Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
27/07/2024, 20:26
General
-
Target
0057f5981340c395f2aadb5470fdd417_JaffaCakes118.exe
-
Size
71KB
-
MD5
0057f5981340c395f2aadb5470fdd417
-
SHA1
938b64cd08a98e85e84c7833ec6b6f42df24eeca
-
SHA256
52fdb89aff0058aea86edb849145f59dfd1ad6cd418f92fa6288cef8e95b1583
-
SHA512
0da1626910f368be776b26dd4bb5598b865a5a600970f58d963164c26485c8471880438183aaebf817081ea15de2df41498cce0daa75be3855a529136e988baf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIuyldHinxpifW6WLT65W:ymb3NkkiQ3mdBjFIuyldH+keL+W
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0057f5981340c395f2aadb5470fdd417_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0057f5981340c395f2aadb5470fdd417_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\o840842.exec:\o840842.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\046022.exec:\046022.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48406.exec:\48406.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6024668.exec:\6024668.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c862842.exec:\c862842.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\620440.exec:\620440.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68482.exec:\68482.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8642884.exec:\8642884.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4480228.exec:\4480228.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g4002.exec:\g4002.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22662.exec:\22662.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2828828.exec:\2828828.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\624426.exec:\624426.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26802.exec:\26802.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s0486.exec:\s0486.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\460066.exec:\460066.exe17⤵
- Executes dropped EXE
-
\??\c:\22046.exec:\22046.exe18⤵
- Executes dropped EXE
-
\??\c:\88200.exec:\88200.exe19⤵
- Executes dropped EXE
-
\??\c:\8280628.exec:\8280628.exe20⤵
- Executes dropped EXE
-
\??\c:\282228.exec:\282228.exe21⤵
- Executes dropped EXE
-
\??\c:\62244.exec:\62244.exe22⤵
- Executes dropped EXE
-
\??\c:\6220600.exec:\6220600.exe23⤵
- Executes dropped EXE
-
\??\c:\664242.exec:\664242.exe24⤵
- Executes dropped EXE
-
\??\c:\44626.exec:\44626.exe25⤵
- Executes dropped EXE
-
\??\c:\i264808.exec:\i264808.exe26⤵
- Executes dropped EXE
-
\??\c:\8868620.exec:\8868620.exe27⤵
- Executes dropped EXE
-
\??\c:\680824.exec:\680824.exe28⤵
- Executes dropped EXE
-
\??\c:\84040.exec:\84040.exe29⤵
- Executes dropped EXE
-
\??\c:\400208.exec:\400208.exe30⤵
- Executes dropped EXE
-
\??\c:\8082648.exec:\8082648.exe31⤵
- Executes dropped EXE
-
\??\c:\824062.exec:\824062.exe32⤵
- Executes dropped EXE
-
\??\c:\24224.exec:\24224.exe33⤵
- Executes dropped EXE
-
\??\c:\0428466.exec:\0428466.exe34⤵
- Executes dropped EXE
-
\??\c:\0284668.exec:\0284668.exe35⤵
- Executes dropped EXE
-
\??\c:\226804.exec:\226804.exe36⤵
- Executes dropped EXE
-
\??\c:\604044.exec:\604044.exe37⤵
- Executes dropped EXE
-
\??\c:\m6886.exec:\m6886.exe38⤵
- Executes dropped EXE
-
\??\c:\o884482.exec:\o884482.exe39⤵
- Executes dropped EXE
-
\??\c:\4422406.exec:\4422406.exe40⤵
- Executes dropped EXE
-
\??\c:\k40068.exec:\k40068.exe41⤵
- Executes dropped EXE
-
\??\c:\60406.exec:\60406.exe42⤵
- Executes dropped EXE
-
\??\c:\4484646.exec:\4484646.exe43⤵
