Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
10/06/2024, 23:54
General
-
Target
9c5d9802b7519827e6b8e2e4615ea30d_JaffaCakes118.exe
-
Size
101KB
-
MD5
9c5d9802b7519827e6b8e2e4615ea30d
-
SHA1
cea195526872ae777979cb07e1abcc9add371d85
-
SHA256
d6ce6477e74efb0811c638a609fc11ad1cf0fd13963912df06dc65a20ab4f9d9
-
SHA512
2090dd26b44af877609d72b83db4cec5c1226dbeaf6edf5be3e56365d99bd99aba01003bcdb3c309449e15fe2ed3a83b1fcba90f92d428b887e9608133a6d125
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2lmf6g7xmIi6h7zZ:ymb3NkkiQ3mdBjF+3TU20L46Fd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c5d9802b7519827e6b8e2e4615ea30d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9c5d9802b7519827e6b8e2e4615ea30d_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttn.exec:\btbttn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdj.exec:\vjjdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbtn.exec:\tthbtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhbbb.exec:\1nhbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrxxl.exec:\xlrrxxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbbh.exec:\thtbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbnn.exec:\nhtbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjp.exec:\ppjjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxrxxf.exec:\1lxrxxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlrflx.exec:\5xlrflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthntb.exec:\tthntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdpv.exec:\7pdpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrlrf.exec:\fxrrlrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfflx.exec:\rlxfflx.exe17⤵
- Executes dropped EXE
-
\??\c:\btbhnt.exec:\btbhnt.exe18⤵
- Executes dropped EXE
-
\??\c:\ppvvj.exec:\ppvvj.exe19⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe20⤵
- Executes dropped EXE
-
\??\c:\fxllflf.exec:\fxllflf.exe21⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbhhb.exec:\tnbhhb.exe23⤵
- Executes dropped EXE
-
\??\c:\3pjvp.exec:\3pjvp.exe24⤵
- Executes dropped EXE
-
\??\c:\3flxfrx.exec:\3flxfrx.exe25⤵
- Executes dropped EXE
-
\??\c:\rlrlflf.exec:\rlrlflf.exe26⤵
- Executes dropped EXE
-
\??\c:\9hbnbb.exec:\9hbnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe28⤵
- Executes dropped EXE
-
\??\c:\5llxflx.exec:\5llxflx.exe29⤵
- Executes dropped EXE
-
\??\c:\3frxxxr.exec:\3frxxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\bnbhtt.exec:\bnbhtt.exe31⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe32⤵
- Executes dropped EXE
-
\??\c:\5ppdp.exec:\5ppdp.exe33⤵
- Executes dropped EXE
-
\??\c:\5rfxxfl.exec:\5rfxxfl.exe34⤵
- Executes dropped EXE
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe35⤵
- Executes dropped EXE
-
\??\c:\hhnbnt.exec:\hhnbnt.exe36⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe37⤵
- Executes dropped EXE
-
\??\c:\3vjvp.exec:\3vjvp.exe38⤵
- Executes dropped EXE
-
\??\c:\rlxrfff.exec:\rlxrfff.exe39⤵
- Executes dropped EXE
-
\??\c:\rffllll.exec:\rffllll.exe40⤵
- Executes dropped EXE
-
\??\c:\hbtthn.exec:\hbtthn.exe41⤵
- Executes dropped EXE
-
\??\c:\5tbnnt.exec:\5tbnnt.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe43⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe44⤵
- Executes dropped EXE
-
\??\c:\xrrlxfr.exec:\xrrlxfr.exe45⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe46⤵
- Executes dropped EXE
-
\??\c:\nnhtbh.exec:\nnhtbh.exe47⤵
- Executes dropped EXE
-
