Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04/10/2024, 05:24
General
-
Target
1203015e3c1fc213eee40870a1bdbf1c_JaffaCakes118.exe
-
Size
132KB
-
MD5
1203015e3c1fc213eee40870a1bdbf1c
-
SHA1
d31d27d7fa6db7bc1ba4ee10083accae6f77b39a
-
SHA256
764ea099bfbee95b8522ae91095b8f8b936591af40ae35f916f7d338278fe18b
-
SHA512
5c57b96576a9a79ed061592792352be3c5654c6276873605091ffac1262ea1e5b07f2cb90045effa55a9d5436b954993d45ef276953e3a0182943d32c08ef138
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gFbctg0IyAyhZvjDUgJu:n3C9BRo7tvnJ9oH0IRgZvjD1u
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1203015e3c1fc213eee40870a1bdbf1c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1203015e3c1fc213eee40870a1bdbf1c_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbh.exec:\nhttbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrxff.exec:\frfrxff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfllrx.exec:\xrfllrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbbhh.exec:\1bbbhh.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjv.exec:\ppdjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxflrr.exec:\5fxflrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxfxxl.exec:\xxxfxxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjp.exec:\vpdjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxlrf.exec:\lxlxlrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbntb.exec:\tnbntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvdv.exec:\9jvdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxfrlx.exec:\3fxfrlx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllffxf.exec:\lllffxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnhh.exec:\bthnhh.exe17⤵
- Executes dropped EXE
-
\??\c:\7vddd.exec:\7vddd.exe18⤵
- Executes dropped EXE
-
\??\c:\9jjdv.exec:\9jjdv.exe19⤵
- Executes dropped EXE
-
\??\c:\7rflrlx.exec:\7rflrlx.exe20⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe21⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe22⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe23⤵
- Executes dropped EXE
-
\??\c:\rrrlxfx.exec:\rrrlxfx.exe24⤵
- Executes dropped EXE
-
\??\c:\btbbnh.exec:\btbbnh.exe25⤵
- Executes dropped EXE
-
\??\c:\hbhthh.exec:\hbhthh.exe26⤵
- Executes dropped EXE
-
\??\c:\3jddp.exec:\3jddp.exe27⤵
- Executes dropped EXE
-
\??\c:\xrlrrrx.exec:\xrlrrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\hthhnt.exec:\hthhnt.exe29⤵
- Executes dropped EXE
-
\??\c:\3vdvd.exec:\3vdvd.exe30⤵
- Executes dropped EXE
-
\??\c:\lfxlxxr.exec:\lfxlxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe32⤵
- Executes dropped EXE
-
\??\c:\nhhhtb.exec:\nhhhtb.exe33⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe34⤵
- Executes dropped EXE
-
\??\c:\9frrxxf.exec:\9frrxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\1rrfflx.exec:\1rrfflx.exe36⤵
- Executes dropped EXE
-
\??\c:\btnbnb.exec:\btnbnb.exe37⤵
- Executes dropped EXE
-
\??\c:\5bhntn.exec:\5bhntn.exe38⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe39⤵
- Executes dropped EXE
-
\??\c:\lfllxrx.exec:\lfllxrx.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe41⤵
- Executes dropped EXE
-
\??\c:\hhhbbn.exec:\hhhbbn.exe42⤵
- Executes dropped EXE
-
\??\c:\9nhntb.exec:\9nhntb.exe43⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe44⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe45⤵
- Executes dropped EXE
-
\??\c:\1xxxlfl.exec:\1xxxlfl.exe46⤵
- Executes dropped EXE
-
\??\c:\rrflxxf.exec:\rrflxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\bhnhtn.exec:\bhnhtn.exe48⤵
