Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
03/06/2024, 23:35
General
-
Target
92fe2bf7f2a1bd098b079c2a114df80c_JaffaCakes118.exe
-
Size
231KB
-
MD5
92fe2bf7f2a1bd098b079c2a114df80c
-
SHA1
2eda70ab29df06f531e799ba1109611f476353a6
-
SHA256
b3ea0c725e683b913c2840901aa26f25491cf2d5a94468e9523707e8adb9463f
-
SHA512
f42935a669bebb2651de329b976b4aa7bcfddb440fc2397e6dfa273c4e81332e8b5562c734ca47af4a744a6122d53470b1a505019d8c3a3b751ca915de8824ab
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xL8eBWOgP:n3C9BRo7MlrWKo+lxK8eBWVP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\92fe2bf7f2a1bd098b079c2a114df80c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\92fe2bf7f2a1bd098b079c2a114df80c_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fu350f.exec:\fu350f.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g2fu70.exec:\g2fu70.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o3v10v.exec:\o3v10v.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r7avkoe.exec:\r7avkoe.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\efus6l.exec:\efus6l.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\iwwno4.exec:\iwwno4.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r1x5u47.exec:\r1x5u47.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3i5hw.exec:\3i5hw.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p53dq.exec:\p53dq.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6a6e3.exec:\6a6e3.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\83s8hq.exec:\83s8hq.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\38l5tc.exec:\38l5tc.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r3599gm.exec:\r3599gm.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fsqkec6.exec:\fsqkec6.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\779r85.exec:\779r85.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\54155n9.exec:\54155n9.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kj94j.exec:\kj94j.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m1gre3.exec:\m1gre3.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n1uoamt.exec:\n1uoamt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\75j329.exec:\75j329.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\513wa39.exec:\513wa39.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2pmmq.exec:\2pmmq.exe23⤵
- Executes dropped EXE
-
\??\c:\i5587.exec:\i5587.exe24⤵
- Executes dropped EXE
-
\??\c:\7g2wfb.exec:\7g2wfb.exe25⤵
- Executes dropped EXE
-
\??\c:\u3oi75s.exec:\u3oi75s.exe26⤵
- Executes dropped EXE
-
\??\c:\8t147u.exec:\8t147u.exe27⤵
- Executes dropped EXE
-
\??\c:\3mpwc.exec:\3mpwc.exe28⤵
- Executes dropped EXE
-
\??\c:\mnw40u.exec:\mnw40u.exe29⤵
- Executes dropped EXE
-
\??\c:\jcw3ec.exec:\jcw3ec.exe30⤵
- Executes dropped EXE
-
\??\c:\48e6c8.exec:\48e6c8.exe31⤵
- Executes dropped EXE
-
\??\c:\2ee36f.exec:\2ee36f.exe32⤵
- Executes dropped EXE
-
\??\c:\7xugpt3.exec:\7xugpt3.exe33⤵
- Executes dropped EXE
-
\??\c:\4e8n6qi.exec:\4e8n6qi.exe34⤵
- Executes dropped EXE
-
\??\c:\64tn01.exec:\64tn01.exe35⤵
- Executes dropped EXE
-
\??\c:\10t40.exec:\10t40.exe36⤵
- Executes dropped EXE
-
\??\c:\m2g0h.exec:\m2g0h.exe37⤵
- Executes dropped EXE
-
\??\c:\4xkro.exec:\4xkro.exe38⤵
- Executes dropped EXE
-
\??\c:\n4as3ee.exec:\n4as3ee.exe39⤵
- Executes dropped EXE
-
\??\c:\8ov381.exec:\8ov381.exe40⤵
- Executes dropped EXE
-
\??\c:\u97e0.exec:\u97e0.exe41⤵
- Executes dropped EXE
-
\??\c:\7ccjk.exec:\7ccjk.exe42⤵
- Executes dropped EXE
