Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-05-2024 18:17
General
-
Target
6bd61cf1c7637ffd7e98d20c4e32e7e9_JaffaCakes118.exe
-
Size
78KB
-
MD5
6bd61cf1c7637ffd7e98d20c4e32e7e9
-
SHA1
2dd4aa09f3313e041567d5867de4a2c91c6e43b8
-
SHA256
96104f7526b22316b8c23e3180521f25a5f582239a74e89f74b557a8d368e2d5
-
SHA512
eae80cbf6d11e32bdddb59f94d5adea53732250e64cd9d232dc04296d2e3db69e195871c4092ba85dc59233948076f1bac32d12f20e906e4354050785eaf8a5c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot3n3:ymb3NkkiQ3mdBjFWXkj7afodn3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6bd61cf1c7637ffd7e98d20c4e32e7e9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6bd61cf1c7637ffd7e98d20c4e32e7e9_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdj.exec:\ddpdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rllxxx.exec:\5rllxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbhtt.exec:\9tbhtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jppp.exec:\7jppp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffrrl.exec:\xlffrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxllxx.exec:\flxllxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhhhh.exec:\7bhhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvj.exec:\jpjvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllfxf.exec:\flllfxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httthb.exec:\httthb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddp.exec:\jvddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxflr.exec:\lxfxflr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfxrlf.exec:\1rfxrlf.exe17⤵
- Executes dropped EXE
-
\??\c:\1htttn.exec:\1htttn.exe18⤵
- Executes dropped EXE
-
\??\c:\vjjvd.exec:\vjjvd.exe19⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe20⤵
- Executes dropped EXE
-
\??\c:\rfrffll.exec:\rfrffll.exe21⤵
- Executes dropped EXE
-
\??\c:\5fxfxfr.exec:\5fxfxfr.exe22⤵
- Executes dropped EXE
-
\??\c:\3bnnbb.exec:\3bnnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\9pdpd.exec:\9pdpd.exe24⤵
- Executes dropped EXE
-
\??\c:\5djvj.exec:\5djvj.exe25⤵
- Executes dropped EXE
-
\??\c:\xllrrxx.exec:\xllrrxx.exe26⤵
- Executes dropped EXE
-
\??\c:\xrlrxrx.exec:\xrlrxrx.exe27⤵
- Executes dropped EXE
-
\??\c:\tnbbnh.exec:\tnbbnh.exe28⤵
- Executes dropped EXE
-
\??\c:\9jjvd.exec:\9jjvd.exe29⤵
- Executes dropped EXE
-
\??\c:\rllxxfl.exec:\rllxxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\xlrrrrx.exec:\xlrrrrx.exe31⤵
- Executes dropped EXE
-
\??\c:\thntbt.exec:\thntbt.exe32⤵
- Executes dropped EXE
-
\??\c:\1vdvv.exec:\1vdvv.exe33⤵
- Executes dropped EXE
-
\??\c:\1jppv.exec:\1jppv.exe34⤵
- Executes dropped EXE
-
\??\c:\3fllxxf.exec:\3fllxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\rffffxf.exec:\rffffxf.exe36⤵
- Executes dropped EXE
-
\??\c:\5tbhbt.exec:\5tbhbt.exe37⤵
- Executes dropped EXE
-
\??\c:\thtbbn.exec:\thtbbn.exe38⤵
- Executes dropped EXE
-
\??\c:\9vdjp.exec:\9vdjp.exe39⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe40⤵
