Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
03/06/2024, 23:35
General
-
Target
92fe2bf7f2a1bd098b079c2a114df80c_JaffaCakes118.exe
-
Size
231KB
-
MD5
92fe2bf7f2a1bd098b079c2a114df80c
-
SHA1
2eda70ab29df06f531e799ba1109611f476353a6
-
SHA256
b3ea0c725e683b913c2840901aa26f25491cf2d5a94468e9523707e8adb9463f
-
SHA512
f42935a669bebb2651de329b976b4aa7bcfddb440fc2397e6dfa273c4e81332e8b5562c734ca47af4a744a6122d53470b1a505019d8c3a3b751ca915de8824ab
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xL8eBWOgP:n3C9BRo7MlrWKo+lxK8eBWVP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\92fe2bf7f2a1bd098b079c2a114df80c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\92fe2bf7f2a1bd098b079c2a114df80c_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrrr.exec:\xrflrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnnnt.exec:\1bnnnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxlxfl.exec:\9fxlxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhh.exec:\nhbbhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnbt.exec:\bbnnbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjvj.exec:\1vjvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djpv.exec:\7djpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvpd.exec:\5vvpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhntb.exec:\hbhntb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbt.exec:\hbntbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxflr.exec:\lllxflr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fllxxl.exec:\3fllxxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpj.exec:\pjvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnbb.exec:\tthnbb.exe17⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe18⤵
- Executes dropped EXE
-
\??\c:\5jjpp.exec:\5jjpp.exe19⤵
- Executes dropped EXE
-
\??\c:\9rxfllf.exec:\9rxfllf.exe20⤵
- Executes dropped EXE
-
\??\c:\nnttnn.exec:\nnttnn.exe21⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe22⤵
- Executes dropped EXE
-
\??\c:\9xxlrxl.exec:\9xxlrxl.exe23⤵
- Executes dropped EXE
-
\??\c:\xxlrrfx.exec:\xxlrrfx.exe24⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe25⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe26⤵
- Executes dropped EXE
-
\??\c:\7nnnbb.exec:\7nnnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\9vjpv.exec:\9vjpv.exe28⤵
- Executes dropped EXE
-
\??\c:\llfrxfl.exec:\llfrxfl.exe29⤵
- Executes dropped EXE
-
\??\c:\9bnbnh.exec:\9bnbnh.exe30⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe31⤵
- Executes dropped EXE
-
\??\c:\ddjjv.exec:\ddjjv.exe32⤵
- Executes dropped EXE
-
\??\c:\lfllrlr.exec:\lfllrlr.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbnbb.exec:\hbbnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe35⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe36⤵
- Executes dropped EXE
-
\??\c:\fxrflrf.exec:\fxrflrf.exe37⤵
- Executes dropped EXE
-
\??\c:\1llxxxl.exec:\1llxxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\1thntn.exec:\1thntn.exe39⤵
- Executes dropped EXE
-
\??\c:\ttnnbh.exec:\ttnnbh.exe40⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe41⤵
- Executes dropped EXE
-
\??\c:\lxxxffl.exec:\lxxxffl.exe42⤵
- Executes dropped EXE
-
\??\c:\xrlrxrf.exec:\xrlrxrf.exe43⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe44⤵
- Executes dropped EXE
-
\??\c:\9thhnn.exec:\9thhnn.exe45⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe46⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe47⤵
- Executes dropped EXE
-
\??\c:\5fxflfr.exec:\5fxflfr.exe48⤵
- Executes dropped EXE
-
\??\c:\7thhtb.exec:\7thhtb.exe49⤵
