Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
28-07-2024 00:33
General
-
Target
03bd58e83831d9d25b02177e0fcc383e_JaffaCakes118.exe
-
Size
103KB
-
MD5
03bd58e83831d9d25b02177e0fcc383e
-
SHA1
ba027fc61ab677572d20b028a3d99e0b68763a98
-
SHA256
50fd2f67f428bccf1370a93aace3afb670c216ef37c39de09e630947902c974b
-
SHA512
020012df443f96caa3e11819c8b73c866a4d1f7a2a8ca9183db485566f320d684375df2d2d885ab3f62f4da6a215dff72e81d98c2fc5933eeb63abdb639395a6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2lmf6g7xifKhLdEH:ymb3NkkiQ3mdBjF+3TU20LifKhLY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\03bd58e83831d9d25b02177e0fcc383e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\03bd58e83831d9d25b02177e0fcc383e_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\2646806.exec:\2646806.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0020002.exec:\0020002.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\824644.exec:\824644.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\444688.exec:\444688.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04280.exec:\04280.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8880882.exec:\8880882.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4486222.exec:\4486222.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\860084.exec:\860084.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04284.exec:\04284.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a8286.exec:\a8286.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0422402.exec:\0422402.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8246220.exec:\8246220.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\866026.exec:\866026.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\844226.exec:\844226.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\80666.exec:\80666.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04242.exec:\04242.exe17⤵
- Executes dropped EXE
-
\??\c:\20462.exec:\20462.exe18⤵
- Executes dropped EXE
-
\??\c:\6466224.exec:\6466224.exe19⤵
- Executes dropped EXE
-
\??\c:\4868060.exec:\4868060.exe20⤵
- Executes dropped EXE
-
\??\c:\046862.exec:\046862.exe21⤵
- Executes dropped EXE
-
\??\c:\448202.exec:\448202.exe22⤵
- Executes dropped EXE
-
\??\c:\08280.exec:\08280.exe23⤵
- Executes dropped EXE
-
\??\c:\82402.exec:\82402.exe24⤵
- Executes dropped EXE
-
\??\c:\2260688.exec:\2260688.exe25⤵
- Executes dropped EXE
-
\??\c:\0406608.exec:\0406608.exe26⤵
- Executes dropped EXE
-
\??\c:\202024.exec:\202024.exe27⤵
- Executes dropped EXE
-
\??\c:\046284.exec:\046284.exe28⤵
- Executes dropped EXE
-
\??\c:\08404.exec:\08404.exe29⤵
- Executes dropped EXE
-
\??\c:\40248.exec:\40248.exe30⤵
- Executes dropped EXE
-
\??\c:\4244622.exec:\4244622.exe31⤵
- Executes dropped EXE
-
\??\c:\i640808.exec:\i640808.exe32⤵
- Executes dropped EXE
-
\??\c:\480028.exec:\480028.exe33⤵
- Executes dropped EXE
-
\??\c:\48842.exec:\48842.exe34⤵
- Executes dropped EXE
-
\??\c:\06026.exec:\06026.exe35⤵
- Executes dropped EXE
-
\??\c:\88868.exec:\88868.exe36⤵
- Executes dropped EXE
-
\??\c:\i828224.exec:\i828224.exe37⤵
- Executes dropped EXE
-
\??\c:\i864284.exec:\i864284.exe38⤵
- Executes dropped EXE
-
\??\c:\042028.exec:\042028.exe39⤵
- Executes dropped EXE
-
\??\c:\622048.exec:\622048.exe40⤵
- Executes dropped EXE
-
\??\c:\86448.exec:\86448.exe41⤵
- Executes dropped EXE
-
\??\c:\00040.exec:\00040.exe42⤵
- Executes dropped EXE
-
\??\c:\04062.exec:\04062.exe43⤵
