Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21-05-2024 14:35
General
-
Target
63a3c23d75e6fd118022803568ca5570_JaffaCakes118.exe
-
Size
65KB
-
MD5
63a3c23d75e6fd118022803568ca5570
-
SHA1
74c82fa7d45524cdfe37b8c5a4baefee6f8aaccc
-
SHA256
ff0571504d446fc10182a2b295723ff960f36db1313efc6a049951a28732dffb
-
SHA512
f9f3a4d2c1ceb4803476470dfd1e9a8c52bddf03e4b6501583b4fccb020db468b1b0d71f13722ad02d0771c20a1414f92a6e161c06a9760eb35db810489169a6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIuyWNSW:ymb3NkkiQ3mdBjFIuyWd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\63a3c23d75e6fd118022803568ca5570_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\63a3c23d75e6fd118022803568ca5570_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3pddj.exec:\3pddj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxfr.exec:\xrflxfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthntt.exec:\tthntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpjp.exec:\9dpjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxflxf.exec:\lfxflxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxxllr.exec:\5xxxllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvd.exec:\dvjvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdd.exec:\jvjdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frrffl.exec:\3frrffl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnhn.exec:\hhbnhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvj.exec:\ppjvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddvd.exec:\3ddvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrlxfl.exec:\5xrlxfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfllf.exec:\fxxfllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbntb.exec:\bhbntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvv.exec:\pjjvv.exe17⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe18⤵
- Executes dropped EXE
-
\??\c:\rllrffr.exec:\rllrffr.exe19⤵
- Executes dropped EXE
-
\??\c:\fxrxlrx.exec:\fxrxlrx.exe20⤵
- Executes dropped EXE
-
\??\c:\ttbtnb.exec:\ttbtnb.exe21⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe22⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe23⤵
- Executes dropped EXE
-
\??\c:\5rflllx.exec:\5rflllx.exe24⤵
- Executes dropped EXE
-
\??\c:\bbthnb.exec:\bbthnb.exe25⤵
- Executes dropped EXE
-
\??\c:\btnhbh.exec:\btnhbh.exe26⤵
- Executes dropped EXE
-
\??\c:\jjjvd.exec:\jjjvd.exe27⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe28⤵
- Executes dropped EXE
-
\??\c:\fxflffr.exec:\fxflffr.exe29⤵
- Executes dropped EXE
-
\??\c:\bbthtt.exec:\bbthtt.exe30⤵
- Executes dropped EXE
-
\??\c:\jvpvp.exec:\jvpvp.exe31⤵
- Executes dropped EXE
-
\??\c:\1vpvd.exec:\1vpvd.exe32⤵
- Executes dropped EXE
-
\??\c:\lllflrx.exec:\lllflrx.exe33⤵
- Executes dropped EXE
-
\??\c:\1nhtbh.exec:\1nhtbh.exe34⤵
- Executes dropped EXE
-
\??\c:\ppdpp.exec:\ppdpp.exe35⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe36⤵
- Executes dropped EXE
-
\??\c:\fxrxfrf.exec:\fxrxfrf.exe37⤵
- Executes dropped EXE
-
\??\c:\llxrflr.exec:\llxrflr.exe38⤵
- Executes dropped EXE
-
\??\c:\7htbhn.exec:\7htbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\tnhntn.exec:\tnhntn.exe40⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe41⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe42⤵
- Executes dropped EXE
-
\??\c:\xrxrrrf.exec:\xrxrrrf.exe43⤵
- Executes dropped EXE
-
\??\c:\5hhttn.exec:\5hhttn.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnbbt.exec:\hbnbbt.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbbnb.exec:\tnbbnb.exe46⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\9fxfllr.exec:\9fxfllr.exe48⤵
- Executes dropped EXE
-
\??\c:\xlxffff.exec:\xlxffff.exe49⤵
- Executes dropped EXE
-
\??\c:\tnhtbb.exec:\tnhtbb.exe50⤵
- Executes dropped EXE
-
\??\c:\bnhntb.exec:\bnhntb.exe51⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe52⤵
- Executes dropped EXE
-
\??\c:\9dpvd.exec:\9dpvd.exe53⤵
- Executes dropped EXE
-
\??\c:\ffxxffr.exec:\ffxxffr.exe54⤵
- Executes dropped EXE
-
