Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
31/05/2024, 04:50
General
-
Target
8604b6a8c872a2cdae485b3d98d2bcc2_JaffaCakes118.exe
-
Size
101KB
-
MD5
8604b6a8c872a2cdae485b3d98d2bcc2
-
SHA1
cedebb7fc814e219c9e27a45bec270b0d9534a13
-
SHA256
a6a54a331e4403156ec6893c5f4760e5d65d760a16a97e33b36098220535a003
-
SHA512
560e233d447ba2f0b664437f739d518a232a9d84c2147ee2f256b8a33a81d5e14c21ccd21f9f40a7b33880fbdcdc0f5ca95a2374d88ab49eaa5020f572449e2b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2lmf6g7xmIi6h7zp:ymb3NkkiQ3mdBjF+3TU20L46FV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8604b6a8c872a2cdae485b3d98d2bcc2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8604b6a8c872a2cdae485b3d98d2bcc2_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\0682444.exec:\0682444.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\00664.exec:\00664.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6004222.exec:\6004222.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4860668.exec:\4860668.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26604.exec:\26604.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m4642.exec:\m4642.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\840482.exec:\840482.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvv.exec:\jpjvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i282626.exec:\i282626.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\006660.exec:\006660.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w24260.exec:\w24260.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhtt.exec:\bnnhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e28626.exec:\e28626.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42820.exec:\42820.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnht.exec:\htbnht.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g0460.exec:\g0460.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w06488.exec:\w06488.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbbnn.exec:\1bbbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86826.exec:\86826.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxrf.exec:\fllfxrf.exe23⤵
- Executes dropped EXE
-
\??\c:\bnbhhn.exec:\bnbhhn.exe24⤵
- Executes dropped EXE
-
\??\c:\9xrlfxr.exec:\9xrlfxr.exe25⤵
- Executes dropped EXE
-
\??\c:\20048.exec:\20048.exe26⤵
- Executes dropped EXE
-
\??\c:\4804804.exec:\4804804.exe27⤵
- Executes dropped EXE
-
\??\c:\028426.exec:\028426.exe28⤵
- Executes dropped EXE
-
\??\c:\httnbh.exec:\httnbh.exe29⤵
- Executes dropped EXE
-
\??\c:\86486.exec:\86486.exe30⤵
- Executes dropped EXE
-
\??\c:\c080426.exec:\c080426.exe31⤵
- Executes dropped EXE
-
\??\c:\088482.exec:\088482.exe32⤵
- Executes dropped EXE
-
\??\c:\tthtnh.exec:\tthtnh.exe33⤵
- Executes dropped EXE
-
\??\c:\nbtnbt.exec:\nbtnbt.exe34⤵
- Executes dropped EXE
-
\??\c:\028488.exec:\028488.exe35⤵
- Executes dropped EXE
-
\??\c:\lxlfxrf.exec:\lxlfxrf.exe36⤵
- Executes dropped EXE
-
\??\c:\066426.exec:\066426.exe37⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe38⤵
- Executes dropped EXE
-
\??\c:\xrrfrll.exec:\xrrfrll.exe39⤵
- Executes dropped EXE
-
\??\c:\4466626.exec:\4466626.exe40⤵
- Executes dropped EXE
-
\??\c:\202226.exec:\202226.exe41⤵
- Executes dropped EXE
-
\??\c:\9lfxrrl.exec:\9lfxrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe43⤵
- Executes dropped EXE
-
\??\c:\6204220.exec:\6204220.exe44⤵
- Executes dropped EXE
-
\??\c:\266668.exec:\266668.exe45⤵
- Executes dropped EXE
-
