Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
28/07/2024, 01:54
General
-
Target
055b570b5c7c648baf774447328297e1_JaffaCakes118.exe
-
Size
95KB
-
MD5
055b570b5c7c648baf774447328297e1
-
SHA1
c49a53c4b7a031248219b8640ffd3fc88ff9f8d5
-
SHA256
0b3cba31373ae4c648184dd7433c5b24a91b966a1076a227d32e6a1a417fea2c
-
SHA512
df0bc2317114ee4772375e7a0ab99110868b44b191adb6bdd9fdfbbbd2e33aebf9ddabca83081989f73ecdd066c32b4ed2082c731e7d38316ea3a28f6c992092
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+mzv7oEzNmNMvVjoq:ymb3NkkiQ3mdBjF+3TYzvTt8q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\055b570b5c7c648baf774447328297e1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\055b570b5c7c648baf774447328297e1_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdv.exec:\djvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpd.exec:\pdjpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthnt.exec:\bnthnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthnt.exec:\nbthnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvd.exec:\jjdvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lflxfx.exec:\7lflxfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbh.exec:\bthtbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjj.exec:\djjjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllrxl.exec:\rxllrxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnn.exec:\ttnbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfrf.exec:\rxrlfrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbnnn.exec:\hnbnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpp.exec:\jvdpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxrxrf.exec:\7xxrxrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbhb.exec:\bbbbhb.exe17⤵
- Executes dropped EXE
-
\??\c:\tthnht.exec:\tthnht.exe18⤵
- Executes dropped EXE
-
\??\c:\pvvvv.exec:\pvvvv.exe19⤵
- Executes dropped EXE
-
\??\c:\xflxfrx.exec:\xflxfrx.exe20⤵
- Executes dropped EXE
-
\??\c:\hnhbht.exec:\hnhbht.exe21⤵
- Executes dropped EXE
-
\??\c:\nnnttt.exec:\nnnttt.exe22⤵
- Executes dropped EXE
-
\??\c:\xlrrlrf.exec:\xlrrlrf.exe23⤵
- Executes dropped EXE
-
\??\c:\httthh.exec:\httthh.exe24⤵
- Executes dropped EXE
-
\??\c:\tbnttt.exec:\tbnttt.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe26⤵
- Executes dropped EXE
-
\??\c:\rrxrxfr.exec:\rrxrxfr.exe27⤵
- Executes dropped EXE
-
\??\c:\tnhhbn.exec:\tnhhbn.exe28⤵
- Executes dropped EXE
-
\??\c:\ppjvv.exec:\ppjvv.exe29⤵
- Executes dropped EXE
-
\??\c:\rxffffl.exec:\rxffffl.exe30⤵
- Executes dropped EXE
-
\??\c:\xlxrfll.exec:\xlxrfll.exe31⤵
- Executes dropped EXE
-
\??\c:\lrrlxrr.exec:\lrrlxrr.exe32⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe33⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lrrlxfr.exec:\lrrlxfr.exe35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\btnthb.exec:\btnthb.exe36⤵
- Executes dropped EXE
-
\??\c:\nttnbt.exec:\nttnbt.exe37⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe38⤵
- Executes dropped EXE
-
\??\c:\rflfxxr.exec:\rflfxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\bbtbhn.exec:\bbtbhn.exe40⤵
- Executes dropped EXE
-
\??\c:\htnbhn.exec:\htnbhn.exe41⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe42⤵
- Executes dropped EXE
-
\??\c:\9dpvd.exec:\9dpvd.exe43⤵
- Executes dropped EXE
-
\??\c:\flrllxf.exec:\flrllxf.exe44⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe45⤵
- Executes dropped EXE
-
\??\c:\pvjjj.exec:\pvjjj.exe46⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe47⤵