- Executes dropped EXE
-
\??\c:\0604448.exec:\0604448.exe44⤵
- Executes dropped EXE
-
\??\c:\w00280.exec:\w00280.exe45⤵
- Executes dropped EXE
-
\??\c:\28284.exec:\28284.exe46⤵
- Executes dropped EXE
-
\??\c:\28648.exec:\28648.exe47⤵
- Executes dropped EXE
-
\??\c:\0204666.exec:\0204666.exe48⤵
- Executes dropped EXE
-
\??\c:\420084.exec:\420084.exe49⤵
- Executes dropped EXE
-
\??\c:\40240.exec:\40240.exe50⤵
- Executes dropped EXE
-
\??\c:\6046886.exec:\6046886.exe51⤵
- Executes dropped EXE
-
\??\c:\8626006.exec:\8626006.exe52⤵
- Executes dropped EXE
-
\??\c:\048064.exec:\048064.exe53⤵
- Executes dropped EXE
-
\??\c:\06268.exec:\06268.exe54⤵
- Executes dropped EXE
-
\??\c:\86020.exec:\86020.exe55⤵
- Executes dropped EXE
-
\??\c:\u640242.exec:\u640242.exe56⤵
- Executes dropped EXE
-
\??\c:\602440.exec:\602440.exe57⤵
- Executes dropped EXE
-
\??\c:\28488.exec:\28488.exe58⤵
- Executes dropped EXE
-
\??\c:\6082682.exec:\6082682.exe59⤵
- Executes dropped EXE
-
\??\c:\8060860.exec:\8060860.exe60⤵
- Executes dropped EXE
-
\??\c:\622660.exec:\622660.exe61⤵
- Executes dropped EXE
-
\??\c:\60280.exec:\60280.exe62⤵
- Executes dropped EXE
-
\??\c:\40040.exec:\40040.exe63⤵
- Executes dropped EXE
-
\??\c:\6204006.exec:\6204006.exe64⤵
- Executes dropped EXE
-
\??\c:\6040282.exec:\6040282.exe65⤵
- Executes dropped EXE
-
\??\c:\466666.exec:\466666.exe66⤵
-
\??\c:\028804.exec:\028804.exe67⤵
-
\??\c:\066026.exec:\066026.exe68⤵
-
\??\c:\g4446.exec:\g4446.exe69⤵
-
\??\c:\86808.exec:\86808.exe70⤵
-
\??\c:\2062246.exec:\2062246.exe71⤵
-
\??\c:\2804600.exec:\2804600.exe72⤵
-
\??\c:\666486.exec:\666486.exe73⤵
-
\??\c:\480244.exec:\480244.exe74⤵
-
\??\c:\406066.exec:\406066.exe75⤵
-
\??\c:\44606.exec:\44606.exe76⤵
-
\??\c:\80666.exec:\80666.exe77⤵
-
\??\c:\8420468.exec:\8420468.exe78⤵
-
\??\c:\8244280.exec:\8244280.exe79⤵
-
\??\c:\6244062.exec:\6244062.exe80⤵
-
\??\c:\244460.exec:\244460.exe81⤵
-
\??\c:\446404.exec:\446404.exe82⤵
-
\??\c:\60842.exec:\60842.exe83⤵
-
\??\c:\62286.exec:\62286.exe84⤵
-
\??\c:\0866068.exec:\0866068.exe85⤵
-
\??\c:\0064482.exec:\0064482.exe86⤵
-
\??\c:\4802666.exec:\4802666.exe87⤵
-
\??\c:\466064.exec:\466064.exe88⤵
-
\??\c:\08068.exec:\08068.exe89⤵
-
\??\c:\6600224.exec:\6600224.exe90⤵
-
\??\c:\0604822.exec:\0604822.exe91⤵
-
\??\c:\406486.exec:\406486.exe92⤵
-
\??\c:\004842.exec:\004842.exe93⤵
-
\??\c:\004280.exec:\004280.exe94⤵
-
\??\c:\a2244.exec:\a2244.exe95⤵
-
\??\c:\28460.exec:\28460.exe96⤵
-
\??\c:\2886688.exec:\2886688.exe97⤵
-
\??\c:\4044448.exec:\4044448.exe98⤵
-
\??\c:\8084488.exec:\8084488.exe99⤵
-
\??\c:\642428.exec:\642428.exe100⤵
-
\??\c:\w44286.exec:\w44286.exe101⤵
-
\??\c:\800066.exec:\800066.exe102⤵
-
\??\c:\40002.exec:\40002.exe103⤵
-
\??\c:\84044.exec:\84044.exe104⤵
-
\??\c:\0084006.exec:\0084006.exe105⤵
-
\??\c:\660646.exec:\660646.exe106⤵
-
\??\c:\260640.exec:\260640.exe107⤵
-
\??\c:\260240.exec:\260240.exe108⤵
-
\??\c:\00422.exec:\00422.exe109⤵
-
\??\c:\6848482.exec:\6848482.exe110⤵
-
\??\c:\624064.exec:\624064.exe111⤵
-
\??\c:\642400.exec:\642400.exe112⤵
-
\??\c:\68222.exec:\68222.exe113⤵
-
\??\c:\28860.exec:\28860.exe114⤵
-
\??\c:\6006048.exec:\6006048.exe115⤵
-
\??\c:\o484224.exec:\o484224.exe116⤵
-
\??\c:\844868.exec:\844868.exe117⤵
-
\??\c:\k66004.exec:\k66004.exe118⤵
-
\??\c:\04842.exec:\04842.exe119⤵
-
\??\c:\6462806.exec:\6462806.exe120⤵
-
\??\c:\622482.exec:\622482.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-