\??\c:\3djjv.exec:\3djjv.exe48⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe49⤵
- Executes dropped EXE
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe50⤵
- Executes dropped EXE
-
\??\c:\rlxlxfx.exec:\rlxlxfx.exe51⤵
- Executes dropped EXE
-
\??\c:\fxlllrx.exec:\fxlllrx.exe52⤵
- Executes dropped EXE
-
\??\c:\hhbhtb.exec:\hhbhtb.exe53⤵
- Executes dropped EXE
-
\??\c:\thhtbb.exec:\thhtbb.exe54⤵
- Executes dropped EXE
-
\??\c:\5jvdj.exec:\5jvdj.exe55⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe56⤵
- Executes dropped EXE
-
\??\c:\7rffxxx.exec:\7rffxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\bnbthn.exec:\bnbthn.exe58⤵
- Executes dropped EXE
-
\??\c:\7hbnbb.exec:\7hbnbb.exe59⤵
- Executes dropped EXE
-
\??\c:\jjpdp.exec:\jjpdp.exe60⤵
- Executes dropped EXE
-
\??\c:\3dpjj.exec:\3dpjj.exe61⤵
- Executes dropped EXE
-
\??\c:\7rfflrf.exec:\7rfflrf.exe62⤵
- Executes dropped EXE
-
\??\c:\xlflrxf.exec:\xlflrxf.exe63⤵
- Executes dropped EXE
-
\??\c:\btbntb.exec:\btbntb.exe64⤵
- Executes dropped EXE
-
\??\c:\bbnhhh.exec:\bbnhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe66⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe67⤵
-
\??\c:\frfxrrx.exec:\frfxrrx.exe68⤵
-
\??\c:\xxxllrr.exec:\xxxllrr.exe69⤵
-
\??\c:\3htthn.exec:\3htthn.exe70⤵
-
\??\c:\hnnhtb.exec:\hnnhtb.exe71⤵
-
\??\c:\tttbtb.exec:\tttbtb.exe72⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe73⤵
-
\??\c:\rfxxffr.exec:\rfxxffr.exe74⤵
-
\??\c:\lfrflrx.exec:\lfrflrx.exe75⤵
-
\??\c:\3nbbhh.exec:\3nbbhh.exe76⤵
-
\??\c:\tnhhbt.exec:\tnhhbt.exe77⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe78⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe79⤵
-
\??\c:\pppdp.exec:\pppdp.exe80⤵
-
\??\c:\ffxfflx.exec:\ffxfflx.exe81⤵
-
\??\c:\ffxrrff.exec:\ffxrrff.exe82⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe83⤵
-
\??\c:\9nbhnn.exec:\9nbhnn.exe84⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe85⤵
-
\??\c:\3vvdv.exec:\3vvdv.exe86⤵
-
\??\c:\lfxrrxl.exec:\lfxrrxl.exe87⤵
-
\??\c:\1rrxflx.exec:\1rrxflx.exe88⤵
-
\??\c:\7bnntb.exec:\7bnntb.exe89⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe90⤵
-
\??\c:\5hhntt.exec:\5hhntt.exe91⤵
-
\??\c:\djdpv.exec:\djdpv.exe92⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe93⤵
-
\??\c:\lfrrxlx.exec:\lfrrxlx.exe94⤵
-
\??\c:\rrlxlrl.exec:\rrlxlrl.exe95⤵
-
\??\c:\ttbhbh.exec:\ttbhbh.exe96⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe97⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe98⤵
-
\??\c:\5vjdp.exec:\5vjdp.exe99⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe100⤵
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe101⤵
-
\??\c:\fxfrlrl.exec:\fxfrlrl.exe102⤵
-
\??\c:\nhnnbh.exec:\nhnnbh.exe103⤵
-
\??\c:\nnhhbn.exec:\nnhhbn.exe104⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe105⤵
-
\??\c:\3dvjv.exec:\3dvjv.exe106⤵
-
\??\c:\ffffxfr.exec:\ffffxfr.exe107⤵
-
\??\c:\fxrfflf.exec:\fxrfflf.exe108⤵
-
\??\c:\btntnt.exec:\btntnt.exe109⤵
-
\??\c:\thtbbb.exec:\thtbbb.exe110⤵
-
\??\c:\9ddjj.exec:\9ddjj.exe111⤵
-
\??\c:\9jdjj.exec:\9jdjj.exe112⤵
-
\??\c:\rlxfrxl.exec:\rlxfrxl.exe113⤵
-
\??\c:\lxrflfr.exec:\lxrflfr.exe114⤵
-
\??\c:\hbtthb.exec:\hbtthb.exe115⤵
-
\??\c:\thtbtn.exec:\thtbtn.exe116⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe117⤵
-
\??\c:\flrrxlr.exec:\flrrxlr.exe118⤵
-
\??\c:\3lfrxff.exec:\3lfrxff.exe119⤵
-
\??\c:\7nbbhb.exec:\7nbbhb.exe120⤵
-
\??\c:\tbttnn.exec:\tbttnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-