Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/05/2024, 04:38
General
-
Target
49712d2fe62393d5668027667bc96d69_JaffaCakes118.exe
-
Size
200KB
-
MD5
49712d2fe62393d5668027667bc96d69
-
SHA1
e75b7299e81516497ddbfaff0837fb830e5f4bce
-
SHA256
815dc41b2ba930e22ec3087c84895096fc8e49831c2264df3aface8bee4a0f09
-
SHA512
26ec5f96c3fc60c2e05d59a481381369e720cd4ca3ca78f0f98a05a89e5e63af812242ddf9785e7d1d418f85b20899a46bd3f90ad44ad33857450adb964e6321
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqyvU2r1vsKM4ltyjK:PhOm2sI93UufdC67cihvH1S/O
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\49712d2fe62393d5668027667bc96d69_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\49712d2fe62393d5668027667bc96d69_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhhn.exec:\tnbhhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdj.exec:\vpvdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxlxlx.exec:\xfxlxlx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhntn.exec:\7bhntn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpv.exec:\vpvpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxffr.exec:\frxxffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlllll.exec:\fxlllll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbbb.exec:\thhbbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdd.exec:\vjpdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxffr.exec:\lrfxffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnbh.exec:\hthnbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvd.exec:\vpvvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrxxl.exec:\fxfrxxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrxlr.exec:\lxrrxlr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhnt.exec:\nhhhnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjdp.exec:\3vjdp.exe17⤵
- Executes dropped EXE
-
\??\c:\lxrllll.exec:\lxrllll.exe18⤵
- Executes dropped EXE
-
\??\c:\tnbhhn.exec:\tnbhhn.exe19⤵
- Executes dropped EXE
-
\??\c:\pdpvv.exec:\pdpvv.exe20⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe21⤵
- Executes dropped EXE
-
\??\c:\3htthb.exec:\3htthb.exe22⤵
- Executes dropped EXE
-
\??\c:\5bntbh.exec:\5bntbh.exe23⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe24⤵
- Executes dropped EXE
-
\??\c:\5rfrrrr.exec:\5rfrrrr.exe25⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe26⤵
- Executes dropped EXE
-
\??\c:\tnbnth.exec:\tnbnth.exe27⤵
- Executes dropped EXE
-
\??\c:\frrlrlx.exec:\frrlrlx.exe28⤵
- Executes dropped EXE
-
\??\c:\rlfllrx.exec:\rlfllrx.exe29⤵
- Executes dropped EXE
-
\??\c:\3htnnb.exec:\3htnnb.exe30⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe31⤵
- Executes dropped EXE
-
\??\c:\9xxflrx.exec:\9xxflrx.exe32⤵
- Executes dropped EXE
-
\??\c:\nbhhnh.exec:\nbhhnh.exe33⤵
- Executes dropped EXE
-
\??\c:\nnhbhb.exec:\nnhbhb.exe34⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe35⤵
- Executes dropped EXE
-
\??\c:\9lfxfrr.exec:\9lfxfrr.exe36⤵
- Executes dropped EXE
-
\??\c:\lffflff.exec:\lffflff.exe37⤵
- Executes dropped EXE
-
\??\c:\1ntnbt.exec:\1ntnbt.exe38⤵
- Executes dropped EXE
-
\??\c:\pdvjp.exec:\pdvjp.exe39⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe40⤵
- Executes dropped EXE
-
\??\c:\frxfxrx.exec:\frxfxrx.exe41⤵
- Executes dropped EXE
-
\??\c:\lxlfllr.exec:\lxlfllr.exe42⤵
- Executes dropped EXE
-
\??\c:\bhttbh.exec:\bhttbh.exe43⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe44⤵
- Executes dropped EXE
-
\??\c:\jpdjj.exec:\jpdjj.exe45⤵
- Executes dropped EXE
-
\??\c:\7vpvd.exec:\7vpvd.exe46⤵
- Executes dropped EXE
-
\??\c:\fxxfllr.exec:\fxxfllr.exe47⤵
