Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
27/07/2024, 20:26
General
-
Target
0057f5981340c395f2aadb5470fdd417_JaffaCakes118.exe
-
Size
71KB
-
MD5
0057f5981340c395f2aadb5470fdd417
-
SHA1
938b64cd08a98e85e84c7833ec6b6f42df24eeca
-
SHA256
52fdb89aff0058aea86edb849145f59dfd1ad6cd418f92fa6288cef8e95b1583
-
SHA512
0da1626910f368be776b26dd4bb5598b865a5a600970f58d963164c26485c8471880438183aaebf817081ea15de2df41498cce0daa75be3855a529136e988baf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIuyldHinxpifW6WLT65W:ymb3NkkiQ3mdBjFIuyldH+keL+W
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0057f5981340c395f2aadb5470fdd417_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0057f5981340c395f2aadb5470fdd417_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflrff.exec:\xlflrff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvp.exec:\vvvvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrr.exec:\lffxrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhb.exec:\bbtnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttbb.exec:\hhttbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfrlx.exec:\lrrfrlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08606.exec:\08606.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxxxr.exec:\ffxxxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjv.exec:\5ppjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnn.exec:\nbbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8848822.exec:\8848822.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6484826.exec:\6484826.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\428800.exec:\428800.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\402226.exec:\402226.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvd.exec:\jjvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffffll.exec:\fffffll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i220066.exec:\i220066.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvv.exec:\vppvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrrxx.exec:\frrrrxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\248868.exec:\248868.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46220.exec:\46220.exe23⤵
- Executes dropped EXE
-
\??\c:\c260444.exec:\c260444.exe24⤵
- Executes dropped EXE
-
\??\c:\402460.exec:\402460.exe25⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe26⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe27⤵
- Executes dropped EXE
-
\??\c:\lxflrxf.exec:\lxflrxf.exe28⤵
- Executes dropped EXE
-
\??\c:\44806.exec:\44806.exe29⤵
- Executes dropped EXE
-
\??\c:\xxxxlfx.exec:\xxxxlfx.exe30⤵
- Executes dropped EXE
-
\??\c:\4242222.exec:\4242222.exe31⤵
- Executes dropped EXE
-
\??\c:\288688.exec:\288688.exe32⤵
- Executes dropped EXE
-
\??\c:\u444608.exec:\u444608.exe33⤵
- Executes dropped EXE
-
\??\c:\w68660.exec:\w68660.exe34⤵
- Executes dropped EXE
-
\??\c:\8848280.exec:\8848280.exe35⤵
- Executes dropped EXE
-
\??\c:\0424002.exec:\0424002.exe36⤵
- Executes dropped EXE
-
\??\c:\684822.exec:\684822.exe37⤵
- Executes dropped EXE
-
\??\c:\2080008.exec:\2080008.exe38⤵
- Executes dropped EXE
-
\??\c:\6848260.exec:\6848260.exe39⤵
- Executes dropped EXE
-
\??\c:\flrrrrr.exec:\flrrrrr.exe40⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe41⤵
- Executes dropped EXE
-
\??\c:\4466000.exec:\4466000.exe42⤵
- Executes dropped EXE
-
\??\c:\8222844.exec:\8222844.exe43⤵
- Executes dropped EXE
-
\??\c:\o022266.exec:\o022266.exe44⤵
- Executes dropped EXE
-
\??\c:\g8048.exec:\g8048.exe45⤵
