Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
31/05/2024, 04:50
General
-
Target
8604b6a8c872a2cdae485b3d98d2bcc2_JaffaCakes118.exe
-
Size
101KB
-
MD5
8604b6a8c872a2cdae485b3d98d2bcc2
-
SHA1
cedebb7fc814e219c9e27a45bec270b0d9534a13
-
SHA256
a6a54a331e4403156ec6893c5f4760e5d65d760a16a97e33b36098220535a003
-
SHA512
560e233d447ba2f0b664437f739d518a232a9d84c2147ee2f256b8a33a81d5e14c21ccd21f9f40a7b33880fbdcdc0f5ca95a2374d88ab49eaa5020f572449e2b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2lmf6g7xmIi6h7zp:ymb3NkkiQ3mdBjF+3TU20L46FV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8604b6a8c872a2cdae485b3d98d2bcc2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8604b6a8c872a2cdae485b3d98d2bcc2_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hvffxxt.exec:\hvffxxt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\plhft.exec:\plhft.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxfrp.exec:\jxfrp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntlt.exec:\bntlt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xphnxjh.exec:\xphnxjh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbtp.exec:\thnbtp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnfhj.exec:\bnfhj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrhtpfj.exec:\rrhtpfj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnjrdd.exec:\rnjrdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tpnlb.exec:\tpnlb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlrxtvr.exec:\vlrxtvr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhjpr.exec:\hhjpr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdlhh.exec:\pdlhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjnddv.exec:\tjnddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtbrdnv.exec:\xtbrdnv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brpvvfn.exec:\brpvvfn.exe17⤵
- Executes dropped EXE
-
\??\c:\jnvbjrx.exec:\jnvbjrx.exe18⤵
- Executes dropped EXE
-
\??\c:\vndfrpf.exec:\vndfrpf.exe19⤵
- Executes dropped EXE
-
\??\c:\lprnx.exec:\lprnx.exe20⤵
- Executes dropped EXE
-
\??\c:\fxxvnpf.exec:\fxxvnpf.exe21⤵
- Executes dropped EXE
-
\??\c:\bdvjf.exec:\bdvjf.exe22⤵
- Executes dropped EXE
-
\??\c:\jrrlxh.exec:\jrrlxh.exe23⤵
- Executes dropped EXE
-
\??\c:\lxlpvd.exec:\lxlpvd.exe24⤵
- Executes dropped EXE
-
\??\c:\tbrvp.exec:\tbrvp.exe25⤵
- Executes dropped EXE
-
\??\c:\hdxhltd.exec:\hdxhltd.exe26⤵
- Executes dropped EXE
-
\??\c:\vtftjf.exec:\vtftjf.exe27⤵
- Executes dropped EXE
-
\??\c:\lxltbdx.exec:\lxltbdx.exe28⤵
- Executes dropped EXE
-
\??\c:\xtfdhhp.exec:\xtfdhhp.exe29⤵
- Executes dropped EXE
-
\??\c:\vxfvnxv.exec:\vxfvnxv.exe30⤵
- Executes dropped EXE
-
\??\c:\phvdf.exec:\phvdf.exe31⤵
- Executes dropped EXE
-
\??\c:\brtdptl.exec:\brtdptl.exe32⤵
- Executes dropped EXE
-
\??\c:\bpxppj.exec:\bpxppj.exe33⤵
- Executes dropped EXE
-
\??\c:\hfrnl.exec:\hfrnl.exe34⤵
- Executes dropped EXE
-
\??\c:\hxjvtpx.exec:\hxjvtpx.exe35⤵
- Executes dropped EXE
-
\??\c:\rjttd.exec:\rjttd.exe36⤵
- Executes dropped EXE
-
\??\c:\jxtvltd.exec:\jxtvltd.exe37⤵
- Executes dropped EXE
-
\??\c:\ftxjhnv.exec:\ftxjhnv.exe38⤵
- Executes dropped EXE
-
\??\c:\lnndxh.exec:\lnndxh.exe39⤵
- Executes dropped EXE
-
\??\c:\nvbtb.exec:\nvbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\rhphrjh.exec:\rhphrjh.exe41⤵
- Executes dropped EXE
-
\??\c:\nxbxx.exec:\nxbxx.exe42⤵
- Executes dropped EXE
-
\??\c:\nrvlbb.exec:\nrvlbb.exe43⤵