\??\c:\nbhhhn.exec:\nbhhhn.exe55⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe56⤵
- Executes dropped EXE
-
\??\c:\djpdp.exec:\djpdp.exe57⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe58⤵
- Executes dropped EXE
-
\??\c:\llxrxfr.exec:\llxrxfr.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\htbhbh.exec:\htbhbh.exe61⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe62⤵
- Executes dropped EXE
-
\??\c:\3vjpd.exec:\3vjpd.exe63⤵
- Executes dropped EXE
-
\??\c:\9lfllrf.exec:\9lfllrf.exe64⤵
- Executes dropped EXE
-
\??\c:\rlrfllr.exec:\rlrfllr.exe65⤵
- Executes dropped EXE
-
\??\c:\1btthn.exec:\1btthn.exe66⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe67⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe68⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe69⤵
-
\??\c:\llfflll.exec:\llfflll.exe70⤵
-
\??\c:\7rflllr.exec:\7rflllr.exe71⤵
-
\??\c:\bntthh.exec:\bntthh.exe72⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe73⤵
-
\??\c:\jdddj.exec:\jdddj.exe74⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe75⤵
-
\??\c:\rlrrflx.exec:\rlrrflx.exe76⤵
-
\??\c:\rfxxlfl.exec:\rfxxlfl.exe77⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe78⤵
-
\??\c:\3nhttb.exec:\3nhttb.exe79⤵
-
\??\c:\pjppp.exec:\pjppp.exe80⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe81⤵
-
\??\c:\3rllxfr.exec:\3rllxfr.exe82⤵
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe83⤵
-
\??\c:\hhthth.exec:\hhthth.exe84⤵
-
\??\c:\tnnbbb.exec:\tnnbbb.exe85⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe86⤵
-
\??\c:\djdjp.exec:\djdjp.exe87⤵
-
\??\c:\lxfflrx.exec:\lxfflrx.exe88⤵
-
\??\c:\rfrlrlr.exec:\rfrlrlr.exe89⤵
-
\??\c:\hnhbnt.exec:\hnhbnt.exe90⤵
-
\??\c:\9tbnht.exec:\9tbnht.exe91⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe92⤵
-
\??\c:\3lfrflr.exec:\3lfrflr.exe93⤵
-
\??\c:\xxfrffx.exec:\xxfrffx.exe94⤵
-
\??\c:\btnbtt.exec:\btnbtt.exe95⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe96⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe97⤵
-
\??\c:\1jjjp.exec:\1jjjp.exe98⤵
-
\??\c:\flxflrf.exec:\flxflrf.exe99⤵
-
\??\c:\fxxrlrl.exec:\fxxrlrl.exe100⤵
-
\??\c:\nnhhtn.exec:\nnhhtn.exe101⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe102⤵
-
\??\c:\3jdpd.exec:\3jdpd.exe103⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe104⤵
-
\??\c:\lfxxffr.exec:\lfxxffr.exe105⤵
-
\??\c:\rlrxlfx.exec:\rlrxlfx.exe106⤵
-
\??\c:\9bhnbh.exec:\9bhnbh.exe107⤵
-
\??\c:\jdppv.exec:\jdppv.exe108⤵
-
\??\c:\1pjvj.exec:\1pjvj.exe109⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe110⤵
-
\??\c:\xrffffr.exec:\xrffffr.exe111⤵
-
\??\c:\lfxlrxf.exec:\lfxlrxf.exe112⤵
-
\??\c:\bbhtnt.exec:\bbhtnt.exe113⤵
-
\??\c:\3hthhn.exec:\3hthhn.exe114⤵
-
\??\c:\djdvd.exec:\djdvd.exe115⤵
-
\??\c:\dvddp.exec:\dvddp.exe116⤵
-
\??\c:\5ffxlxf.exec:\5ffxlxf.exe117⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe118⤵
-
\??\c:\nbtbbh.exec:\nbtbbh.exe119⤵
-
\??\c:\9ppdv.exec:\9ppdv.exe120⤵
-
\??\c:\jjddj.exec:\jjddj.exe121⤵
-
\??\c:\xrrfflr.exec:\xrrfflr.exe122⤵
-
\??\c:\rfflxxf.exec:\rfflxxf.exe123⤵
-
\??\c:\rrffllf.exec:\rrffllf.exe124⤵
-
\??\c:\btnntt.exec:\btnntt.exe125⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe126⤵
-
\??\c:\jddjp.exec:\jddjp.exe127⤵
-
\??\c:\fxxxlxl.exec:\fxxxlxl.exe128⤵
-
\??\c:\5xfrxxl.exec:\5xfrxxl.exe129⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe130⤵
-
\??\c:\tnhtnb.exec:\tnhtnb.exe131⤵
-
\??\c:\9pjpd.exec:\9pjpd.exe132⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe133⤵
-
\??\c:\fxflrxf.exec:\fxflrxf.exe134⤵
-
\??\c:\3fxfffr.exec:\3fxfffr.exe135⤵
-
\??\c:\bhhtnt.exec:\bhhtnt.exe136⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe137⤵
-
\??\c:\jddvd.exec:\jddvd.exe138⤵
-
\??\c:\pjddj.exec:\pjddj.exe139⤵
-
\??\c:\xrrrfrx.exec:\xrrrfrx.exe140⤵
-
\??\c:\thtntb.exec:\thtntb.exe141⤵
-
\??\c:\bbtnhn.exec:\bbtnhn.exe142⤵
-
\??\c:\ddppj.exec:\ddppj.exe143⤵
-
\??\c:\pjddv.exec:\pjddv.exe144⤵
-
\??\c:\fxrrfff.exec:\fxrrfff.exe145⤵
-
\??\c:\rlflrff.exec:\rlflrff.exe146⤵
-