- Executes dropped EXE
-
\??\c:\fxffrrx.exec:\fxffrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\xlrrxrr.exec:\xlrrxrr.exe42⤵
- Executes dropped EXE
-
\??\c:\7hntbt.exec:\7hntbt.exe43⤵
- Executes dropped EXE
-
\??\c:\5tbhbh.exec:\5tbhbh.exe44⤵
- Executes dropped EXE
-
\??\c:\5pjpp.exec:\5pjpp.exe45⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe46⤵
- Executes dropped EXE
-
\??\c:\1lrrxrr.exec:\1lrrxrr.exe47⤵
- Executes dropped EXE
-
\??\c:\3lffffl.exec:\3lffffl.exe48⤵
- Executes dropped EXE
-
\??\c:\hbnnnh.exec:\hbnnnh.exe49⤵
- Executes dropped EXE
-
\??\c:\bnbhhb.exec:\bnbhhb.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\xlfrxrr.exec:\xlfrxrr.exe53⤵
- Executes dropped EXE
-
\??\c:\llrxxxr.exec:\llrxxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\tthhnn.exec:\tthhnn.exe55⤵
- Executes dropped EXE
-
\??\c:\ntbnnn.exec:\ntbnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe57⤵
- Executes dropped EXE
-
\??\c:\jpjvv.exec:\jpjvv.exe58⤵
- Executes dropped EXE
-
\??\c:\lxlffxx.exec:\lxlffxx.exe59⤵
- Executes dropped EXE
-
\??\c:\btbbhb.exec:\btbbhb.exe60⤵
- Executes dropped EXE
-
\??\c:\3jpvv.exec:\3jpvv.exe61⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe62⤵
- Executes dropped EXE
-
\??\c:\lxxrxrf.exec:\lxxrxrf.exe63⤵
- Executes dropped EXE
-
\??\c:\rfflrll.exec:\rfflrll.exe64⤵
- Executes dropped EXE
-
\??\c:\thnnhb.exec:\thnnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbbbt.exec:\bnbbbt.exe66⤵
-
\??\c:\djpjp.exec:\djpjp.exe67⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe68⤵
-
\??\c:\xrxflff.exec:\xrxflff.exe69⤵
-
\??\c:\rflrrrx.exec:\rflrrrx.exe70⤵
-
\??\c:\3nbbth.exec:\3nbbth.exe71⤵
-
\??\c:\bnttnh.exec:\bnttnh.exe72⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe73⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe74⤵
-
\??\c:\9frffxf.exec:\9frffxf.exe75⤵
-
\??\c:\xllllfr.exec:\xllllfr.exe76⤵
-
\??\c:\5bbbbt.exec:\5bbbbt.exe77⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe78⤵
-
\??\c:\jpjjp.exec:\jpjjp.exe79⤵
-
\??\c:\5vpjj.exec:\5vpjj.exe80⤵
-
\??\c:\rrrfxrf.exec:\rrrfxrf.exe81⤵
-
\??\c:\9xxfrlx.exec:\9xxfrlx.exe82⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe83⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe84⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe85⤵
-
\??\c:\7lrllll.exec:\7lrllll.exe86⤵
-
\??\c:\xrfxffl.exec:\xrfxffl.exe87⤵
-
\??\c:\htbtbb.exec:\htbtbb.exe88⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe89⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe90⤵
-
\??\c:\3jpjp.exec:\3jpjp.exe91⤵
-
\??\c:\5vjdv.exec:\5vjdv.exe92⤵
-
\??\c:\9xlllxx.exec:\9xlllxx.exe93⤵
-
\??\c:\rrfrrrx.exec:\rrfrrrx.exe94⤵
-
\??\c:\9nhnnh.exec:\9nhnnh.exe95⤵
-
\??\c:\3httth.exec:\3httth.exe96⤵
-
\??\c:\9hnntn.exec:\9hnntn.exe97⤵
-
\??\c:\dpppp.exec:\dpppp.exe98⤵
-
\??\c:\djvvv.exec:\djvvv.exe99⤵
-
\??\c:\xrxrfxx.exec:\xrxrfxx.exe100⤵
-
\??\c:\1rflrfx.exec:\1rflrfx.exe101⤵
-
\??\c:\9llxfrl.exec:\9llxfrl.exe102⤵
