Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/08/2024, 18:48
General
-
Target
ac27c6b54a296dbd640115bfdabd85b2_JaffaCakes118.exe
-
Size
52KB
-
MD5
ac27c6b54a296dbd640115bfdabd85b2
-
SHA1
e7cccb0998b22af764d8a76c94c1d8a25c2c8750
-
SHA256
794dee63f6fc393e9ea70e448d5307d78a45c7b34e6151893816d202fbf4afee
-
SHA512
135a15c5cec81af209dd9e7b0aab9e5b4b96061049947a7fddbeb69b8ac8bf5f7d8977a15b1e9a2e5518614478d210565ecbf0fe31d21fb90026ff3c7f958723
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDod5k2nd:ymb3NkkiQ3mdBjFod5znd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac27c6b54a296dbd640115bfdabd85b2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ac27c6b54a296dbd640115bfdabd85b2_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtt.exec:\hthbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflfxr.exec:\fxflfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnh.exec:\nbbtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjdv.exec:\7pjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxrxxr.exec:\1fxrxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnhtt.exec:\1tnhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ttthb.exec:\1ttthb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrlx.exec:\lffxrlx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhtt.exec:\thbhtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjd.exec:\jvvjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpd.exec:\jvdpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfrfrf.exec:\7lfrfrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thbtn.exec:\3thbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjdp.exec:\9vjdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrlfr.exec:\xlxrlfr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfrfrl.exec:\9xfrfrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbthb.exec:\tnbthb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvdj.exec:\pvvdj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxlxrl.exec:\9lxlxrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxrr.exec:\fllfxrr.exe23⤵
- Executes dropped EXE
-
\??\c:\btnnhb.exec:\btnnhb.exe24⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe25⤵
- Executes dropped EXE
-
\??\c:\5jpjd.exec:\5jpjd.exe26⤵
- Executes dropped EXE
-
\??\c:\flrlfxr.exec:\flrlfxr.exe27⤵
- Executes dropped EXE
-
\??\c:\nbnntn.exec:\nbnntn.exe28⤵
- Executes dropped EXE
-
\??\c:\bhhnnb.exec:\bhhnnb.exe29⤵
- Executes dropped EXE
-
\??\c:\7htnbt.exec:\7htnbt.exe30⤵
- Executes dropped EXE
-
\??\c:\9jvpv.exec:\9jvpv.exe31⤵
- Executes dropped EXE
-
\??\c:\flrlllf.exec:\flrlllf.exe32⤵
- Executes dropped EXE
-
\??\c:\llfrlll.exec:\llfrlll.exe33⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe34⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe35⤵
- Executes dropped EXE
-
\??\c:\ffxrllx.exec:\ffxrllx.exe36⤵
- Executes dropped EXE
-
\??\c:\fxrrlll.exec:\fxrrlll.exe37⤵
- Executes dropped EXE
-
\??\c:\rxllrxf.exec:\rxllrxf.exe38⤵
- Executes dropped EXE
-
\??\c:\htnhbb.exec:\htnhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\1vddp.exec:\1vddp.exe40⤵
- Executes dropped EXE
-
\??\c:\lrfllxx.exec:\lrfllxx.exe41⤵
- Executes dropped EXE
-
\??\c:\rlrlllr.exec:\rlrlllr.exe42⤵
- Executes dropped EXE
-
\??\c:\bttnbh.exec:\bttnbh.exe43⤵
- Executes dropped EXE
-
\??\c:\jjjvv.exec:\jjjvv.exe44⤵
- Executes dropped EXE
-
\??\c:\7vvdp.exec:\7vvdp.exe45⤵
- Executes dropped EXE
-
