Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08/07/2024, 16:29
General
-
Target
2d07110c0b2e0348f7337c112e3f932f_JaffaCakes118.exe
-
Size
53KB
-
MD5
2d07110c0b2e0348f7337c112e3f932f
-
SHA1
c874e8021b789dc3a91efca317fc7cf738af9bf1
-
SHA256
ae769ed0e816e1286f549227fffcb782c94df5dc9f98ec24292b41d91e6ae3ff
-
SHA512
d4cf29f9839fcf75ac11ed7dbc9d966383a31839c02540056f1b369dd02993b81dbc8471fd0400be6d5a711f6399621536236b76f677d6b8b92f7eb72ccc0871
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDod5Rb:ymb3NkkiQ3mdBjFod5V
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d07110c0b2e0348f7337c112e3f932f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2d07110c0b2e0348f7337c112e3f932f_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxxfx.exec:\frfxxfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdd.exec:\dvpdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxxrf.exec:\xlxxxrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhnh.exec:\tthhnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrfll.exec:\rffrfll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvv.exec:\vddvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbb.exec:\bthbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlfxl.exec:\lxrlfxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttht.exec:\nnttht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrrrl.exec:\ffxrrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttt.exec:\btbttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjj.exec:\dpvjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrlrlr.exec:\7xrlrlr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthnb.exec:\btthnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpvj.exec:\jjpvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlfrl.exec:\lrrlfrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhnn.exec:\thhhnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjp.exec:\jppjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffxxr.exec:\xlffxxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthtn.exec:\hhthtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfffl.exec:\fllfffl.exe23⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe24⤵
- Executes dropped EXE
-
\??\c:\xllfffl.exec:\xllfffl.exe25⤵
- Executes dropped EXE
-
\??\c:\hnhhtb.exec:\hnhhtb.exe26⤵
- Executes dropped EXE
-
\??\c:\fxxfrff.exec:\fxxfrff.exe27⤵
- Executes dropped EXE
-
\??\c:\1tbnhh.exec:\1tbnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\vdjvv.exec:\vdjvv.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\lflflxx.exec:\lflflxx.exe32⤵
- Executes dropped EXE
-
\??\c:\btbtbt.exec:\btbtbt.exe33⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe34⤵
- Executes dropped EXE
-
\??\c:\3lxxxfx.exec:\3lxxxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\3xxllfr.exec:\3xxllfr.exe36⤵
- Executes dropped EXE
-
\??\c:\hntnbh.exec:\hntnbh.exe37⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\rrxfrlx.exec:\rrxfrlx.exe39⤵
- Executes dropped EXE
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe40⤵
- Executes dropped EXE
-
\??\c:\3tthhn.exec:\3tthhn.exe41⤵
- Executes dropped EXE
-
\??\c:\lfrlrxx.exec:\lfrlrxx.exe42⤵
- Executes dropped EXE
-
\??\c:\7bhnbb.exec:\7bhnbb.exe43⤵
- Executes dropped EXE
-
\??\c:\djdvv.exec:\djdvv.exe44⤵
- Executes dropped EXE
-
\??\c:\lrfxffr.exec:\lrfxffr.exe45⤵
- Executes dropped EXE
-
\??\c:\hnbthn.exec:\hnbthn.exe46⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe47⤵
- Executes dropped EXE
