
\??\c:\1lflrrx.exec:\1lflrrx.exe106⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe107⤵
-
\??\c:\hntttt.exec:\hntttt.exe108⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe109⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe110⤵
-
\??\c:\rlrlxrf.exec:\rlrlxrf.exe111⤵
-
\??\c:\lrxfxxx.exec:\lrxfxxx.exe112⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe113⤵
-
\??\c:\1tnnhn.exec:\1tnnhn.exe114⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe115⤵
-
\??\c:\jddjj.exec:\jddjj.exe116⤵
-
\??\c:\rllxrxl.exec:\rllxrxl.exe117⤵
-
\??\c:\fxrfrlx.exec:\fxrfrlx.exe118⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe119⤵
-
\??\c:\5ttnnh.exec:\5ttnnh.exe120⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-