- Executes dropped EXE
-
\??\c:\nhthhn.exec:\nhthhn.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe51⤵
- Executes dropped EXE
-
\??\c:\7jvdp.exec:\7jvdp.exe52⤵
- Executes dropped EXE
-
\??\c:\fflrfrf.exec:\fflrfrf.exe53⤵
- Executes dropped EXE
-
\??\c:\fllllxx.exec:\fllllxx.exe54⤵
- Executes dropped EXE
-
\??\c:\tnbnnn.exec:\tnbnnn.exe55⤵
- Executes dropped EXE
-
\??\c:\7dvjj.exec:\7dvjj.exe56⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe57⤵
- Executes dropped EXE
-
\??\c:\rlxlxxr.exec:\rlxlxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\xlrlllx.exec:\xlrlllx.exe59⤵
- Executes dropped EXE
-
\??\c:\3nbbbb.exec:\3nbbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe61⤵
- Executes dropped EXE
-
\??\c:\9dvpv.exec:\9dvpv.exe62⤵
- Executes dropped EXE
-
\??\c:\fxllrrf.exec:\fxllrrf.exe63⤵
- Executes dropped EXE
-
\??\c:\5fxflxl.exec:\5fxflxl.exe64⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe65⤵
- Executes dropped EXE
-
\??\c:\bbhnnt.exec:\bbhnnt.exe66⤵
-
\??\c:\7jdjp.exec:\7jdjp.exe67⤵
-
\??\c:\9rxxffr.exec:\9rxxffr.exe68⤵
-
\??\c:\tttbhn.exec:\tttbhn.exe69⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe70⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe71⤵
-
\??\c:\9dvvd.exec:\9dvvd.exe72⤵
-
\??\c:\rlxlrlx.exec:\rlxlrlx.exe73⤵
-
\??\c:\xxxfffr.exec:\xxxfffr.exe74⤵
-
\??\c:\htbhhn.exec:\htbhhn.exe75⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe76⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe77⤵
-
\??\c:\fxlfrxl.exec:\fxlfrxl.exe78⤵
-
\??\c:\1flrrxl.exec:\1flrrxl.exe79⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe80⤵
-
\??\c:\7hbntt.exec:\7hbntt.exe81⤵
-
\??\c:\ppddj.exec:\ppddj.exe82⤵
-
\??\c:\9rfxxxl.exec:\9rfxxxl.exe83⤵
-
\??\c:\7xfflrx.exec:\7xfflrx.exe84⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe85⤵
-
\??\c:\thhbnt.exec:\thhbnt.exe86⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe87⤵
-
\??\c:\rfrrffl.exec:\rfrrffl.exe88⤵
-
\??\c:\rfllrrf.exec:\rfllrrf.exe89⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe90⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe91⤵
-
\??\c:\1vvvj.exec:\1vvvj.exe92⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe93⤵
-
\??\c:\rflrrrx.exec:\rflrrrx.exe94⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe95⤵
-
\??\c:\5bbnht.exec:\5bbnht.exe96⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe97⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe98⤵
-
\??\c:\flxrxlf.exec:\flxrxlf.exe99⤵
-
\??\c:\9rflxrf.exec:\9rflxrf.exe100⤵
-
\??\c:\btnthh.exec:\btnthh.exe101⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe102⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe103⤵
-
\??\c:\frllrrl.exec:\frllrrl.exe104⤵
-
\??\c:\lxffrrx.exec:\lxffrrx.exe105⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe106⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe107⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe108⤵
-
\??\c:\1lxrxxf.exec:\1lxrxxf.exe109⤵
-
\??\c:\fxrrffr.exec:\fxrrffr.exe110⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe111⤵
-
\??\c:\3nhhhn.exec:\3nhhhn.exe112⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe113⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe114⤵
-
\??\c:\lxfflll.exec:\lxfflll.exe115⤵
-
\??\c:\fxlfllx.exec:\fxlfllx.exe116⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe117⤵
-
\??\c:\7jjdj.exec:\7jjdj.exe118⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe119⤵
-
\??\c:\fxrrxlx.exec:\fxrrxlx.exe120⤵
-
\??\c:\xrrfrxl.exec:\xrrfrxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-