- Executes dropped EXE
-
\??\c:\860806.exec:\860806.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrxlfx.exec:\xrrxlfx.exe47⤵
- Executes dropped EXE
-
\??\c:\82444.exec:\82444.exe48⤵
- Executes dropped EXE
-
\??\c:\i660800.exec:\i660800.exe49⤵
- Executes dropped EXE
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe50⤵
- Executes dropped EXE
-
\??\c:\44662.exec:\44662.exe51⤵
- Executes dropped EXE
-
\??\c:\080044.exec:\080044.exe52⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbntn.exec:\tnbntn.exe54⤵
- Executes dropped EXE
-
\??\c:\jjjvp.exec:\jjjvp.exe55⤵
- Executes dropped EXE
-
\??\c:\htnnbn.exec:\htnnbn.exe56⤵
- Executes dropped EXE
-
\??\c:\62442.exec:\62442.exe57⤵
- Executes dropped EXE
-
\??\c:\lrrfxxx.exec:\lrrfxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\7pppj.exec:\7pppj.exe59⤵
- Executes dropped EXE
-
\??\c:\thbbhh.exec:\thbbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\40260.exec:\40260.exe61⤵
- Executes dropped EXE
-
\??\c:\068826.exec:\068826.exe62⤵
- Executes dropped EXE
-
\??\c:\442484.exec:\442484.exe63⤵
- Executes dropped EXE
-
\??\c:\042666.exec:\042666.exe64⤵
- Executes dropped EXE
-
\??\c:\86480.exec:\86480.exe65⤵
- Executes dropped EXE
-
\??\c:\0204204.exec:\0204204.exe66⤵
-
\??\c:\w44482.exec:\w44482.exe67⤵
-
\??\c:\a0848.exec:\a0848.exe68⤵
-
\??\c:\lllxxrx.exec:\lllxxrx.exe69⤵
-
\??\c:\u222266.exec:\u222266.exe70⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe71⤵
-
\??\c:\04044.exec:\04044.exe72⤵
-
\??\c:\5hhbtt.exec:\5hhbtt.exe73⤵
-
\??\c:\0802480.exec:\0802480.exe74⤵
-
\??\c:\646660.exec:\646660.exe75⤵
-
\??\c:\6620000.exec:\6620000.exe76⤵
-
\??\c:\i244040.exec:\i244040.exe77⤵
-
\??\c:\40666.exec:\40666.exe78⤵
-
\??\c:\0822686.exec:\0822686.exe79⤵
-
\??\c:\0000448.exec:\0000448.exe80⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe81⤵
-
\??\c:\q42628.exec:\q42628.exe82⤵
-
\??\c:\7ddpj.exec:\7ddpj.exe83⤵
-
\??\c:\4044666.exec:\4044666.exe84⤵
-
\??\c:\60886.exec:\60886.exe85⤵
-
\??\c:\rflfflf.exec:\rflfflf.exe86⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe87⤵
-
\??\c:\9djdd.exec:\9djdd.exe88⤵
-
\??\c:\9nbthb.exec:\9nbthb.exe89⤵
-
\??\c:\ddddd.exec:\ddddd.exe90⤵
-
\??\c:\rxrxfxf.exec:\rxrxfxf.exe91⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe92⤵
-
\??\c:\jvddv.exec:\jvddv.exe93⤵
-
\??\c:\646844.exec:\646844.exe94⤵
-
\??\c:\6004822.exec:\6004822.exe95⤵
-
\??\c:\8282444.exec:\8282444.exe96⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe97⤵
-
\??\c:\9pvdd.exec:\9pvdd.exe98⤵
-
\??\c:\6226044.exec:\6226044.exe99⤵
-
\??\c:\42804.exec:\42804.exe100⤵
-
\??\c:\4840482.exec:\4840482.exe101⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe102⤵
-
\??\c:\3vvpv.exec:\3vvpv.exe103⤵
-
\??\c:\bhbbbt.exec:\bhbbbt.exe104⤵
-
\??\c:\8864468.exec:\8864468.exe105⤵
-
\??\c:\882628.exec:\882628.exe106⤵
-
\??\c:\lxxffxx.exec:\lxxffxx.exe107⤵
-
\??\c:\886000.exec:\886000.exe108⤵
-
\??\c:\06444.exec:\06444.exe109⤵
-
\??\c:\ntnbth.exec:\ntnbth.exe110⤵
-
\??\c:\xlfrrlf.exec:\xlfrrlf.exe111⤵
-
\??\c:\886468.exec:\886468.exe112⤵
-
\??\c:\484046.exec:\484046.exe113⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe114⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe115⤵
-
\??\c:\c844262.exec:\c844262.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tbhhtt.exec:\tbhhtt.exe117⤵
-
\??\c:\7vvpd.exec:\7vvpd.exe118⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe119⤵
-
\??\c:\dddpd.exec:\dddpd.exe120⤵
-
\??\c:\k06004.exec:\k06004.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-