-
\??\c:\lxllfrf.exec:\lxllfrf.exe48⤵
- Executes dropped EXE
-
\??\c:\hbnbbb.exec:\hbnbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\bbbttn.exec:\bbbttn.exe50⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe51⤵
- Executes dropped EXE
-
\??\c:\ffrflrx.exec:\ffrflrx.exe52⤵
- Executes dropped EXE
-
\??\c:\3tnnbt.exec:\3tnnbt.exe53⤵
- Executes dropped EXE
-
\??\c:\jpdjv.exec:\jpdjv.exe54⤵
- Executes dropped EXE
-
\??\c:\xlxlxfr.exec:\xlxlxfr.exe55⤵
- Executes dropped EXE
-
\??\c:\nbtbtt.exec:\nbtbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe57⤵
- Executes dropped EXE
-
\??\c:\fxxrlll.exec:\fxxrlll.exe58⤵
- Executes dropped EXE
-
\??\c:\rfrlxlx.exec:\rfrlxlx.exe59⤵
- Executes dropped EXE
-
\??\c:\5lxxfxf.exec:\5lxxfxf.exe60⤵
- Executes dropped EXE
-
\??\c:\vdvdv.exec:\vdvdv.exe61⤵
- Executes dropped EXE
-
\??\c:\rxxlxlr.exec:\rxxlxlr.exe62⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe63⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe64⤵
- Executes dropped EXE
-
\??\c:\flrrrxf.exec:\flrrrxf.exe65⤵
- Executes dropped EXE
-
\??\c:\bbhnnn.exec:\bbhnnn.exe66⤵
-
\??\c:\nbnnbn.exec:\nbnnbn.exe67⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe68⤵
-
\??\c:\xrrffll.exec:\xrrffll.exe69⤵
-
\??\c:\thhnth.exec:\thhnth.exe70⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe71⤵
-
\??\c:\lrlxlfr.exec:\lrlxlfr.exe72⤵
-
\??\c:\bbbhht.exec:\bbbhht.exe73⤵
-
\??\c:\hhtnbh.exec:\hhtnbh.exe74⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe75⤵
-
\??\c:\rffrlxr.exec:\rffrlxr.exe76⤵
-
\??\c:\lllrrlf.exec:\lllrrlf.exe77⤵
-
\??\c:\tbbbnt.exec:\tbbbnt.exe78⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe79⤵
-
\??\c:\rlxrrxf.exec:\rlxrrxf.exe80⤵
-
\??\c:\llllffx.exec:\llllffx.exe81⤵
-
\??\c:\bbbbhh.exec:\bbbbhh.exe82⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe83⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe84⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe85⤵
-
\??\c:\lrlfrxl.exec:\lrlfrxl.exe86⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe87⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe88⤵
-
\??\c:\rfflffx.exec:\rfflffx.exe89⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe90⤵
-
\??\c:\ddppj.exec:\ddppj.exe91⤵
-
\??\c:\xxllrxf.exec:\xxllrxf.exe92⤵
-
\??\c:\hnnhnh.exec:\hnnhnh.exe93⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe94⤵
-
\??\c:\xlrrflf.exec:\xlrrflf.exe95⤵
-
\??\c:\hhbthb.exec:\hhbthb.exe96⤵
-
\??\c:\bthtnn.exec:\bthtnn.exe97⤵
-
\??\c:\pvpvd.exec:\pvpvd.exe98⤵
-
\??\c:\rxllxfr.exec:\rxllxfr.exe99⤵
-
\??\c:\nbhttb.exec:\nbhttb.exe100⤵
-
\??\c:\djppv.exec:\djppv.exe101⤵
-
\??\c:\fxfllrx.exec:\fxfllrx.exe102⤵
-
\??\c:\rxfrrrx.exec:\rxfrrrx.exe103⤵
-
\??\c:\bhtnhn.exec:\bhtnhn.exe104⤵
-
\??\c:\llrxfll.exec:\llrxfll.exe105⤵
-
\??\c:\lfrxrxr.exec:\lfrxrxr.exe106⤵
-
\??\c:\nttnnh.exec:\nttnnh.exe107⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe108⤵
-
\??\c:\rrlxxxr.exec:\rrlxxxr.exe109⤵
-
\??\c:\rxxlrlr.exec:\rxxlrlr.exe110⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe111⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe112⤵
-
\??\c:\xlxlffr.exec:\xlxlffr.exe113⤵
-
\??\c:\lffrrlx.exec:\lffrrlx.exe114⤵
-
\??\c:\tbhbnt.exec:\tbhbnt.exe115⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe116⤵
-
\??\c:\rrxffxr.exec:\rrxffxr.exe117⤵
-
\??\c:\3rxxxff.exec:\3rxxxff.exe118⤵
-
\??\c:\bbbtbh.exec:\bbbtbh.exe119⤵
-
\??\c:\vjddj.exec:\vjddj.exe120⤵
-
\??\c:\lfrxffx.exec:\lfrxffx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-