- Executes dropped EXE
-
\??\c:\5xfrxrr.exec:\5xfrxrr.exe48⤵
- Executes dropped EXE
-
\??\c:\bttbbb.exec:\bttbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe50⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe51⤵
- Executes dropped EXE
-
\??\c:\rlrfffl.exec:\rlrfffl.exe52⤵
- Executes dropped EXE
-
\??\c:\rxrxffl.exec:\rxrxffl.exe53⤵
- Executes dropped EXE
-
\??\c:\ntbtbb.exec:\ntbtbb.exe54⤵
- Executes dropped EXE
-
\??\c:\7thntt.exec:\7thntt.exe55⤵
- Executes dropped EXE
-
\??\c:\9dvdp.exec:\9dvdp.exe56⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\xlffxfr.exec:\xlffxfr.exe58⤵
- Executes dropped EXE
-
\??\c:\fxlllrr.exec:\fxlllrr.exe59⤵
- Executes dropped EXE
-
\??\c:\bthnhh.exec:\bthnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\nbtthb.exec:\nbtthb.exe61⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe62⤵
- Executes dropped EXE
-
\??\c:\vdppp.exec:\vdppp.exe63⤵
- Executes dropped EXE
-
\??\c:\1xlllfl.exec:\1xlllfl.exe64⤵
- Executes dropped EXE
-
\??\c:\hhhtnb.exec:\hhhtnb.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbhhb.exec:\bnbhhb.exe66⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe67⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe68⤵
-
\??\c:\7lffffl.exec:\7lffffl.exe69⤵
-
\??\c:\nbhnbt.exec:\nbhnbt.exe70⤵
-
\??\c:\nhnbbh.exec:\nhnbbh.exe71⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe72⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe73⤵
-
\??\c:\5fxxfxx.exec:\5fxxfxx.exe74⤵
-
\??\c:\lfxxlff.exec:\lfxxlff.exe75⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe76⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe77⤵
-
\??\c:\djppp.exec:\djppp.exe78⤵
-
\??\c:\rlrfllf.exec:\rlrfllf.exe79⤵
-
\??\c:\7lxrrll.exec:\7lxrrll.exe80⤵
-
\??\c:\hnbhnn.exec:\hnbhnn.exe81⤵
-
\??\c:\5tnhnt.exec:\5tnhnt.exe82⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe83⤵
-
\??\c:\9lflrrl.exec:\9lflrrl.exe84⤵
-
\??\c:\fxfflrf.exec:\fxfflrf.exe85⤵
-
\??\c:\1hbhtt.exec:\1hbhtt.exe86⤵
-
\??\c:\bnhhnh.exec:\bnhhnh.exe87⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe88⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe89⤵
-
\??\c:\5lflrxr.exec:\5lflrxr.exe90⤵
-
\??\c:\thnnbt.exec:\thnnbt.exe91⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe92⤵
-
\??\c:\7vpjv.exec:\7vpjv.exe93⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe94⤵
-
\??\c:\llllllx.exec:\llllllx.exe95⤵
-
\??\c:\9lfxllr.exec:\9lfxllr.exe96⤵
-
\??\c:\1tnbnn.exec:\1tnbnn.exe97⤵
-
\??\c:\5vjjp.exec:\5vjjp.exe98⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe99⤵
-
\??\c:\ffxfrrx.exec:\ffxfrrx.exe100⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe101⤵
-
\??\c:\3hbhnn.exec:\3hbhnn.exe102⤵
-
\??\c:\5tbntt.exec:\5tbntt.exe103⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe104⤵
-
\??\c:\7llrxrf.exec:\7llrxrf.exe105⤵
-
\??\c:\fxfxlfr.exec:\fxfxlfr.exe106⤵
-
\??\c:\9btntt.exec:\9btntt.exe107⤵
-
\??\c:\bntntn.exec:\bntntn.exe108⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe109⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe110⤵
-
\??\c:\fxfrxlr.exec:\fxfrxlr.exe111⤵
-
\??\c:\1bnnbt.exec:\1bnnbt.exe112⤵
-
\??\c:\hnttbb.exec:\hnttbb.exe113⤵
-
\??\c:\1dvdv.exec:\1dvdv.exe114⤵
-
\??\c:\7flllll.exec:\7flllll.exe115⤵
-
\??\c:\lxlrllr.exec:\lxlrllr.exe116⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe117⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe118⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe119⤵
-
\??\c:\1vpjp.exec:\1vpjp.exe120⤵
-
\??\c:\xlxrxrr.exec:\xlxrxrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-