\??\c:\9tntnn.exec:\9tntnn.exe147⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe148⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe149⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe150⤵
-
\??\c:\fflfrrf.exec:\fflfrrf.exe151⤵
-
\??\c:\lfflrrx.exec:\lfflrrx.exe152⤵
-
\??\c:\htbntt.exec:\htbntt.exe153⤵
-
\??\c:\bthttt.exec:\bthttt.exe154⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe155⤵
-
\??\c:\vppvd.exec:\vppvd.exe156⤵
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe157⤵
-
\??\c:\fxrxfrx.exec:\fxrxfrx.exe158⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe159⤵
-
\??\c:\9htbbh.exec:\9htbbh.exe160⤵
-
\??\c:\dvppv.exec:\dvppv.exe161⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe162⤵
-
\??\c:\fxfxffl.exec:\fxfxffl.exe163⤵
-
\??\c:\rrflflx.exec:\rrflflx.exe164⤵
-
\??\c:\1llrxff.exec:\1llrxff.exe165⤵
-
\??\c:\bbbnbh.exec:\bbbnbh.exe166⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe167⤵
-
\??\c:\9ddjj.exec:\9ddjj.exe168⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe169⤵
-
\??\c:\rlflxfr.exec:\rlflxfr.exe170⤵
-
\??\c:\3lfrllr.exec:\3lfrllr.exe171⤵
-
\??\c:\bnhbhb.exec:\bnhbhb.exe172⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe173⤵
-
\??\c:\5jddj.exec:\5jddj.exe174⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe175⤵
-
\??\c:\flfrxlr.exec:\flfrxlr.exe176⤵
-
\??\c:\lfffflf.exec:\lfffflf.exe177⤵
-
\??\c:\5bnbbb.exec:\5bnbbb.exe178⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe179⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe180⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe181⤵
-
\??\c:\5lxxxfr.exec:\5lxxxfr.exe182⤵
-
\??\c:\xrlfllx.exec:\xrlfllx.exe183⤵
-
\??\c:\9tbhhn.exec:\9tbhhn.exe184⤵
-
\??\c:\5httbb.exec:\5httbb.exe185⤵
-
\??\c:\1ppdp.exec:\1ppdp.exe186⤵
-
\??\c:\3vpjv.exec:\3vpjv.exe187⤵
-
\??\c:\5xfxffl.exec:\5xfxffl.exe188⤵
-
\??\c:\frfxllf.exec:\frfxllf.exe189⤵
-
\??\c:\ttbhbh.exec:\ttbhbh.exe190⤵
-
\??\c:\nthbnb.exec:\nthbnb.exe191⤵
-
\??\c:\nhttbn.exec:\nhttbn.exe192⤵
-
\??\c:\vppvd.exec:\vppvd.exe193⤵
-
\??\c:\vddpv.exec:\vddpv.exe194⤵
-
\??\c:\xxrxxfl.exec:\xxrxxfl.exe195⤵
-
\??\c:\nnnthh.exec:\nnnthh.exe196⤵
-
\??\c:\nhhtbt.exec:\nhhtbt.exe197⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe198⤵
-
\??\c:\ppppj.exec:\ppppj.exe199⤵
-
\??\c:\fxlrlrf.exec:\fxlrlrf.exe200⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe201⤵
-
\??\c:\ththtb.exec:\ththtb.exe202⤵
-
\??\c:\jvppp.exec:\jvppp.exe203⤵
-
\??\c:\3pjdj.exec:\3pjdj.exe204⤵
-
\??\c:\lfflrxl.exec:\lfflrxl.exe205⤵
-
\??\c:\rlflxxf.exec:\rlflxxf.exe206⤵
-
\??\c:\nnbhth.exec:\nnbhth.exe207⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe208⤵
-
\??\c:\lrxflfx.exec:\lrxflfx.exe209⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe210⤵
-
\??\c:\1tntbh.exec:\1tntbh.exe211⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe212⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe213⤵
-
\??\c:\7flrxfl.exec:\7flrxfl.exe214⤵
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe215⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe216⤵
-
\??\c:\5htbnn.exec:\5htbnn.exe217⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe218⤵
-
\??\c:\7djpp.exec:\7djpp.exe219⤵
-
\??\c:\xrxxxrx.exec:\xrxxxrx.exe220⤵
-
\??\c:\xxllxfl.exec:\xxllxfl.exe221⤵
-
\??\c:\9ttnhb.exec:\9ttnhb.exe222⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe223⤵
-
\??\c:\1pddj.exec:\1pddj.exe224⤵
-
\??\c:\7dpvj.exec:\7dpvj.exe225⤵
-
\??\c:\fxllxfx.exec:\fxllxfx.exe226⤵
-
\??\c:\9lrfxlx.exec:\9lrfxlx.exe227⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe228⤵
-
\??\c:\9ttttb.exec:\9ttttb.exe229⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe230⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe231⤵
-
\??\c:\lfrfrfr.exec:\lfrfrfr.exe232⤵
-
\??\c:\fflrxfr.exec:\fflrxfr.exe233⤵
-
\??\c:\hhthbn.exec:\hhthbn.exe234⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe235⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe236⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe237⤵
-
\??\c:\3frrrxr.exec:\3frrrxr.exe238⤵
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe239⤵
-
\??\c:\hhtntb.exec:\hhtntb.exe240⤵