Analysis
-
max time kernel
150s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
19/08/2024, 18:48
General
-
Target
ac27c6b54a296dbd640115bfdabd85b2_JaffaCakes118.exe
-
Size
52KB
-
MD5
ac27c6b54a296dbd640115bfdabd85b2
-
SHA1
e7cccb0998b22af764d8a76c94c1d8a25c2c8750
-
SHA256
794dee63f6fc393e9ea70e448d5307d78a45c7b34e6151893816d202fbf4afee
-
SHA512
135a15c5cec81af209dd9e7b0aab9e5b4b96061049947a7fddbeb69b8ac8bf5f7d8977a15b1e9a2e5518614478d210565ecbf0fe31d21fb90026ff3c7f958723
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDod5k2nd:ymb3NkkiQ3mdBjFod5znd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac27c6b54a296dbd640115bfdabd85b2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ac27c6b54a296dbd640115bfdabd85b2_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hvdbdb.exec:\hvdbdb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tpjdxp.exec:\tpjdxp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fppvlpp.exec:\fppvlpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpdtpn.exec:\rpdtpn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpx.exec:\vvdpx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvvjrtd.exec:\nvvjrtd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdhfbht.exec:\hdhfbht.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjhhr.exec:\jjhhr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdbt.exec:\pvdbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttvtvv.exec:\ttvtvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdxhpj.exec:\bdxhpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phtrlrb.exec:\phtrlrb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndtvbjj.exec:\ndtvbjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjpnl.exec:\xjpnl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltdfbbr.exec:\ltdfbbr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dftbrb.exec:\dftbrb.exe17⤵
- Executes dropped EXE
-
\??\c:\frhrrjr.exec:\frhrrjr.exe18⤵
- Executes dropped EXE
-
\??\c:\hvptj.exec:\hvptj.exe19⤵
- Executes dropped EXE
-
\??\c:\btrbhb.exec:\btrbhb.exe20⤵
- Executes dropped EXE
-
\??\c:\hbfrl.exec:\hbfrl.exe21⤵
- Executes dropped EXE
-
\??\c:\njndftb.exec:\njndftb.exe22⤵
- Executes dropped EXE
-
\??\c:\btntn.exec:\btntn.exe23⤵
- Executes dropped EXE
-
\??\c:\vjxbvt.exec:\vjxbvt.exe24⤵
- Executes dropped EXE
-
\??\c:\lvdhj.exec:\lvdhj.exe25⤵
- Executes dropped EXE
-
\??\c:\ltjnn.exec:\ltjnn.exe26⤵
- Executes dropped EXE
-
\??\c:\rlbldxv.exec:\rlbldxv.exe27⤵
- Executes dropped EXE
-
\??\c:\hthdh.exec:\hthdh.exe28⤵
- Executes dropped EXE
-
\??\c:\xthllr.exec:\xthllr.exe29⤵
- Executes dropped EXE
-
\??\c:\bpxfbn.exec:\bpxfbn.exe30⤵
- Executes dropped EXE
-
\??\c:\ntrpv.exec:\ntrpv.exe31⤵
- Executes dropped EXE
-
\??\c:\nblxh.exec:\nblxh.exe32⤵
- Executes dropped EXE
-
\??\c:\dtldd.exec:\dtldd.exe33⤵
- Executes dropped EXE
-
\??\c:\bbtlprv.exec:\bbtlprv.exe34⤵
- Executes dropped EXE
-
\??\c:\ppffbj.exec:\ppffbj.exe35⤵
- Executes dropped EXE
-
\??\c:\fbxjv.exec:\fbxjv.exe36⤵
- Executes dropped EXE
-
\??\c:\pbxtjv.exec:\pbxtjv.exe37⤵
- Executes dropped EXE
-
\??\c:\txhnrpl.exec:\txhnrpl.exe38⤵
- Executes dropped EXE
-
\??\c:\hbbhvrf.exec:\hbbhvrf.exe39⤵
- Executes dropped EXE
-
\??\c:\pltjn.exec:\pltjn.exe40⤵
- Executes dropped EXE
-
\??\c:\djdbxl.exec:\djdbxl.exe41⤵
- Executes dropped EXE
-
\??\c:\lxpdn.exec:\lxpdn.exe42⤵
- Executes dropped EXE
-
\??\c:\tdfhdb.exec:\tdfhdb.exe43⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fhnvfft.exec:\fhnvfft.exe44⤵
