Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
27-07-2024 20:19
General
-
Target
0036abd78b5af4b6a0a098a2d7a15a0b_JaffaCakes118.exe
-
Size
94KB
-
MD5
0036abd78b5af4b6a0a098a2d7a15a0b
-
SHA1
46d3f939be654b6f8b25b895488211be4af6d163
-
SHA256
7439c7685be9b079e1045f93c6c5b82141edb439369b5bb24a1cf8158afab965
-
SHA512
f9aa606eb5d590ec465d86590e5a17ff4cd97f0509fa1943ae13720ca017edba67fdb5ed2b2765e86878903d4c1d73cb2a14254ac44c230de912a6620d4b28c3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+mzv7oEzNcI2gxprr4H8You:ymb3NkkiQ3mdBjF+3TYzvTbrr4H/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0036abd78b5af4b6a0a098a2d7a15a0b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0036abd78b5af4b6a0a098a2d7a15a0b_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\6220220.exec:\6220220.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtbt.exec:\bnbtbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxlfff.exec:\1xxlfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44000.exec:\44000.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbn.exec:\hbhhbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxff.exec:\frlfxff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\06604.exec:\06604.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlllx.exec:\lfrlllx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s4082.exec:\s4082.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8422288.exec:\8422288.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6602800.exec:\6602800.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttbh.exec:\hnttbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88044.exec:\88044.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffffll.exec:\fffffll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6422802.exec:\6422802.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\088482.exec:\088482.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffffx.exec:\xlffffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\66088.exec:\66088.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdj.exec:\jpjdj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\864400.exec:\864400.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\266486.exec:\266486.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\02642.exec:\02642.exe23⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe24⤵
- Executes dropped EXE
-
\??\c:\lrxrrrx.exec:\lrxrrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\20664.exec:\20664.exe26⤵
- Executes dropped EXE
-
\??\c:\46426.exec:\46426.exe27⤵
- Executes dropped EXE
-
\??\c:\5lfxrrl.exec:\5lfxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\bbbtbb.exec:\bbbtbb.exe29⤵
- Executes dropped EXE
-
\??\c:\rrlfxfx.exec:\rrlfxfx.exe30⤵
- Executes dropped EXE
-
\??\c:\o886042.exec:\o886042.exe31⤵
- Executes dropped EXE
-
\??\c:\2222268.exec:\2222268.exe32⤵
- Executes dropped EXE
-
\??\c:\6008820.exec:\6008820.exe33⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe34⤵
- Executes dropped EXE
-
\??\c:\m0826.exec:\m0826.exe35⤵
- Executes dropped EXE
-
\??\c:\088042.exec:\088042.exe36⤵
- Executes dropped EXE
-
\??\c:\842824.exec:\842824.exe37⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\000240.exec:\000240.exe39⤵
- Executes dropped EXE
-
\??\c:\64046.exec:\64046.exe40⤵
- Executes dropped EXE
-
\??\c:\668228.exec:\668228.exe41⤵
- Executes dropped EXE
-
\??\c:\o622288.exec:\o622288.exe42⤵
- Executes dropped EXE
-
\??\c:\nnnnbb.exec:\nnnnbb.exe43⤵
- Executes dropped EXE
-
\??\c:\68260.exec:\68260.exe44⤵
- Executes dropped EXE
-
\??\c:\26026.exec:\26026.exe45⤵
