Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10/06/2024, 23:54
General
-
Target
9c5d9802b7519827e6b8e2e4615ea30d_JaffaCakes118.exe
-
Size
101KB
-
MD5
9c5d9802b7519827e6b8e2e4615ea30d
-
SHA1
cea195526872ae777979cb07e1abcc9add371d85
-
SHA256
d6ce6477e74efb0811c638a609fc11ad1cf0fd13963912df06dc65a20ab4f9d9
-
SHA512
2090dd26b44af877609d72b83db4cec5c1226dbeaf6edf5be3e56365d99bd99aba01003bcdb3c309449e15fe2ed3a83b1fcba90f92d428b887e9608133a6d125
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2lmf6g7xmIi6h7zZ:ymb3NkkiQ3mdBjF+3TU20L46Fd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c5d9802b7519827e6b8e2e4615ea30d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9c5d9802b7519827e6b8e2e4615ea30d_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvj.exec:\1ddvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnbn.exec:\tttnbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvd.exec:\pvvvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjdv.exec:\9jjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnt.exec:\hhttnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvj.exec:\djjvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdv.exec:\pppdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbtn.exec:\tbbbtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxrlfr.exec:\1rxrlfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbtn.exec:\htnbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtnh.exec:\hnbtnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdp.exec:\pdjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrxlf.exec:\rxfrxlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbnhb.exec:\bnbnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrfxl.exec:\xrxrfxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnbh.exec:\btnnbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfrfxr.exec:\1lfrfxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnbn.exec:\httnbn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thbhb.exec:\5thbhb.exe23⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe24⤵
- Executes dropped EXE
-
\??\c:\frfrxrr.exec:\frfrxrr.exe25⤵
- Executes dropped EXE
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe26⤵
- Executes dropped EXE
-
\??\c:\9tnhbt.exec:\9tnhbt.exe27⤵
- Executes dropped EXE
-
\??\c:\1pjvj.exec:\1pjvj.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe29⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe30⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe31⤵
- Executes dropped EXE
-
\??\c:\9vvjv.exec:\9vvjv.exe32⤵
- Executes dropped EXE
-
\??\c:\rxrlxrr.exec:\rxrlxrr.exe33⤵
- Executes dropped EXE
-
\??\c:\lxrlxlx.exec:\lxrlxlx.exe34⤵
- Executes dropped EXE
-
\??\c:\nbhbnh.exec:\nbhbnh.exe35⤵
- Executes dropped EXE
-
\??\c:\9jdvj.exec:\9jdvj.exe36⤵
- Executes dropped EXE
-
\??\c:\jvpvj.exec:\jvpvj.exe37⤵
- Executes dropped EXE
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhtnh.exec:\nhhtnh.exe40⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe41⤵
- Executes dropped EXE
-
\??\c:\3xxrfff.exec:\3xxrfff.exe42⤵
- Executes dropped EXE
-
\??\c:\hhbthb.exec:\hhbthb.exe43⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\jpvjj.exec:\jpvjj.exe45⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxrfxr.exec:\xxxrfxr.exe47⤵
- Executes dropped EXE
-
\??\c:\lxlflfx.exec:\lxlflfx.exe48⤵
- Executes dropped EXE
-
\??\c:\nhhtnh.exec:\nhhtnh.exe49⤵
- Executes dropped EXE
-
\??\c:\bbtntn.exec:\bbtntn.exe50⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\jjvjp.exec:\jjvjp.exe52⤵
- Executes dropped EXE
-
\??\c:\7flxrrr.exec:\7flxrrr.exe53⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbthh.exec:\hbbthh.exe55⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe56⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe57⤵
- Executes dropped EXE
-
\??\c:\xrfxlfr.exec:\xrfxlfr.exe58⤵
- Executes dropped EXE
-
\??\c:\bhhthb.exec:\bhhthb.exe59⤵
- Executes dropped EXE
-
\??\c:\vpvjd.exec:\vpvjd.exe60⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe61⤵
- Executes dropped EXE
-
\??\c:\xxllrlf.exec:\xxllrlf.exe62⤵
- Executes dropped EXE
-
\??\c:\ffrfrfr.exec:\ffrfrfr.exe63⤵
- Executes dropped EXE
-
\??\c:\7nhnbb.exec:\7nhnbb.exe64⤵
- Executes dropped EXE
-
\??\c:\1vjpp.exec:\1vjpp.exe65⤵
- Executes dropped EXE
-
\??\c:\3jvjv.exec:\3jvjv.exe66⤵
-
\??\c:\rrfrlxx.exec:\rrfrlxx.exe67⤵
-
\??\c:\frllxfr.exec:\frllxfr.exe68⤵
-
\??\c:\tnbnht.exec:\tnbnht.exe69⤵
-
\??\c:\1ddjd.exec:\1ddjd.exe70⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe71⤵
-
\??\c:\djjvd.exec:\djjvd.exe72⤵
-
\??\c:\xlxrxxr.exec:\xlxrxxr.exe73⤵
-
\??\c:\fllfxrr.exec:\fllfxrr.exe74⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe75⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe76⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe77⤵
-
\??\c:\xlxfrfx.exec:\xlxfrfx.exe78⤵
-
\??\c:\fxxrfff.exec:\fxxrfff.exe79⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe80⤵
-
\??\c:\nbthhb.exec:\nbthhb.exe81⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe82⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe83⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe84⤵
-
\??\c:\ffllxrf.exec:\ffllxrf.exe85⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe86⤵
-
\??\c:\hbbnhb.exec:\hbbnhb.exe87⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe88⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe89⤵
-
\??\c:\7ffxlfx.exec:\7ffxlfx.exe90⤵
-
\??\c:\xfxrlfr.exec:\xfxrlfr.exe91⤵
-
\??\c:\htthbb.exec:\htthbb.exe92⤵
-
\??\c:\nhnhnb.exec:\nhnhnb.exe93⤵
-
\??\c:\jddjp.exec:\jddjp.exe94⤵
-
\??\c:\9pjdp.exec:\9pjdp.exe95⤵
-
\??\c:\rlfrfrl.exec:\rlfrfrl.exe96⤵
-
\??\c:\nntnhb.exec:\nntnhb.exe97⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe98⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe99⤵
-
\??\c:\3rfxlxl.exec:\3rfxlxl.exe100⤵
-
\??\c:\fxxrrlf.exec:\fxxrrlf.exe101⤵
-
\??\c:\9ntnbb.exec:\9ntnbb.exe102⤵
-
\??\c:\thbtbb.exec:\thbtbb.exe103⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe104⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe105⤵
-
\??\c:\fllfrrl.exec:\fllfrrl.exe106⤵
-
\??\c:\1llflfl.exec:\1llflfl.exe107⤵
-
\??\c:\tbtnbt.exec:\tbtnbt.exe108⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe109⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe110⤵
-
\??\c:\lxxrxfr.exec:\lxxrxfr.exe111⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe112⤵
-
\??\c:\vppjd.exec:\vppjd.exe113⤵
-
\??\c:\fxrfrfx.exec:\fxrfrfx.exe114⤵
-
\??\c:\lflffff.exec:\lflffff.exe115⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe116⤵
-
\??\c:\3bbtnn.exec:\3bbtnn.exe117⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe118⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe119⤵
-
\??\c:\lxlfrrr.exec:\lxlfrrr.exe120⤵
-
\??\c:\1bntnt.exec:\1bntnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-