\??\c:\fflrrrr.exec:\fflrrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\rfllxrl.exec:\rfllxrl.exe47⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\1dddv.exec:\1dddv.exe49⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe50⤵
- Executes dropped EXE
-
\??\c:\7jdvp.exec:\7jdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\llrrfll.exec:\llrrfll.exe52⤵
- Executes dropped EXE
-
\??\c:\lflfrlf.exec:\lflfrlf.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbntn.exec:\tnbntn.exe54⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe55⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe56⤵
- Executes dropped EXE
-
\??\c:\jvdjd.exec:\jvdjd.exe57⤵
- Executes dropped EXE
-
\??\c:\lfxllrr.exec:\lfxllrr.exe58⤵
- Executes dropped EXE
-
\??\c:\rfxrlrl.exec:\rfxrlrl.exe59⤵
- Executes dropped EXE
-
\??\c:\thhnhn.exec:\thhnhn.exe60⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe61⤵
- Executes dropped EXE
-
\??\c:\3ppjv.exec:\3ppjv.exe62⤵
- Executes dropped EXE
-
\??\c:\5rxrfrr.exec:\5rxrfrr.exe63⤵
- Executes dropped EXE
-
\??\c:\1fffxff.exec:\1fffxff.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhtnn.exec:\nhhtnn.exe65⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe66⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe67⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe68⤵
-
\??\c:\ffrxllf.exec:\ffrxllf.exe69⤵
-
\??\c:\nntnhn.exec:\nntnhn.exe70⤵
-
\??\c:\nnnnht.exec:\nnnnht.exe71⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe72⤵
-
\??\c:\pppjd.exec:\pppjd.exe73⤵
-
\??\c:\xfflrxf.exec:\xfflrxf.exe74⤵
-
\??\c:\lrrrrrl.exec:\lrrrrrl.exe75⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe76⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe77⤵
-
\??\c:\ddppv.exec:\ddppv.exe78⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe79⤵
-
\??\c:\5xfrllr.exec:\5xfrllr.exe80⤵
-
\??\c:\1llfxll.exec:\1llfxll.exe81⤵
-
\??\c:\frxrlxl.exec:\frxrlxl.exe82⤵
-
\??\c:\htttnn.exec:\htttnn.exe83⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe84⤵
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe85⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe86⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe87⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe88⤵
-
\??\c:\xxrxxxr.exec:\xxrxxxr.exe89⤵
-
\??\c:\rlfffff.exec:\rlfffff.exe90⤵
-
\??\c:\9xxrrrl.exec:\9xxrrrl.exe91⤵
-
\??\c:\9htttt.exec:\9htttt.exe92⤵
-
\??\c:\bttbth.exec:\bttbth.exe93⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe94⤵
-
\??\c:\dvddv.exec:\dvddv.exe95⤵
-
\??\c:\rfrllrl.exec:\rfrllrl.exe96⤵
-
\??\c:\rflfrlx.exec:\rflfrlx.exe97⤵
-
\??\c:\3nnhhh.exec:\3nnhhh.exe98⤵
-
\??\c:\5hthbb.exec:\5hthbb.exe99⤵
-
\??\c:\7djjv.exec:\7djjv.exe100⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe101⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe102⤵
-
\??\c:\btnhth.exec:\btnhth.exe103⤵
-
\??\c:\jddvd.exec:\jddvd.exe104⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe105⤵
-
\??\c:\ffffrlf.exec:\ffffrlf.exe106⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe107⤵
-
\??\c:\hnbtnt.exec:\hnbtnt.exe108⤵
-
\??\c:\ddddd.exec:\ddddd.exe109⤵
-
\??\c:\7ddvd.exec:\7ddvd.exe110⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe111⤵
-
\??\c:\btthtt.exec:\btthtt.exe112⤵
-
\??\c:\5hnhhb.exec:\5hnhhb.exe113⤵
-
\??\c:\9jppj.exec:\9jppj.exe114⤵
-
\??\c:\djjdv.exec:\djjdv.exe115⤵
-
\??\c:\lfffrrr.exec:\lfffrrr.exe116⤵
-
\??\c:\llfrlfx.exec:\llfrlfx.exe117⤵
-
\??\c:\bbnhtn.exec:\bbnhtn.exe118⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe119⤵
-
\??\c:\pvddp.exec:\pvddp.exe120⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-