Analysis
-
max time kernel
17s -
max time network
21s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
27/07/2024, 23:13
General
-
Target
0230d789b924c8467e76058f2baff7f0_JaffaCakes118.exe
-
Size
117KB
-
MD5
0230d789b924c8467e76058f2baff7f0
-
SHA1
c65b4ee86c022c1213ceeacee04ade433edd4339
-
SHA256
1b38713a9aa5fcd6c2798d87bdebded8e0e3810d2fbccedbc4b477ecd7bd6d08
-
SHA512
328419ccccc0e376ebf724db4917207f19326ba16b918f03a9edf2edb92bcb60c10b534ae892c3eb7dc433e8b43114e8fcffcc298af3bc354f3ccd4d0e8b6d6c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX93s7:n3C9BRW0j/uVEZFFs7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0230d789b924c8467e76058f2baff7f0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0230d789b924c8467e76058f2baff7f0_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjpp.exec:\9pjpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpvd.exec:\1vpvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxfrx.exec:\xrlxfrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflffxr.exec:\xflffxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhth.exec:\7nbhth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlfxr.exec:\xxxlfxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffxrr.exec:\xxffxrr.exe9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnbh.exec:\thbnbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbbhn.exec:\9hbbhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxlrr.exec:\fffxlrr.exe13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxlrx.exec:\xxlxlrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bthnn.exec:\7bthnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnbh.exec:\nnnnbh.exe16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjd.exec:\jpjjd.exe17⤵
- Executes dropped EXE
-
\??\c:\pvjvv.exec:\pvjvv.exe18⤵
- Executes dropped EXE
-
\??\c:\flxrfrr.exec:\flxrfrr.exe19⤵
- Executes dropped EXE
-
\??\c:\hhhnnt.exec:\hhhnnt.exe20⤵
- Executes dropped EXE
-
\??\c:\bbhnnh.exec:\bbhnnh.exe21⤵
- Executes dropped EXE
-
\??\c:\9ppdv.exec:\9ppdv.exe22⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe23⤵
- Executes dropped EXE
-
\??\c:\ffxfrxl.exec:\ffxfrxl.exe24⤵
- Executes dropped EXE
-
\??\c:\llffrxl.exec:\llffrxl.exe25⤵
- Executes dropped EXE
-
\??\c:\bbtbtb.exec:\bbtbtb.exe26⤵
- Executes dropped EXE
-
\??\c:\bbnhtb.exec:\bbnhtb.exe27⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe28⤵
- Executes dropped EXE
-
\??\c:\3xfrxrx.exec:\3xfrxrx.exe29⤵
- Executes dropped EXE
-
\??\c:\ttttnt.exec:\ttttnt.exe30⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe32⤵
- Executes dropped EXE
-
\??\c:\3llrxfx.exec:\3llrxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\bhthtn.exec:\bhthtn.exe34⤵
- Executes dropped EXE
-
\??\c:\9bhhth.exec:\9bhhth.exe35⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe37⤵
- Executes dropped EXE
-
\??\c:\9ffrlxr.exec:\9ffrlxr.exe38⤵
- Executes dropped EXE
-
\??\c:\7xxlxfr.exec:\7xxlxfr.exe39⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\tnbbnh.exec:\tnbbnh.exe41⤵
- Executes dropped EXE
-
\??\c:\1hhbtb.exec:\1hhbtb.exe42⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\5jpvd.exec:\5jpvd.exe43⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe44⤵
- Executes dropped EXE
-
\??\c:\3fxlxlx.exec:\3fxlxlx.exe45⤵
- Executes dropped EXE
-
\??\c:\3lxlrfx.exec:\3lxlrfx.exe46⤵
- Executes dropped EXE
-
\??\c:\1lrflxx.exec:\1lrflxx.exe47⤵
- Executes dropped EXE
-
\??\c:\bnbtbn.exec:\bnbtbn.exe48⤵