- Executes dropped EXE
-
\??\c:\8448866.exec:\8448866.exe44⤵
- Executes dropped EXE
-
\??\c:\2602064.exec:\2602064.exe45⤵
- Executes dropped EXE
-
\??\c:\226442.exec:\226442.exe46⤵
- Executes dropped EXE
-
\??\c:\804264.exec:\804264.exe47⤵
- Executes dropped EXE
-
\??\c:\26406.exec:\26406.exe48⤵
- Executes dropped EXE
-
\??\c:\46880.exec:\46880.exe49⤵
- Executes dropped EXE
-
\??\c:\22620.exec:\22620.exe50⤵
- Executes dropped EXE
-
\??\c:\8246406.exec:\8246406.exe51⤵
- Executes dropped EXE
-
\??\c:\6046880.exec:\6046880.exe52⤵
- Executes dropped EXE
-
\??\c:\o866206.exec:\o866206.exe53⤵
- Executes dropped EXE
-
\??\c:\q60864.exec:\q60864.exe54⤵
- Executes dropped EXE
-
\??\c:\844882.exec:\844882.exe55⤵
- Executes dropped EXE
-
\??\c:\k08202.exec:\k08202.exe56⤵
- Executes dropped EXE
-
\??\c:\20268.exec:\20268.exe57⤵
- Executes dropped EXE
-
\??\c:\40828.exec:\40828.exe58⤵
- Executes dropped EXE
-
\??\c:\4060084.exec:\4060084.exe59⤵
- Executes dropped EXE
-
\??\c:\6282600.exec:\6282600.exe60⤵
- Executes dropped EXE
-
\??\c:\2464006.exec:\2464006.exe61⤵
- Executes dropped EXE
-
\??\c:\062282.exec:\062282.exe62⤵
- Executes dropped EXE
-
\??\c:\282066.exec:\282066.exe63⤵
- Executes dropped EXE
-
\??\c:\62208.exec:\62208.exe64⤵
- Executes dropped EXE
-
\??\c:\66424.exec:\66424.exe65⤵
- Executes dropped EXE
-
\??\c:\g8408.exec:\g8408.exe66⤵
-
\??\c:\i622266.exec:\i622266.exe67⤵
-
\??\c:\8862806.exec:\8862806.exe68⤵
-
\??\c:\406886.exec:\406886.exe69⤵
-
\??\c:\s0480.exec:\s0480.exe70⤵
-
\??\c:\48424.exec:\48424.exe71⤵
-
\??\c:\8264280.exec:\8264280.exe72⤵
-
\??\c:\008684.exec:\008684.exe73⤵
-
\??\c:\000482.exec:\000482.exe74⤵
-
\??\c:\o620088.exec:\o620088.exe75⤵
-
\??\c:\u084662.exec:\u084662.exe76⤵
-
\??\c:\660640.exec:\660640.exe77⤵
-
\??\c:\44082.exec:\44082.exe78⤵
-
\??\c:\4024866.exec:\4024866.exe79⤵
-
\??\c:\8206442.exec:\8206442.exe80⤵
-
\??\c:\02400.exec:\02400.exe81⤵
-
\??\c:\2264868.exec:\2264868.exe82⤵
-
\??\c:\2408044.exec:\2408044.exe83⤵
-
\??\c:\448226.exec:\448226.exe84⤵
-
\??\c:\22200.exec:\22200.exe85⤵
-
\??\c:\6224804.exec:\6224804.exe86⤵
-
\??\c:\860460.exec:\860460.exe87⤵
-
\??\c:\24084.exec:\24084.exe88⤵
-
\??\c:\42820.exec:\42820.exe89⤵
-
\??\c:\2440284.exec:\2440284.exe90⤵
-
\??\c:\6266844.exec:\6266844.exe91⤵
-
\??\c:\k08428.exec:\k08428.exe92⤵
-
\??\c:\68446.exec:\68446.exe93⤵
-
\??\c:\0008404.exec:\0008404.exe94⤵
-
\??\c:\e08400.exec:\e08400.exe95⤵
-
\??\c:\62088.exec:\62088.exe96⤵
-
\??\c:\6064062.exec:\6064062.exe97⤵
-
\??\c:\4800628.exec:\4800628.exe98⤵
-
\??\c:\262422.exec:\262422.exe99⤵
-
\??\c:\64080.exec:\64080.exe100⤵
-
\??\c:\0646824.exec:\0646824.exe101⤵
-
\??\c:\6282240.exec:\6282240.exe102⤵
-
\??\c:\2084246.exec:\2084246.exe103⤵
-
\??\c:\u006468.exec:\u006468.exe104⤵
-
\??\c:\002066.exec:\002066.exe105⤵
-
\??\c:\484640.exec:\484640.exe106⤵
-
\??\c:\88288.exec:\88288.exe107⤵
-
\??\c:\06866.exec:\06866.exe108⤵
-
\??\c:\u440286.exec:\u440286.exe109⤵
-
\??\c:\486462.exec:\486462.exe110⤵
-
\??\c:\046680.exec:\046680.exe111⤵
-
\??\c:\26402.exec:\26402.exe112⤵
-
\??\c:\82620.exec:\82620.exe113⤵
-
\??\c:\4866846.exec:\4866846.exe114⤵
-
\??\c:\0486624.exec:\0486624.exe115⤵
-
\??\c:\408408.exec:\408408.exe116⤵
-
\??\c:\04668.exec:\04668.exe117⤵
-
\??\c:\m4440.exec:\m4440.exe118⤵
-
\??\c:\62446.exec:\62446.exe119⤵
-
\??\c:\2202846.exec:\2202846.exe120⤵
-
\??\c:\o282862.exec:\o282862.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-