Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
27/07/2024, 23:45
General
-
Target
02c2e6a174e98ebf3cf4c2335e1179fa_JaffaCakes118.exe
-
Size
95KB
-
MD5
02c2e6a174e98ebf3cf4c2335e1179fa
-
SHA1
d141daef1610d075c5cf6f2d9f1773ce0a0dbae1
-
SHA256
2766a48ab490f4b8c03f745b0445b0e45301bc927e4cc8581eaf9de41d66b1d2
-
SHA512
4e48a8fa9b8d89d9aa3ce4ed8b73a0446b078f1112edf97b2f14fe8ee589d58e59e93b9a8336a7abdfac51fab59ab861673be72505e9dd2f27fc2aea0c6737c9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+mzv7oEzNcI2gxprr4H8YoC:ymb3NkkiQ3mdBjF+3TYzvTbrr4Hj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\02c2e6a174e98ebf3cf4c2335e1179fa_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\02c2e6a174e98ebf3cf4c2335e1179fa_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjjj.exec:\3pjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjv.exec:\9ppjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frxxrx.exec:\9frxxrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbbhh.exec:\3hbbhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djpv.exec:\3djpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rfxxff.exec:\9rfxxff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxffr.exec:\frrxffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hnntt.exec:\1hnntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnbh.exec:\bbnnbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vppv.exec:\3vppv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpv.exec:\pddpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxllx.exec:\frfxllx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrrll.exec:\fxfrrll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbttn.exec:\bnbttn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnbh.exec:\bhhnbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdj.exec:\jvjdj.exe17⤵
- Executes dropped EXE
-
\??\c:\3pjvj.exec:\3pjvj.exe18⤵
- Executes dropped EXE
-
\??\c:\9fxxffl.exec:\9fxxffl.exe19⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe20⤵
- Executes dropped EXE
-
\??\c:\tnhnnh.exec:\tnhnnh.exe21⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe22⤵
- Executes dropped EXE
-
\??\c:\3pvpv.exec:\3pvpv.exe23⤵
- Executes dropped EXE
-
\??\c:\bnhttt.exec:\bnhttt.exe24⤵
- Executes dropped EXE
-
\??\c:\9btbhh.exec:\9btbhh.exe25⤵
- Executes dropped EXE
-
\??\c:\nnbnhn.exec:\nnbnhn.exe26⤵
- Executes dropped EXE
-
\??\c:\dpdpp.exec:\dpdpp.exe27⤵
- Executes dropped EXE
-
\??\c:\fxfxlrl.exec:\fxfxlrl.exe28⤵
- Executes dropped EXE
-
\??\c:\lrfllxr.exec:\lrfllxr.exe29⤵
- Executes dropped EXE
-
\??\c:\btnttb.exec:\btnttb.exe30⤵
- Executes dropped EXE
-
\??\c:\tnthbb.exec:\tnthbb.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe32⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe33⤵
- Executes dropped EXE
-
\??\c:\lfllllr.exec:\lfllllr.exe34⤵
- Executes dropped EXE
-
\??\c:\7lxfrxl.exec:\7lxfrxl.exe35⤵
- Executes dropped EXE
-
\??\c:\bhbnhb.exec:\bhbnhb.exe36⤵
- Executes dropped EXE
-
\??\c:\btbbhn.exec:\btbbhn.exe37⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe38⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe39⤵
- Executes dropped EXE
-
\??\c:\lfrfrxf.exec:\lfrfrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\xlxxfxf.exec:\xlxxfxf.exe41⤵
- Executes dropped EXE
-
\??\c:\7xffrrr.exec:\7xffrrr.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhnbn.exec:\hbhnbn.exe43⤵
- Executes dropped EXE
-
\??\c:\5nbhnt.exec:\5nbhnt.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnbtb.exec:\hbnbtb.exe45⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe46⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe47⤵