- Executes dropped EXE
-
\??\c:\3xfxrrl.exec:\3xfxrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\9hthnb.exec:\9hthnb.exe49⤵
- Executes dropped EXE
-
\??\c:\hbnnnb.exec:\hbnnnb.exe50⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe51⤵
- Executes dropped EXE
-
\??\c:\xllrxxl.exec:\xllrxxl.exe52⤵
- Executes dropped EXE
-
\??\c:\9hhhnn.exec:\9hhhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\3vvdj.exec:\3vvdj.exe54⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\lfrrffr.exec:\lfrrffr.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe57⤵
- Executes dropped EXE
-
\??\c:\hbnnht.exec:\hbnnht.exe58⤵
- Executes dropped EXE
-
\??\c:\djvvj.exec:\djvvj.exe59⤵
- Executes dropped EXE
-
\??\c:\xffxlrx.exec:\xffxlrx.exe60⤵
- Executes dropped EXE
-
\??\c:\5rxrrlr.exec:\5rxrrlr.exe61⤵
- Executes dropped EXE
-
\??\c:\nntbhn.exec:\nntbhn.exe62⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\jvdpd.exec:\jvdpd.exe64⤵
- Executes dropped EXE
-
\??\c:\xrxxllx.exec:\xrxxllx.exe65⤵
- Executes dropped EXE
-
\??\c:\3xfxxxf.exec:\3xfxxxf.exe66⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe67⤵
-
\??\c:\httthh.exec:\httthh.exe68⤵
-
\??\c:\9dvdp.exec:\9dvdp.exe69⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe70⤵
-
\??\c:\llxlrrl.exec:\llxlrrl.exe71⤵
-
\??\c:\llxrrxr.exec:\llxrrxr.exe72⤵
-
\??\c:\bbbhnb.exec:\bbbhnb.exe73⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe74⤵
-
\??\c:\5pjvd.exec:\5pjvd.exe75⤵
-
\??\c:\1ddpj.exec:\1ddpj.exe76⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe77⤵
-
\??\c:\rrxfrfr.exec:\rrxfrfr.exe78⤵
-
\??\c:\bhhnhn.exec:\bhhnhn.exe79⤵
-
\??\c:\hhnhtb.exec:\hhnhtb.exe80⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe81⤵
-
\??\c:\frfrxrf.exec:\frfrxrf.exe82⤵
-
\??\c:\3rrxlll.exec:\3rrxlll.exe83⤵
-
\??\c:\nttntt.exec:\nttntt.exe84⤵
-
\??\c:\7hnnnn.exec:\7hnnnn.exe85⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe86⤵
-
\??\c:\xlfrllr.exec:\xlfrllr.exe87⤵
-
\??\c:\xfrrfxr.exec:\xfrrfxr.exe88⤵
-
\??\c:\tbhhnn.exec:\tbhhnn.exe89⤵
-
\??\c:\tthhhn.exec:\tthhhn.exe90⤵
-
\??\c:\vdppv.exec:\vdppv.exe91⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe92⤵
-
\??\c:\rxfxffl.exec:\rxfxffl.exe93⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe94⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe95⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe96⤵
-
\??\c:\1fxxxlx.exec:\1fxxxlx.exe97⤵
-
\??\c:\7tnnnh.exec:\7tnnnh.exe98⤵
-
\??\c:\vvddd.exec:\vvddd.exe99⤵
-
\??\c:\lxffrrf.exec:\lxffrrf.exe100⤵
-
\??\c:\1flffrl.exec:\1flffrl.exe101⤵
-
\??\c:\httbnt.exec:\httbnt.exe102⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe103⤵
-
\??\c:\lxfxffr.exec:\lxfxffr.exe104⤵
-
\??\c:\lrlrfrl.exec:\lrlrfrl.exe105⤵
-
\??\c:\bhthtb.exec:\bhthtb.exe106⤵
-
\??\c:\vvppd.exec:\vvppd.exe107⤵
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe108⤵
-
\??\c:\5xxxlrl.exec:\5xxxlrl.exe109⤵
-
\??\c:\1nnhbh.exec:\1nnhbh.exe110⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe111⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe112⤵
-
\??\c:\rlfflrl.exec:\rlfflrl.exe113⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe114⤵
-
\??\c:\9dpvp.exec:\9dpvp.exe115⤵
-
\??\c:\rflfrrr.exec:\rflfrrr.exe116⤵
-
\??\c:\xfrrflf.exec:\xfrrflf.exe117⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe118⤵
-
\??\c:\1pjvv.exec:\1pjvv.exe119⤵
-
\??\c:\xrllxxr.exec:\xrllxxr.exe120⤵
-
\??\c:\3lxrxrf.exec:\3lxrxrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-