Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
-
submitted
25/09/2024, 04:17
General
-
Target
f529b34255b8bb76491c487db563bb2c_JaffaCakes118.exe
-
Size
219KB
-
MD5
f529b34255b8bb76491c487db563bb2c
-
SHA1
1b49026c3556038259b17c38a8deed31d287e679
-
SHA256
32db4231dd42dc03c492f7ff48c9bde6a22cad07274019585ff511656593614a
-
SHA512
fd9cd0890fd18888c7966aaa0e13f78ebbba9ab8f19aa426e541d2b76cf29298c63e8f7b1736eb764e545572815c40278ad174cd656e67110362a0e23c3d81b1
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4SS4:n3C9BRo7MlrWKo+lx64
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f529b34255b8bb76491c487db563bb2c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f529b34255b8bb76491c487db563bb2c_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlffx.exec:\ffrlffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhhnn.exec:\1bhhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvpd.exec:\1dvpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxrrl.exec:\fflxrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnbbt.exec:\3hnbbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxflxxr.exec:\lxflxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxlll.exec:\lxfxlll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjp.exec:\vdpjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbthh.exec:\btbthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrflf.exec:\llrrflf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpj.exec:\jpvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlfrlf.exec:\9rlfrlf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llxrrl.exec:\7llxrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxfff.exec:\5lxxfff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtb.exec:\hbbbtb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrllfxx.exec:\lrllfxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnht.exec:\nhnnht.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djdv.exec:\5djdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\btbtnh.exec:\btbtnh.exe24⤵
- Executes dropped EXE
-
\??\c:\3vppj.exec:\3vppj.exe25⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe26⤵
- Executes dropped EXE
-
\??\c:\5bhthb.exec:\5bhthb.exe27⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe28⤵
- Executes dropped EXE
-
\??\c:\rrrrxfl.exec:\rrrrxfl.exe29⤵
- Executes dropped EXE
-
\??\c:\3ttnhn.exec:\3ttnhn.exe30⤵
- Executes dropped EXE
-
\??\c:\3tbbhn.exec:\3tbbhn.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe32⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe33⤵
- Executes dropped EXE
-
\??\c:\lffrlfx.exec:\lffrlfx.exe34⤵
- Executes dropped EXE
-
\??\c:\xrxfxfx.exec:\xrxfxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\bthbnb.exec:\bthbnb.exe36⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe37⤵
- Executes dropped EXE
-
\??\c:\5ppjv.exec:\5ppjv.exe38⤵
- Executes dropped EXE
-
\??\c:\flxlffr.exec:\flxlffr.exe39⤵
- Executes dropped EXE
-
\??\c:\3tbtbb.exec:\3tbtbb.exe40⤵
- Executes dropped EXE
-
\??\c:\tnbnhh.exec:\tnbnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe42⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe43⤵
- Executes dropped EXE
-
\??\c:\lfxrxrx.exec:\lfxrxrx.exe44⤵
- Executes dropped EXE
-
\??\c:\lrlfxxl.exec:\lrlfxxl.exe45⤵
- Executes dropped EXE
-
\??\c:\nhnbtn.exec:\nhnbtn.exe46⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe47⤵
- Executes dropped EXE
-
\??\c:\1pppv.exec:\1pppv.exe48⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe49⤵
- Executes dropped EXE
-
\??\c:\1rrrlfx.exec:\1rrrlfx.exe50⤵
- Executes dropped EXE
-
\??\c:\7fxrllf.exec:\7fxrllf.exe51⤵
- Executes dropped EXE
-
\??\c:\hbhhnt.exec:\hbhhnt.exe52⤵
- Executes dropped EXE
-
\??\c:\bntnhb.exec:\bntnhb.exe53⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe54⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\llxrllf.exec:\llxrllf.exe56⤵
- Executes dropped EXE
-
\??\c:\ffllffr.exec:\ffllffr.exe57⤵
- Executes dropped EXE
-
\??\c:\ttnhnn.exec:\ttnhnn.exe58⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe59⤵
- Executes dropped EXE
-
\??\c:\1vpjd.exec:\1vpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\llxrllx.exec:\llxrllx.exe62⤵
- Executes dropped EXE
-
\??\c:\bbbtnh.exec:\bbbtnh.exe63⤵
- Executes dropped EXE
-
\??\c:\5hbtnh.exec:\5hbtnh.exe64⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe65⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe66⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe67⤵
-
\??\c:\3rxrllf.exec:\3rxrllf.exe68⤵
-
\??\c:\ntnnnn.exec:\ntnnnn.exe69⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe70⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe71⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe72⤵
-
\??\c:\frrfrrl.exec:\frrfrrl.exe73⤵
-
\??\c:\llrlfxx.exec:\llrlfxx.exe74⤵
-
\??\c:\tbnhhn.exec:\tbnhhn.exe75⤵
-
\??\c:\hntnbt.exec:\hntnbt.exe76⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe77⤵
-
\??\c:\djdpv.exec:\djdpv.exe78⤵
-
\??\c:\9xxxrrr.exec:\9xxxrrr.exe79⤵
-
\??\c:\rflfxxx.exec:\rflfxxx.exe80⤵
-
\??\c:\7hhbtt.exec:\7hhbtt.exe81⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe82⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe83⤵
-
\??\c:\pppjd.exec:\pppjd.exe84⤵
-
\??\c:\5llxfxr.exec:\5llxfxr.exe85⤵
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe86⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe87⤵
-
\??\c:\nbnbnn.exec:\nbnbnn.exe88⤵
-
\??\c:\1jdpd.exec:\1jdpd.exe89⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe90⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe91⤵
-
\??\c:\lxrrlff.exec:\lxrrlff.exe92⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe93⤵
-
\??\c:\bhnhtt.exec:\bhnhtt.exe94⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe95⤵
-
\??\c:\3jdpj.exec:\3jdpj.exe96⤵
-
\??\c:\3ffrffx.exec:\3ffrffx.exe97⤵
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe98⤵
-
\??\c:\nnhbhb.exec:\nnhbhb.exe99⤵
-
\??\c:\7pjjd.exec:\7pjjd.exe100⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe101⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe102⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe103⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe104⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe105⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe106⤵
-
\??\c:\tbhhnh.exec:\tbhhnh.exe107⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe108⤵
-
\??\c:\rllffxr.exec:\rllffxr.exe109⤵
-
\??\c:\xflrlfx.exec:\xflrlfx.exe110⤵
-
\??\c:\ttbbtb.exec:\ttbbtb.exe111⤵
-
\??\c:\7nthtn.exec:\7nthtn.exe112⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe113⤵
-
\??\c:\pjddd.exec:\pjddd.exe114⤵
-
\??\c:\xllfrrx.exec:\xllfrrx.exe115⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe116⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe117⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe118⤵
-
\??\c:\pvppj.exec:\pvppj.exe119⤵
-
\??\c:\1rllrrf.exec:\1rllrrf.exe120⤵
-
\??\c:\nbhtnt.exec:\nbhtnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-