- Executes dropped EXE
-
\??\c:\frrlxxx.exec:\frrlxxx.exe48⤵
- Executes dropped EXE
-
\??\c:\frrxllr.exec:\frrxllr.exe49⤵
- Executes dropped EXE
-
\??\c:\1fflxrf.exec:\1fflxrf.exe50⤵
- Executes dropped EXE
-
\??\c:\nhntht.exec:\nhntht.exe51⤵
- Executes dropped EXE
-
\??\c:\htttbt.exec:\htttbt.exe52⤵
- Executes dropped EXE
-
\??\c:\9hbbhn.exec:\9hbbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe54⤵
- Executes dropped EXE
-
\??\c:\1dpjp.exec:\1dpjp.exe55⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rlrlxxf.exec:\rlrlxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\frxflrx.exec:\frxflrx.exe58⤵
- Executes dropped EXE
-
\??\c:\lxfxlfl.exec:\lxfxlfl.exe59⤵
- Executes dropped EXE
-
\??\c:\tnbntt.exec:\tnbntt.exe60⤵
- Executes dropped EXE
-
\??\c:\9bntbh.exec:\9bntbh.exe61⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe62⤵
- Executes dropped EXE
-
\??\c:\7dppp.exec:\7dppp.exe63⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe64⤵
- Executes dropped EXE
-
\??\c:\7frxlll.exec:\7frxlll.exe65⤵
- Executes dropped EXE
-
\??\c:\lffrrxl.exec:\lffrrxl.exe66⤵
-
\??\c:\lrlrrxl.exec:\lrlrrxl.exe67⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe68⤵
-
\??\c:\tthbnb.exec:\tthbnb.exe69⤵
-
\??\c:\hthntt.exec:\hthntt.exe70⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe71⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe72⤵
-
\??\c:\vppvd.exec:\vppvd.exe73⤵
-
\??\c:\xxrrlrx.exec:\xxrrlrx.exe74⤵
-
\??\c:\fxrxffr.exec:\fxrxffr.exe75⤵
-
\??\c:\thbhth.exec:\thbhth.exe76⤵
-
\??\c:\3vvjd.exec:\3vvjd.exe77⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe78⤵
-
\??\c:\5thnth.exec:\5thnth.exe79⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe80⤵
-
\??\c:\rflllrx.exec:\rflllrx.exe81⤵
-
\??\c:\9thnbh.exec:\9thnbh.exe82⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe83⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe84⤵
-
\??\c:\rffllrf.exec:\rffllrf.exe85⤵
-
\??\c:\7btbhn.exec:\7btbhn.exe86⤵
-
\??\c:\frxxlfx.exec:\frxxlfx.exe87⤵
-
\??\c:\rllfrfl.exec:\rllfrfl.exe88⤵
-
\??\c:\btnntb.exec:\btnntb.exe89⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe90⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe91⤵
-
\??\c:\hbhnbn.exec:\hbhnbn.exe92⤵
-
\??\c:\rllrxxr.exec:\rllrxxr.exe93⤵
-
\??\c:\httbnn.exec:\httbnn.exe94⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe95⤵
-
\??\c:\lxlxffl.exec:\lxlxffl.exe96⤵
-
\??\c:\bntbhn.exec:\bntbhn.exe97⤵
-
\??\c:\5thhtb.exec:\5thhtb.exe98⤵
-
\??\c:\lfrxrrx.exec:\lfrxrrx.exe99⤵
-
\??\c:\9tnnhn.exec:\9tnnhn.exe100⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe101⤵
-
\??\c:\rflflfx.exec:\rflflfx.exe102⤵
-
\??\c:\tbbbnb.exec:\tbbbnb.exe103⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe104⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe105⤵
-
\??\c:\xfxfrxf.exec:\xfxfrxf.exe106⤵
-
\??\c:\hthnth.exec:\hthnth.exe107⤵
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe108⤵
-
\??\c:\ttnbtn.exec:\ttnbtn.exe109⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe110⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe111⤵
-
\??\c:\3lrrflx.exec:\3lrrflx.exe112⤵
-
\??\c:\llffxlx.exec:\llffxlx.exe113⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe114⤵
-
\??\c:\1bhtbn.exec:\1bhtbn.exe115⤵
-
\??\c:\pjddp.exec:\pjddp.exe116⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe117⤵
-
\??\c:\3lfrrxr.exec:\3lfrrxr.exe118⤵
-
\??\c:\rxrfxxr.exec:\rxrfxxr.exe119⤵
-
\??\c:\5nhnht.exec:\5nhnht.exe120⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-