- Executes dropped EXE
-
\??\c:\26600.exec:\26600.exe46⤵
- Executes dropped EXE
-
\??\c:\024840.exec:\024840.exe47⤵
- Executes dropped EXE
-
\??\c:\864084.exec:\864084.exe48⤵
- Executes dropped EXE
-
\??\c:\xrflfll.exec:\xrflfll.exe49⤵
- Executes dropped EXE
-
\??\c:\8406284.exec:\8406284.exe50⤵
- Executes dropped EXE
-
\??\c:\nbbbtn.exec:\nbbbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\646886.exec:\646886.exe52⤵
- Executes dropped EXE
-
\??\c:\288600.exec:\288600.exe53⤵
- Executes dropped EXE
-
\??\c:\2004888.exec:\2004888.exe54⤵
- Executes dropped EXE
-
\??\c:\bbhnhn.exec:\bbhnhn.exe55⤵
- Executes dropped EXE
-
\??\c:\2686648.exec:\2686648.exe56⤵
- Executes dropped EXE
-
\??\c:\80448.exec:\80448.exe57⤵
- Executes dropped EXE
-
\??\c:\o626666.exec:\o626666.exe58⤵
- Executes dropped EXE
-
\??\c:\2486880.exec:\2486880.exe59⤵
- Executes dropped EXE
-
\??\c:\xrrlfff.exec:\xrrlfff.exe60⤵
- Executes dropped EXE
-
\??\c:\s4600.exec:\s4600.exe61⤵
- Executes dropped EXE
-
\??\c:\httttb.exec:\httttb.exe62⤵
- Executes dropped EXE
-
\??\c:\46844.exec:\46844.exe63⤵
- Executes dropped EXE
-
\??\c:\1nbttb.exec:\1nbttb.exe64⤵
- Executes dropped EXE
-
\??\c:\0482488.exec:\0482488.exe65⤵
- Executes dropped EXE
-
\??\c:\828200.exec:\828200.exe66⤵
-
\??\c:\flrrlff.exec:\flrrlff.exe67⤵
- System Location Discovery: System Language Discovery
-
\??\c:\s281f.exec:\s281f.exe68⤵
-
\??\c:\6862428.exec:\6862428.exe69⤵
-
\??\c:\62000.exec:\62000.exe70⤵
-
\??\c:\4446846.exec:\4446846.exe71⤵
-
\??\c:\000486.exec:\000486.exe72⤵
-
\??\c:\lflxrrr.exec:\lflxrrr.exe73⤵
-
\??\c:\s2660.exec:\s2660.exe74⤵
-
\??\c:\jvddj.exec:\jvddj.exe75⤵
-
\??\c:\048284.exec:\048284.exe76⤵
-
\??\c:\9pvvp.exec:\9pvvp.exe77⤵
-
\??\c:\680288.exec:\680288.exe78⤵
-
\??\c:\frlxrxl.exec:\frlxrxl.exe79⤵
-
\??\c:\bnhnnh.exec:\bnhnnh.exe80⤵
-
\??\c:\680084.exec:\680084.exe81⤵
-
\??\c:\5lxrxxl.exec:\5lxrxxl.exe82⤵
-
\??\c:\rflfxfx.exec:\rflfxfx.exe83⤵
-
\??\c:\684820.exec:\684820.exe84⤵
-
\??\c:\006082.exec:\006082.exe85⤵
-
\??\c:\bhhhhn.exec:\bhhhhn.exe86⤵
-
\??\c:\bhbtht.exec:\bhbtht.exe87⤵
-
\??\c:\xxffflf.exec:\xxffflf.exe88⤵
-
\??\c:\frllffx.exec:\frllffx.exe89⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe90⤵
-
\??\c:\62808.exec:\62808.exe91⤵
-
\??\c:\22442.exec:\22442.exe92⤵
-
\??\c:\8428028.exec:\8428028.exe93⤵
-
\??\c:\fffxrff.exec:\fffxrff.exe94⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe95⤵
-
\??\c:\8424846.exec:\8424846.exe96⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe97⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe98⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe99⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe100⤵
-
\??\c:\lflllrf.exec:\lflllrf.exe101⤵
-
\??\c:\9flfxrr.exec:\9flfxrr.exe102⤵
-
\??\c:\ntnbhh.exec:\ntnbhh.exe103⤵
-
\??\c:\66262.exec:\66262.exe104⤵
-
\??\c:\fffrllr.exec:\fffrllr.exe105⤵
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe106⤵
-
\??\c:\2680202.exec:\2680202.exe107⤵
-
\??\c:\402842.exec:\402842.exe108⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe109⤵
-
\??\c:\w04404.exec:\w04404.exe110⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe111⤵
-
\??\c:\268844.exec:\268844.exe112⤵
-
\??\c:\006420.exec:\006420.exe113⤵
-
\??\c:\xlrrxfl.exec:\xlrrxfl.exe114⤵
-
\??\c:\rxxxlrf.exec:\rxxxlrf.exe115⤵
-
\??\c:\xrllfrl.exec:\xrllfrl.exe116⤵
-
\??\c:\66284.exec:\66284.exe117⤵
-
\??\c:\422426.exec:\422426.exe118⤵
-
\??\c:\nbhntb.exec:\nbhntb.exe119⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe120⤵
-
\??\c:\888848.exec:\888848.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-