- Executes dropped EXE
-
\??\c:\xljppx.exec:\xljppx.exe44⤵
- Executes dropped EXE
-
\??\c:\nbjtfx.exec:\nbjtfx.exe45⤵
- Executes dropped EXE
-
\??\c:\xrpfpdp.exec:\xrpfpdp.exe46⤵
- Executes dropped EXE
-
\??\c:\prxrr.exec:\prxrr.exe47⤵
- Executes dropped EXE
-
\??\c:\bbpjxtl.exec:\bbpjxtl.exe48⤵
- Executes dropped EXE
-
\??\c:\pnrfdd.exec:\pnrfdd.exe49⤵
- Executes dropped EXE
-
\??\c:\pvnlpxf.exec:\pvnlpxf.exe50⤵
- Executes dropped EXE
-
\??\c:\nthvr.exec:\nthvr.exe51⤵
- Executes dropped EXE
-
\??\c:\ttxxlrn.exec:\ttxxlrn.exe52⤵
- Executes dropped EXE
-
\??\c:\rxhfftf.exec:\rxhfftf.exe53⤵
- Executes dropped EXE
-
\??\c:\ttjnhb.exec:\ttjnhb.exe54⤵
- Executes dropped EXE
-
\??\c:\bpxvlpt.exec:\bpxvlpt.exe55⤵
- Executes dropped EXE
-
\??\c:\fxphxpv.exec:\fxphxpv.exe56⤵
- Executes dropped EXE
-
\??\c:\ppfdjpn.exec:\ppfdjpn.exe57⤵
- Executes dropped EXE
-
\??\c:\xldxhdh.exec:\xldxhdh.exe58⤵
- Executes dropped EXE
-
\??\c:\vxjlj.exec:\vxjlj.exe59⤵
- Executes dropped EXE
-
\??\c:\tjvtblf.exec:\tjvtblf.exe60⤵
- Executes dropped EXE
-
\??\c:\bdhxbt.exec:\bdhxbt.exe61⤵
- Executes dropped EXE
-
\??\c:\pbjppdn.exec:\pbjppdn.exe62⤵
- Executes dropped EXE
-
\??\c:\njrjnfh.exec:\njrjnfh.exe63⤵
- Executes dropped EXE
-
\??\c:\nxffbtb.exec:\nxffbtb.exe64⤵
- Executes dropped EXE
-
\??\c:\jbdfhlj.exec:\jbdfhlj.exe65⤵
- Executes dropped EXE
-
\??\c:\brjnpxx.exec:\brjnpxx.exe66⤵
-
\??\c:\pbxdxf.exec:\pbxdxf.exe67⤵
-
\??\c:\nrjpd.exec:\nrjpd.exe68⤵
-
\??\c:\hrrfrvf.exec:\hrrfrvf.exe69⤵
-
\??\c:\vhjxjpp.exec:\vhjxjpp.exe70⤵
-
\??\c:\xdtjrxr.exec:\xdtjrxr.exe71⤵
-
\??\c:\hndrl.exec:\hndrl.exe72⤵
-
\??\c:\lplphh.exec:\lplphh.exe73⤵
-
\??\c:\jvhbj.exec:\jvhbj.exe74⤵
-
\??\c:\nxrrbj.exec:\nxrrbj.exe75⤵
-
\??\c:\prntx.exec:\prntx.exe76⤵
-
\??\c:\lxjvxtn.exec:\lxjvxtn.exe77⤵
-
\??\c:\vtrxd.exec:\vtrxd.exe78⤵
-
\??\c:\fvvnv.exec:\fvvnv.exe79⤵
-
\??\c:\xlrbp.exec:\xlrbp.exe80⤵
-
\??\c:\tpnxr.exec:\tpnxr.exe81⤵
-
\??\c:\hlrrvpf.exec:\hlrrvpf.exe82⤵
-
\??\c:\vbjfrp.exec:\vbjfrp.exe83⤵
-
\??\c:\lllnpb.exec:\lllnpb.exe84⤵
-
\??\c:\dnvpphx.exec:\dnvpphx.exe85⤵
-
\??\c:\xddtl.exec:\xddtl.exe86⤵
-
\??\c:\xpldf.exec:\xpldf.exe87⤵
-
\??\c:\jdfdpfd.exec:\jdfdpfd.exe88⤵
-
\??\c:\flbxrlh.exec:\flbxrlh.exe89⤵
-
\??\c:\jxddhx.exec:\jxddhx.exe90⤵
-
\??\c:\pthxtpj.exec:\pthxtpj.exe91⤵
-
\??\c:\jxfdrd.exec:\jxfdrd.exe92⤵
-
\??\c:\tthjhfp.exec:\tthjhfp.exe93⤵
-
\??\c:\xxjxnpj.exec:\xxjxnpj.exe94⤵
-
\??\c:\ltnbnnh.exec:\ltnbnnh.exe95⤵
-
\??\c:\rbrnfj.exec:\rbrnfj.exe96⤵
-
\??\c:\bddtndd.exec:\bddtndd.exe97⤵
-
\??\c:\dvthd.exec:\dvthd.exe98⤵
-
\??\c:\dhfbxv.exec:\dhfbxv.exe99⤵
-
\??\c:\pblxr.exec:\pblxr.exe100⤵
-
\??\c:\ddhdnrn.exec:\ddhdnrn.exe101⤵
-
\??\c:\xbnrl.exec:\xbnrl.exe102⤵
-
\??\c:\rxvjj.exec:\rxvjj.exe103⤵
-
\??\c:\tpjvf.exec:\tpjvf.exe104⤵
-
\??\c:\xjjfh.exec:\xjjfh.exe105⤵
-
\??\c:\llbfx.exec:\llbfx.exe106⤵
-
\??\c:\xfrdlfr.exec:\xfrdlfr.exe107⤵
-
\??\c:\dlhnd.exec:\dlhnd.exe108⤵
-
\??\c:\hbvxh.exec:\hbvxh.exe109⤵
-
\??\c:\phlfnll.exec:\phlfnll.exe110⤵
-
\??\c:\vfbdbxr.exec:\vfbdbxr.exe111⤵
-
\??\c:\xbtjxnl.exec:\xbtjxnl.exe112⤵
-
\??\c:\ndxxxhp.exec:\ndxxxhp.exe113⤵
-
\??\c:\jpnrxth.exec:\jpnrxth.exe114⤵
-
\??\c:\drvlfb.exec:\drvlfb.exe115⤵
-
\??\c:\lxtddp.exec:\lxtddp.exe116⤵
-
\??\c:\nfhrhdv.exec:\nfhrhdv.exe117⤵
-
\??\c:\fvtnnjf.exec:\fvtnnjf.exe118⤵
-
\??\c:\bdjvh.exec:\bdjvh.exe119⤵
-
\??\c:\dtnjjb.exec:\dtnjjb.exe120⤵
-
\??\c:\xlvntpj.exec:\xlvntpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-