-
\??\c:\btttbt.exec:\btttbt.exe103⤵
-
\??\c:\htbbbt.exec:\htbbbt.exe104⤵
-
\??\c:\1ppjj.exec:\1ppjj.exe105⤵
-
\??\c:\pjppv.exec:\pjppv.exe106⤵
-
\??\c:\frllfxf.exec:\frllfxf.exe107⤵
-
\??\c:\rffxxrx.exec:\rffxxrx.exe108⤵
-
\??\c:\htntbn.exec:\htntbn.exe109⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe110⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe111⤵
-
\??\c:\fffxrxx.exec:\fffxrxx.exe112⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe113⤵
-
\??\c:\tnnbhh.exec:\tnnbhh.exe114⤵
-
\??\c:\nbhntb.exec:\nbhntb.exe115⤵
-
\??\c:\1vvpp.exec:\1vvpp.exe116⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe117⤵
-
\??\c:\lxxflll.exec:\lxxflll.exe118⤵
-
\??\c:\lfxxrrx.exec:\lfxxrrx.exe119⤵
-
\??\c:\3fllflf.exec:\3fllflf.exe120⤵
-
\??\c:\3ntbhn.exec:\3ntbhn.exe121⤵
-
\??\c:\nhtbbt.exec:\nhtbbt.exe122⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe123⤵
-
\??\c:\5xlxlrr.exec:\5xlxlrr.exe124⤵
-
\??\c:\xlxflrx.exec:\xlxflrx.exe125⤵
-
\??\c:\rlxlllx.exec:\rlxlllx.exe126⤵
-
\??\c:\1htntt.exec:\1htntt.exe127⤵
-
\??\c:\bnnntn.exec:\bnnntn.exe128⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe129⤵
-
\??\c:\9pdvv.exec:\9pdvv.exe130⤵
-
\??\c:\xlxxrrx.exec:\xlxxrrx.exe131⤵
-
\??\c:\xfrlfxx.exec:\xfrlfxx.exe132⤵
-
\??\c:\1bntnt.exec:\1bntnt.exe133⤵
-
\??\c:\ththbb.exec:\ththbb.exe134⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe135⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe136⤵
-
\??\c:\9rfffrf.exec:\9rfffrf.exe137⤵
-
\??\c:\9rffrrx.exec:\9rffrrx.exe138⤵
-
\??\c:\9htbhb.exec:\9htbhb.exe139⤵
-
\??\c:\1nttth.exec:\1nttth.exe140⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe141⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe142⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe143⤵
-
\??\c:\xrrrxxx.exec:\xrrrxxx.exe144⤵
-
\??\c:\tnnbht.exec:\tnnbht.exe145⤵
-
\??\c:\bnbntn.exec:\bnbntn.exe146⤵
-
\??\c:\pdddp.exec:\pdddp.exe147⤵
-
\??\c:\1dppd.exec:\1dppd.exe148⤵
-
\??\c:\fxxrxrl.exec:\fxxrxrl.exe149⤵
-
\??\c:\9flflll.exec:\9flflll.exe150⤵
-
\??\c:\nbbtbt.exec:\nbbtbt.exe151⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe152⤵
-
\??\c:\3jvpp.exec:\3jvpp.exe153⤵
-
\??\c:\frrlfxx.exec:\frrlfxx.exe154⤵
-
\??\c:\xlfflfr.exec:\xlfflfr.exe155⤵
-
\??\c:\tbhbbt.exec:\tbhbbt.exe156⤵
-
\??\c:\5nbttt.exec:\5nbttt.exe157⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe158⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe159⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe160⤵
-
\??\c:\xlfxxxx.exec:\xlfxxxx.exe161⤵
-
\??\c:\9lxxxrl.exec:\9lxxxrl.exe162⤵
-
\??\c:\bhhntn.exec:\bhhntn.exe163⤵
-
\??\c:\3bttbt.exec:\3bttbt.exe164⤵
-
\??\c:\3jpvp.exec:\3jpvp.exe165⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe166⤵
-
\??\c:\1pddd.exec:\1pddd.exe167⤵
-
\??\c:\rflffxx.exec:\rflffxx.exe168⤵
-
\??\c:\3rxrrrl.exec:\3rxrrrl.exe169⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe170⤵
-
\??\c:\thnntn.exec:\thnntn.exe171⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe172⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe173⤵
