Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
28-07-2024 00:49
General
-
Target
041667adfcb9e1fc858368972dd64415_JaffaCakes118.exe
-
Size
232KB
-
MD5
041667adfcb9e1fc858368972dd64415
-
SHA1
0020a43748a3524dfe3bb27d60737b01f3ba8a54
-
SHA256
e414315b3de7900b1fa8319b5529830faf67c2909ea2795441d1ab9906fc5dbd
-
SHA512
3618ffa8ff037165ba6383a77807ba73d567cf7e3989f180883f0fcc090cb99dbb05ceca9741e36fee8d179e6b136f3353d61c086de4899b487588da9f21e267
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31QNVrAIwsX:n3C9BRo7MlrWKo+l0r5wsX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\041667adfcb9e1fc858368972dd64415_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\041667adfcb9e1fc858368972dd64415_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhht.exec:\bhbhht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjd.exec:\ddvjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxxr.exec:\rrfxxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdd.exec:\vjpdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxfll.exec:\lrlxfll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhnn.exec:\bhnhnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrlfx.exec:\rlfrlfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttnt.exec:\thttnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvv.exec:\pvvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxxfx.exec:\rlxxxfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhhh.exec:\hthhhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpj.exec:\dddpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrllx.exec:\lrrrllx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtn.exec:\hthbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxxx.exec:\lffxxxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrllrr.exec:\3lrllrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnnb.exec:\ttnnnb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjv.exec:\vjvjv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frlxxl.exec:\1frlxxl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnb.exec:\bhhbnb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvv.exec:\dpvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\xrfxrrr.exec:\xrfxrrr.exe24⤵
- Executes dropped EXE
-
\??\c:\nnntnh.exec:\nnntnh.exe25⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe26⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe27⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe28⤵
- Executes dropped EXE
-
\??\c:\rxrlfxr.exec:\rxrlfxr.exe29⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe30⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe32⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe34⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe36⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\hnhbbb.exec:\hnhbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe39⤵
- Executes dropped EXE
-
\??\c:\lllfxrr.exec:\lllfxrr.exe40⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe41⤵
- Executes dropped EXE
-
\??\c:\thhhbt.exec:\thhhbt.exe42⤵
- Executes dropped EXE
-
\??\c:\bhhhbt.exec:\bhhhbt.exe43⤵
- Executes dropped EXE
-
\??\c:\pvvjp.exec:\pvvjp.exe44⤵
- Executes dropped EXE
-
\??\c:\3lflffx.exec:\3lflffx.exe45⤵
- Executes dropped EXE
-
\??\c:\thtnbt.exec:\thtnbt.exe46⤵
- Executes dropped EXE
-
\??\c:\httnhb.exec:\httnhb.exe47⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe48⤵
- Executes dropped EXE
-
\??\c:\ffxlxrf.exec:\ffxlxrf.exe49⤵
- Executes dropped EXE
-
\??\c:\lxfxllf.exec:\lxfxllf.exe50⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dpjvd.exec:\dpjvd.exe52⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe53⤵
- Executes dropped EXE
-
\??\c:\frrrlrl.exec:\frrrlrl.exe54⤵
- Executes dropped EXE
-
\??\c:\1tnhhb.exec:\1tnhhb.exe55⤵
- Executes dropped EXE
-
\??\c:\bhthtn.exec:\bhthtn.exe56⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\frfffrr.exec:\frfffrr.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhbth.exec:\nhhbth.exe59⤵
- Executes dropped EXE
-
\??\c:\nhhhtn.exec:\nhhhtn.exe60⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe61⤵
- Executes dropped EXE
-
\??\c:\lxffxxx.exec:\lxffxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\bbbhbb.exec:\bbbhbb.exe64⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\xlxlxlx.exec:\xlxlxlx.exe66⤵
-
\??\c:\nthbhb.exec:\nthbhb.exe67⤵
-
\??\c:\vppjv.exec:\vppjv.exe68⤵
-
\??\c:\lrlrlxx.exec:\lrlrlxx.exe69⤵
-
\??\c:\djdvj.exec:\djdvj.exe70⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe71⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe72⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe73⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe74⤵
-
\??\c:\rfllffx.exec:\rfllffx.exe75⤵
-
\??\c:\xxrrlll.exec:\xxrrlll.exe76⤵
-
\??\c:\bnthhh.exec:\bnthhh.exe77⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe78⤵
-
\??\c:\xfrlxrl.exec:\xfrlxrl.exe79⤵
-
\??\c:\nnhbhn.exec:\nnhbhn.exe80⤵
-
\??\c:\bbhttb.exec:\bbhttb.exe81⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe82⤵
-
\??\c:\xrfxrrr.exec:\xrfxrrr.exe83⤵
-
\??\c:\fxrllff.exec:\fxrllff.exe84⤵
-
\??\c:\nhhbnh.exec:\nhhbnh.exe85⤵
-
\??\c:\nhnbbb.exec:\nhnbbb.exe86⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe87⤵
-
\??\c:\lxxxxlr.exec:\lxxxxlr.exe88⤵
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe89⤵
-
\??\c:\tbhtbh.exec:\tbhtbh.exe90⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe91⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe92⤵
-
\??\c:\xxxxxxr.exec:\xxxxxxr.exe93⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe94⤵
-
\??\c:\btnnbt.exec:\btnnbt.exe95⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe96⤵
-
\??\c:\3ffxxrx.exec:\3ffxxrx.exe97⤵
-
\??\c:\ffrxrfl.exec:\ffrxrfl.exe98⤵
-
\??\c:\ttbhnh.exec:\ttbhnh.exe99⤵
-
\??\c:\tbhbbt.exec:\tbhbbt.exe100⤵
-
\??\c:\frrxlxf.exec:\frrxlxf.exe101⤵
-
\??\c:\bttbtt.exec:\bttbtt.exe102⤵
-
\??\c:\vjddj.exec:\vjddj.exe103⤵
-
\??\c:\jdddv.exec:\jdddv.exe104⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe105⤵
-
\??\c:\rrllrxx.exec:\rrllrxx.exe106⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe107⤵
-
\??\c:\hntttt.exec:\hntttt.exe108⤵
-
\??\c:\pdddp.exec:\pdddp.exe109⤵
-
\??\c:\vdddv.exec:\vdddv.exe110⤵
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe111⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe112⤵
-
\??\c:\9bhhbb.exec:\9bhhbb.exe113⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe114⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe115⤵
-
\??\c:\xrffxfl.exec:\xrffxfl.exe116⤵
-
\??\c:\lflxxlf.exec:\lflxxlf.exe117⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe118⤵
-
\??\c:\ppppp.exec:\ppppp.exe119⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe120⤵
-
\??\c:\lxxlllf.exec:\lxxlllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-