- Executes dropped EXE
-
\??\c:\bhhtnh.exec:\bhhtnh.exe49⤵
- Executes dropped EXE
-
\??\c:\nnbtnh.exec:\nnbtnh.exe50⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe51⤵
- Executes dropped EXE
-
\??\c:\1jppv.exec:\1jppv.exe52⤵
- Executes dropped EXE
-
\??\c:\5lxrlff.exec:\5lxrlff.exe53⤵
- Executes dropped EXE
-
\??\c:\xxxlffr.exec:\xxxlffr.exe54⤵
- Executes dropped EXE
-
\??\c:\1bhtnh.exec:\1bhtnh.exe55⤵
- Executes dropped EXE
-
\??\c:\ntbbnt.exec:\ntbbnt.exe56⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe57⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe58⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe59⤵
- Executes dropped EXE
-
\??\c:\9dpdj.exec:\9dpdj.exe60⤵
- Executes dropped EXE
-
\??\c:\7fxxflf.exec:\7fxxflf.exe61⤵
- Executes dropped EXE
-
\??\c:\xxrfrxx.exec:\xxrfrxx.exe62⤵
- Executes dropped EXE
-
\??\c:\fxxfxrl.exec:\fxxfxrl.exe63⤵
- Executes dropped EXE
-
\??\c:\bbhtnb.exec:\bbhtnb.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbnbh.exec:\tnbnbh.exe65⤵
- Executes dropped EXE
-
\??\c:\9bnthn.exec:\9bnthn.exe66⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe67⤵
-
\??\c:\rlrxlrx.exec:\rlrxlrx.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\llflflx.exec:\llflflx.exe69⤵
-
\??\c:\hhhnnt.exec:\hhhnnt.exe70⤵
-
\??\c:\hnhnbh.exec:\hnhnbh.exe71⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe72⤵
-
\??\c:\ppppd.exec:\ppppd.exe73⤵
-
\??\c:\jppvv.exec:\jppvv.exe74⤵
-
\??\c:\lfrxffx.exec:\lfrxffx.exe75⤵
-
\??\c:\rfxrffr.exec:\rfxrffr.exe76⤵
-
\??\c:\xrfxlxx.exec:\xrfxlxx.exe77⤵
-
\??\c:\5bbtbb.exec:\5bbtbb.exe78⤵
-
\??\c:\9bbnbb.exec:\9bbnbb.exe79⤵
-
\??\c:\hhtnth.exec:\hhtnth.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddvjv.exec:\ddvjv.exe81⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe82⤵
-
\??\c:\7rffffr.exec:\7rffffr.exe83⤵
-
\??\c:\llxflrf.exec:\llxflrf.exe84⤵
-
\??\c:\3xrfrfx.exec:\3xrfrfx.exe85⤵
-
\??\c:\tbthnn.exec:\tbthnn.exe86⤵
-
\??\c:\nnnhth.exec:\nnnhth.exe87⤵
-
\??\c:\3hbhtt.exec:\3hbhtt.exe88⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe89⤵
-
\??\c:\dvppd.exec:\dvppd.exe90⤵
-
\??\c:\fllflff.exec:\fllflff.exe91⤵
-
\??\c:\ffrfrxx.exec:\ffrfrxx.exe92⤵
-
\??\c:\3fxfrxl.exec:\3fxfrxl.exe93⤵
-
\??\c:\5bbhtb.exec:\5bbhtb.exe94⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe95⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe96⤵
-
\??\c:\1jdvv.exec:\1jdvv.exe97⤵
-
\??\c:\djppp.exec:\djppp.exe98⤵
-
\??\c:\xxxxrfr.exec:\xxxxrfr.exe99⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe100⤵
-
\??\c:\lrfxxrl.exec:\lrfxxrl.exe101⤵
-
\??\c:\tbtnht.exec:\tbtnht.exe102⤵
-
\??\c:\hhthth.exec:\hhthth.exe103⤵
-
\??\c:\9vjdv.exec:\9vjdv.exe104⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xxrllrr.exec:\xxrllrr.exe106⤵
-
\??\c:\rlxlxfl.exec:\rlxlxfl.exe107⤵
-
\??\c:\frffllr.exec:\frffllr.exe108⤵
-
\??\c:\htnnbh.exec:\htnnbh.exe109⤵
-
\??\c:\ntnttb.exec:\ntnttb.exe110⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe111⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe112⤵
-
\??\c:\7fxflrl.exec:\7fxflrl.exe113⤵
-
\??\c:\1ffrfrl.exec:\1ffrfrl.exe114⤵
-
\??\c:\fxxfxrr.exec:\fxxfxrr.exe115⤵
-
\??\c:\tnbnbh.exec:\tnbnbh.exe116⤵
-
\??\c:\ttthbn.exec:\ttthbn.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9vjjp.exec:\9vjjp.exe118⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe119⤵
-
\??\c:\ffllffr.exec:\ffllffr.exe120⤵
-
\??\c:\ffxlxlf.exec:\ffxlxlf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-