- Executes dropped EXE
-
\??\c:\nntttb.exec:\nntttb.exe49⤵
- Executes dropped EXE
-
\??\c:\pdjvd.exec:\pdjvd.exe50⤵
- Executes dropped EXE
-
\??\c:\7vpdp.exec:\7vpdp.exe51⤵
- Executes dropped EXE
-
\??\c:\lxflflf.exec:\lxflflf.exe52⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xrlrffx.exec:\xrlrffx.exe53⤵
- Executes dropped EXE
-
\??\c:\5hnnbb.exec:\5hnnbb.exe54⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\7jpvd.exec:\7jpvd.exe56⤵
- Executes dropped EXE
-
\??\c:\7lffffr.exec:\7lffffr.exe57⤵
- Executes dropped EXE
-
\??\c:\7lrrxrx.exec:\7lrrxrx.exe58⤵
- Executes dropped EXE
-
\??\c:\ttnntt.exec:\ttnntt.exe59⤵
- Executes dropped EXE
-
\??\c:\1ntbhh.exec:\1ntbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\3pdjp.exec:\3pdjp.exe61⤵
- Executes dropped EXE
-
\??\c:\lfrlrrr.exec:\lfrlrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\lfrrllr.exec:\lfrrllr.exe63⤵
- Executes dropped EXE
-
\??\c:\bnhhbb.exec:\bnhhbb.exe64⤵
- Executes dropped EXE
-
\??\c:\hbhnnt.exec:\hbhnnt.exe65⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe66⤵
-
\??\c:\lflllrf.exec:\lflllrf.exe67⤵
-
\??\c:\lxxfllr.exec:\lxxfllr.exe68⤵
-
\??\c:\9fxlxxl.exec:\9fxlxxl.exe69⤵
-
\??\c:\btbhth.exec:\btbhth.exe70⤵
-
\??\c:\dppjp.exec:\dppjp.exe71⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe72⤵
-
\??\c:\1xffllx.exec:\1xffllx.exe73⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe74⤵
-
\??\c:\5bttbh.exec:\5bttbh.exe75⤵
-
\??\c:\9nhtbt.exec:\9nhtbt.exe76⤵
-
\??\c:\ppppd.exec:\ppppd.exe77⤵
-
\??\c:\dppjj.exec:\dppjj.exe78⤵
-
\??\c:\3xllrxl.exec:\3xllrxl.exe79⤵
-
\??\c:\5frxfff.exec:\5frxfff.exe80⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe81⤵
-
\??\c:\hbnhtn.exec:\hbnhtn.exe82⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe83⤵
-
\??\c:\5lxrrrr.exec:\5lxrrrr.exe84⤵
-
\??\c:\rffxfxx.exec:\rffxfxx.exe85⤵
-
\??\c:\nbhntb.exec:\nbhntb.exe86⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe87⤵
-
\??\c:\3jpdd.exec:\3jpdd.exe88⤵
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe89⤵
-
\??\c:\lfrxrxl.exec:\lfrxrxl.exe90⤵
-
\??\c:\btnthn.exec:\btnthn.exe91⤵
-
\??\c:\3hnntn.exec:\3hnntn.exe92⤵
-
\??\c:\3dpvv.exec:\3dpvv.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppddp.exec:\ppddp.exe94⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe95⤵
-
\??\c:\7lxxffl.exec:\7lxxffl.exe96⤵
-
\??\c:\hbnntn.exec:\hbnntn.exe97⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe98⤵
-
\??\c:\7pddp.exec:\7pddp.exe99⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jvjvj.exec:\jvjvj.exe100⤵
-
\??\c:\lflrflx.exec:\lflrflx.exe101⤵
-
\??\c:\1xfffxx.exec:\1xfffxx.exe102⤵
-
\??\c:\ttnhnb.exec:\ttnhnb.exe103⤵
-
\??\c:\hthbbt.exec:\hthbbt.exe104⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe105⤵
-
\??\c:\5jvpj.exec:\5jvpj.exe106⤵
-
\??\c:\9xrrrxl.exec:\9xrrrxl.exe107⤵
-
\??\c:\rlflxxl.exec:\rlflxxl.exe108⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe109⤵
-
\??\c:\9nnntn.exec:\9nnntn.exe110⤵
-
\??\c:\5dvdj.exec:\5dvdj.exe111⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe112⤵
-
\??\c:\lxffrxf.exec:\lxffrxf.exe113⤵
-
\??\c:\5flllfl.exec:\5flllfl.exe114⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe115⤵
-
\??\c:\jvddj.exec:\jvddj.exe116⤵
-
\??\c:\pdppd.exec:\pdppd.exe117⤵
-
\??\c:\3rlrxfl.exec:\3rlrxfl.exe118⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe119⤵
-
\??\c:\9bnnbb.exec:\9bnnbb.exe120⤵
-
\??\c:\thttnn.exec:\thttnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-