-
\??\c:\44w54o1.exec:\44w54o1.exe43⤵
- Executes dropped EXE
-
\??\c:\1jmko8g.exec:\1jmko8g.exe44⤵
- Executes dropped EXE
-
\??\c:\89k2237.exec:\89k2237.exe45⤵
- Executes dropped EXE
-
\??\c:\791ua51.exec:\791ua51.exe46⤵
- Executes dropped EXE
-
\??\c:\w0n90uu.exec:\w0n90uu.exe47⤵
- Executes dropped EXE
-
\??\c:\x57pa39.exec:\x57pa39.exe48⤵
- Executes dropped EXE
-
\??\c:\ah4rpp5.exec:\ah4rpp5.exe49⤵
- Executes dropped EXE
-
\??\c:\6711irf.exec:\6711irf.exe50⤵
- Executes dropped EXE
-
\??\c:\84t54.exec:\84t54.exe51⤵
- Executes dropped EXE
-
\??\c:\1s589k.exec:\1s589k.exe52⤵
- Executes dropped EXE
-
\??\c:\59b382.exec:\59b382.exe53⤵
- Executes dropped EXE
-
\??\c:\9u7434k.exec:\9u7434k.exe54⤵
- Executes dropped EXE
-
\??\c:\o9007.exec:\o9007.exe55⤵
- Executes dropped EXE
-
\??\c:\17gr7.exec:\17gr7.exe56⤵
- Executes dropped EXE
-
\??\c:\i3ullg.exec:\i3ullg.exe57⤵
- Executes dropped EXE
-
\??\c:\37w5u.exec:\37w5u.exe58⤵
- Executes dropped EXE
-
\??\c:\q18075.exec:\q18075.exe59⤵
- Executes dropped EXE
-
\??\c:\vmaw4.exec:\vmaw4.exe60⤵
- Executes dropped EXE
-
\??\c:\56aa00.exec:\56aa00.exe61⤵
- Executes dropped EXE
-
\??\c:\f3gl17.exec:\f3gl17.exe62⤵
- Executes dropped EXE
-
\??\c:\e8u1g.exec:\e8u1g.exe63⤵
- Executes dropped EXE
-
\??\c:\4x1v7.exec:\4x1v7.exe64⤵
- Executes dropped EXE
-
\??\c:\7cxr812.exec:\7cxr812.exe65⤵
- Executes dropped EXE
-
\??\c:\7buo03.exec:\7buo03.exe66⤵
-
\??\c:\6ht812.exec:\6ht812.exe67⤵
-
\??\c:\53ul213.exec:\53ul213.exe68⤵
-
\??\c:\ssp8mw.exec:\ssp8mw.exe69⤵
-
\??\c:\p13ei5.exec:\p13ei5.exe70⤵
-
\??\c:\r3ee0l.exec:\r3ee0l.exe71⤵
-
\??\c:\u970a4.exec:\u970a4.exe72⤵
-
\??\c:\7imt9c.exec:\7imt9c.exe73⤵
-
\??\c:\l1992kk.exec:\l1992kk.exe74⤵
-
\??\c:\765vd33.exec:\765vd33.exe75⤵
-
\??\c:\97pj06.exec:\97pj06.exe76⤵
-
\??\c:\090ro16.exec:\090ro16.exe77⤵
-
\??\c:\4p0w1.exec:\4p0w1.exe78⤵
-
\??\c:\t9d1jt.exec:\t9d1jt.exe79⤵
-
\??\c:\ecxg3q2.exec:\ecxg3q2.exe80⤵
-
\??\c:\221u3r1.exec:\221u3r1.exe81⤵
-
\??\c:\u8op1.exec:\u8op1.exe82⤵
-
\??\c:\5371p.exec:\5371p.exe83⤵
-
\??\c:\a3s31.exec:\a3s31.exe84⤵
-
\??\c:\p8il5.exec:\p8il5.exe85⤵
-
\??\c:\ls95q.exec:\ls95q.exe86⤵
-
\??\c:\j5vj4e.exec:\j5vj4e.exe87⤵
-
\??\c:\lgqfm.exec:\lgqfm.exe88⤵
-
\??\c:\98521t.exec:\98521t.exe89⤵
-
\??\c:\t6611.exec:\t6611.exe90⤵
-
\??\c:\2i8m1.exec:\2i8m1.exe91⤵
-
\??\c:\6u41r3i.exec:\6u41r3i.exe92⤵
-
\??\c:\893hx.exec:\893hx.exe93⤵
-
\??\c:\vvupjra.exec:\vvupjra.exe94⤵
-
\??\c:\3h8l1li.exec:\3h8l1li.exe95⤵
-
\??\c:\0lu3g1l.exec:\0lu3g1l.exe96⤵
-
\??\c:\7ux070f.exec:\7ux070f.exe97⤵
-
\??\c:\8p1mb.exec:\8p1mb.exe98⤵
-
\??\c:\u3is3.exec:\u3is3.exe99⤵
-
\??\c:\smsm86f.exec:\smsm86f.exe100⤵
-
\??\c:\va3h5g6.exec:\va3h5g6.exe101⤵
-
\??\c:\qwww8ow.exec:\qwww8ow.exe102⤵
-
\??\c:\13jppt6.exec:\13jppt6.exe103⤵
-
\??\c:\apwu0.exec:\apwu0.exe104⤵
-
\??\c:\b5s27.exec:\b5s27.exe105⤵
-
\??\c:\qxai48t.exec:\qxai48t.exe106⤵
-
\??\c:\4b8oq.exec:\4b8oq.exe107⤵
-
\??\c:\8c4u22.exec:\8c4u22.exe108⤵
-
\??\c:\tw08f.exec:\tw08f.exe109⤵
-
\??\c:\w5um9qu.exec:\w5um9qu.exe110⤵
-
\??\c:\4936g0.exec:\4936g0.exe111⤵
-
\??\c:\4adq2r0.exec:\4adq2r0.exe112⤵
-
\??\c:\ja23n3.exec:\ja23n3.exe113⤵
-
\??\c:\1apn1e.exec:\1apn1e.exe114⤵
-
\??\c:\k7x7ci.exec:\k7x7ci.exe115⤵
-
\??\c:\t29n114.exec:\t29n114.exe116⤵
-
\??\c:\2kfpf68.exec:\2kfpf68.exe117⤵
-
\??\c:\t90831.exec:\t90831.exe118⤵
-
\??\c:\984m6q.exec:\984m6q.exe119⤵
-
\??\c:\hiis0.exec:\hiis0.exe120⤵
-
\??\c:\d653ve6.exec:\d653ve6.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-