\??\c:\c404444.exec:\c404444.exe46⤵
- Executes dropped EXE
-
\??\c:\xxrfxll.exec:\xxrfxll.exe47⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe48⤵
- Executes dropped EXE
-
\??\c:\064044.exec:\064044.exe49⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe50⤵
- Executes dropped EXE
-
\??\c:\2666660.exec:\2666660.exe51⤵
- Executes dropped EXE
-
\??\c:\8228444.exec:\8228444.exe52⤵
- Executes dropped EXE
-
\??\c:\3ddvv.exec:\3ddvv.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbbnt.exec:\tnbbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\xfllflf.exec:\xfllflf.exe55⤵
- Executes dropped EXE
-
\??\c:\1bbbtt.exec:\1bbbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\3tbbbt.exec:\3tbbbt.exe57⤵
- Executes dropped EXE
-
\??\c:\fxllrlr.exec:\fxllrlr.exe58⤵
- Executes dropped EXE
-
\??\c:\5lllffx.exec:\5lllffx.exe59⤵
- Executes dropped EXE
-
\??\c:\llllfxl.exec:\llllfxl.exe60⤵
- Executes dropped EXE
-
\??\c:\60666.exec:\60666.exe61⤵
- Executes dropped EXE
-
\??\c:\0244888.exec:\0244888.exe62⤵
- Executes dropped EXE
-
\??\c:\k28882.exec:\k28882.exe63⤵
- Executes dropped EXE
-
\??\c:\llrxfxf.exec:\llrxfxf.exe64⤵
- Executes dropped EXE
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\i660448.exec:\i660448.exe66⤵
-
\??\c:\040444.exec:\040444.exe67⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe68⤵
-
\??\c:\nnnhhb.exec:\nnnhhb.exe69⤵
-
\??\c:\02820.exec:\02820.exe70⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe71⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe72⤵
-
\??\c:\vppdd.exec:\vppdd.exe73⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe74⤵
-
\??\c:\c404822.exec:\c404822.exe75⤵
-
\??\c:\ffxxrlf.exec:\ffxxrlf.exe76⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe77⤵
-
\??\c:\22048.exec:\22048.exe78⤵
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe79⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe80⤵
-
\??\c:\pdddv.exec:\pdddv.exe81⤵
-
\??\c:\084482.exec:\084482.exe82⤵
-
\??\c:\8260006.exec:\8260006.exe83⤵
-
\??\c:\7dpjj.exec:\7dpjj.exe84⤵
-
\??\c:\c426000.exec:\c426000.exe85⤵
-
\??\c:\88044.exec:\88044.exe86⤵
-
\??\c:\4204440.exec:\4204440.exe87⤵
-
\??\c:\o066660.exec:\o066660.exe88⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe89⤵
-
\??\c:\2442026.exec:\2442026.exe90⤵
-
\??\c:\q66000.exec:\q66000.exe91⤵
-
\??\c:\8066066.exec:\8066066.exe92⤵
-
\??\c:\thntnn.exec:\thntnn.exe93⤵
-
\??\c:\tbhnhb.exec:\tbhnhb.exe94⤵
-
\??\c:\jddvp.exec:\jddvp.exe95⤵
-
\??\c:\000822.exec:\000822.exe96⤵
-
\??\c:\4844046.exec:\4844046.exe97⤵
-
\??\c:\xxxffff.exec:\xxxffff.exe98⤵
-
\??\c:\fxllllx.exec:\fxllllx.exe99⤵
-
\??\c:\dpddv.exec:\dpddv.exe100⤵
-
\??\c:\xlfrrxx.exec:\xlfrrxx.exe101⤵
-
\??\c:\26802.exec:\26802.exe102⤵
-
\??\c:\280088.exec:\280088.exe103⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe104⤵
-
\??\c:\066666.exec:\066666.exe105⤵
-
\??\c:\u066444.exec:\u066444.exe106⤵
-
\??\c:\824844.exec:\824844.exe107⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe108⤵
-
\??\c:\dpppd.exec:\dpppd.exe109⤵
-
\??\c:\2066444.exec:\2066444.exe110⤵
-
\??\c:\pdddd.exec:\pdddd.exe111⤵
-
\??\c:\48886.exec:\48886.exe112⤵
-
\??\c:\20660.exec:\20660.exe113⤵
-
\??\c:\26608.exec:\26608.exe114⤵
-
\??\c:\w06644.exec:\w06644.exe115⤵
-
\??\c:\dvddv.exec:\dvddv.exe116⤵
-
\??\c:\dvppp.exec:\dvppp.exe117⤵
-
\??\c:\284822.exec:\284822.exe118⤵
-
\??\c:\rxllfrl.exec:\rxllfrl.exe119⤵
-
\??\c:\8444882.exec:\8444882.exe120⤵
-
\??\c:\llrrxxf.exec:\llrrxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-