- Executes dropped EXE
-
\??\c:\xlrphr.exec:\xlrphr.exe45⤵
- Executes dropped EXE
-
\??\c:\ltftp.exec:\ltftp.exe46⤵
- Executes dropped EXE
-
\??\c:\jbbrxdt.exec:\jbbrxdt.exe47⤵
- Executes dropped EXE
-
\??\c:\fdtdr.exec:\fdtdr.exe48⤵
- Executes dropped EXE
-
\??\c:\lhtptb.exec:\lhtptb.exe49⤵
- Executes dropped EXE
-
\??\c:\ppxlfbv.exec:\ppxlfbv.exe50⤵
- Executes dropped EXE
-
\??\c:\plhpjv.exec:\plhpjv.exe51⤵
- Executes dropped EXE
-
\??\c:\vbvhjx.exec:\vbvhjx.exe52⤵
- Executes dropped EXE
-
\??\c:\vxvjhtv.exec:\vxvjhtv.exe53⤵
- Executes dropped EXE
-
\??\c:\xhvtjlp.exec:\xhvtjlp.exe54⤵
- Executes dropped EXE
-
\??\c:\hrdnvx.exec:\hrdnvx.exe55⤵
- Executes dropped EXE
-
\??\c:\vhvlphv.exec:\vhvlphv.exe56⤵
- Executes dropped EXE
-
\??\c:\jnfdvh.exec:\jnfdvh.exe57⤵
- Executes dropped EXE
-
\??\c:\dxxrv.exec:\dxxrv.exe58⤵
- Executes dropped EXE
-
\??\c:\phftl.exec:\phftl.exe59⤵
- Executes dropped EXE
-
\??\c:\plnxp.exec:\plnxp.exe60⤵
- Executes dropped EXE
-
\??\c:\ndhhl.exec:\ndhhl.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rjvvfhj.exec:\rjvvfhj.exe62⤵
- Executes dropped EXE
-
\??\c:\dljfrjb.exec:\dljfrjb.exe63⤵
- Executes dropped EXE
-
\??\c:\jbxfb.exec:\jbxfb.exe64⤵
- Executes dropped EXE
-
\??\c:\xhjhd.exec:\xhjhd.exe65⤵
- Executes dropped EXE
-
\??\c:\ftnlnvt.exec:\ftnlnvt.exe66⤵
-
\??\c:\vfnjhnb.exec:\vfnjhnb.exe67⤵
-
\??\c:\rtbbvr.exec:\rtbbvr.exe68⤵
-
\??\c:\trhnhp.exec:\trhnhp.exe69⤵
-
\??\c:\lvbfj.exec:\lvbfj.exe70⤵
-
\??\c:\bftxvv.exec:\bftxvv.exe71⤵
-
\??\c:\nvllxhl.exec:\nvllxhl.exe72⤵
-
\??\c:\vjnvvj.exec:\vjnvvj.exe73⤵
-
\??\c:\phfjrtd.exec:\phfjrtd.exe74⤵
-
\??\c:\nprxrj.exec:\nprxrj.exe75⤵
-
\??\c:\nvfhr.exec:\nvfhr.exe76⤵
-
\??\c:\ffrbpdv.exec:\ffrbpdv.exe77⤵
-
\??\c:\vhhhhhh.exec:\vhhhhhh.exe78⤵
-
\??\c:\nhdxjf.exec:\nhdxjf.exe79⤵
-
\??\c:\frrhfx.exec:\frrhfx.exe80⤵
-
\??\c:\vbblrpp.exec:\vbblrpp.exe81⤵
-
\??\c:\rpfttxn.exec:\rpfttxn.exe82⤵
-
\??\c:\fxxjdjj.exec:\fxxjdjj.exe83⤵
-
\??\c:\pbxrj.exec:\pbxrj.exe84⤵
-
\??\c:\xltphjh.exec:\xltphjh.exe85⤵
-
\??\c:\rlfdbx.exec:\rlfdbx.exe86⤵
-
\??\c:\rnxht.exec:\rnxht.exe87⤵
-
\??\c:\rrvhfd.exec:\rrvhfd.exe88⤵
-
\??\c:\bpjfh.exec:\bpjfh.exe89⤵
-
\??\c:\vjfnbp.exec:\vjfnbp.exe90⤵
-
\??\c:\hlbfrph.exec:\hlbfrph.exe91⤵
-
\??\c:\nbvvrn.exec:\nbvvrn.exe92⤵
-
\??\c:\trdrxbn.exec:\trdrxbn.exe93⤵
-
\??\c:\fnhrtd.exec:\fnhrtd.exe94⤵
-
\??\c:\lbtddvb.exec:\lbtddvb.exe95⤵
-
\??\c:\bvpbb.exec:\bvpbb.exe96⤵
-
\??\c:\hfrdt.exec:\hfrdt.exe97⤵
-
\??\c:\bvdnlv.exec:\bvdnlv.exe98⤵
-
\??\c:\ndtrrh.exec:\ndtrrh.exe99⤵
-
\??\c:\nrftx.exec:\nrftx.exe100⤵
-
\??\c:\lxbvpff.exec:\lxbvpff.exe101⤵
-
\??\c:\ttbhr.exec:\ttbhr.exe102⤵
-
\??\c:\lfpjh.exec:\lfpjh.exe103⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nptfv.exec:\nptfv.exe104⤵
-
\??\c:\rfddfxr.exec:\rfddfxr.exe105⤵
-
\??\c:\nbbjh.exec:\nbbjh.exe106⤵
-
\??\c:\hpxnhr.exec:\hpxnhr.exe107⤵
-
\??\c:\fjpxprn.exec:\fjpxprn.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ljrdxlb.exec:\ljrdxlb.exe109⤵
-
\??\c:\hrlph.exec:\hrlph.exe110⤵
-
\??\c:\tpjlbv.exec:\tpjlbv.exe111⤵
-
\??\c:\djxhprf.exec:\djxhprf.exe112⤵
-
\??\c:\bpxlbt.exec:\bpxlbt.exe113⤵
-
\??\c:\jhnplpt.exec:\jhnplpt.exe114⤵
-
\??\c:\jdnnpb.exec:\jdnnpb.exe115⤵
-
\??\c:\lrvxf.exec:\lrvxf.exe116⤵
-
\??\c:\jjlnhl.exec:\jjlnhl.exe117⤵
-
\??\c:\hrrxfh.exec:\hrrxfh.exe118⤵
-
\??\c:\vtdbdn.exec:\vtdbdn.exe119⤵
-
\??\c:\txfbj.exec:\txfbj.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ttbfnj.exec:\ttbfnj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-