-
\??\c:\5rlxrrf.exec:\5rlxrrf.exe174⤵
-
\??\c:\flrrrxl.exec:\flrrrxl.exe175⤵
-
\??\c:\btttnn.exec:\btttnn.exe176⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe177⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe178⤵
-
\??\c:\jvppp.exec:\jvppp.exe179⤵
-
\??\c:\5lfxllx.exec:\5lfxllx.exe180⤵
-
\??\c:\tntttn.exec:\tntttn.exe181⤵
-
\??\c:\bnttbn.exec:\bnttbn.exe182⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe183⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe184⤵
-
\??\c:\lxfllxf.exec:\lxfllxf.exe185⤵
-
\??\c:\rrxrrlr.exec:\rrxrrlr.exe186⤵
-
\??\c:\rfxrxrf.exec:\rfxrxrf.exe187⤵
-
\??\c:\bbthnt.exec:\bbthnt.exe188⤵
-
\??\c:\vjppd.exec:\vjppd.exe189⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe190⤵
-
\??\c:\3rfrxrx.exec:\3rfrxrx.exe191⤵
-
\??\c:\9xlfflr.exec:\9xlfflr.exe192⤵
-
\??\c:\7xlrfxf.exec:\7xlrfxf.exe193⤵
-
\??\c:\7bnttt.exec:\7bnttt.exe194⤵
-
\??\c:\9jvdd.exec:\9jvdd.exe195⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe196⤵
-
\??\c:\xrflxfr.exec:\xrflxfr.exe197⤵
-
\??\c:\lfxflrf.exec:\lfxflrf.exe198⤵
-
\??\c:\3flflfr.exec:\3flflfr.exe199⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe200⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe201⤵
-
\??\c:\ppddd.exec:\ppddd.exe202⤵
-
\??\c:\1lffrlf.exec:\1lffrlf.exe203⤵
-
\??\c:\xrfrxxx.exec:\xrfrxxx.exe204⤵
-
\??\c:\1thntt.exec:\1thntt.exe205⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe206⤵
-
\??\c:\jdppv.exec:\jdppv.exe207⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe208⤵
-
\??\c:\rfllrrr.exec:\rfllrrr.exe209⤵
-
\??\c:\lffflll.exec:\lffflll.exe210⤵
-
\??\c:\1vjjd.exec:\1vjjd.exe211⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe212⤵
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe213⤵
-
\??\c:\llllrlr.exec:\llllrlr.exe214⤵
-
\??\c:\bnntbn.exec:\bnntbn.exe215⤵
-
\??\c:\thnntt.exec:\thnntt.exe216⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe217⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe218⤵
-
\??\c:\5frlxrx.exec:\5frlxrx.exe219⤵
-
\??\c:\3frlrlx.exec:\3frlrlx.exe220⤵
-
\??\c:\tnnhnn.exec:\tnnhnn.exe221⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe222⤵
-
\??\c:\dvddd.exec:\dvddd.exe223⤵
-
\??\c:\dvddp.exec:\dvddp.exe224⤵
-
\??\c:\fxfffxf.exec:\fxfffxf.exe225⤵
-
\??\c:\lfffxrf.exec:\lfffxrf.exe226⤵
-
\??\c:\7bhhnn.exec:\7bhhnn.exe227⤵
-
\??\c:\nhnnbt.exec:\nhnnbt.exe228⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe229⤵
-
\??\c:\7vppv.exec:\7vppv.exe230⤵
-
\??\c:\ffrlrlf.exec:\ffrlrlf.exe231⤵
-
\??\c:\rfxxllx.exec:\rfxxllx.exe232⤵
-
\??\c:\hnhnbt.exec:\hnhnbt.exe233⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe234⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe235⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe236⤵
-
\??\c:\rlrflfr.exec:\rlrflfr.exe237⤵
-
\??\c:\lxlflfl.exec:\lxlflfl.exe238⤵
-
\??\c:\bnbntb.exec:\bnbntb.exe239⤵
-
\??\c:\hnttnt.exec:\hnttnt.exe240⤵