Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 14:24 UTC

General

  • Target

    ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    ea30222df47596649901a0e6c4f0f8c2

  • SHA1

    69fd28af4a424fb023cd5eb9369788a66207d347

  • SHA256

    13a0c05dd4f7e469240ea0d791589e829f8648b1bc7fde8a376187beced129f5

  • SHA512

    3adcf4eabf6d4bcb6cdf0bec3409a12c34ff8977340a630ee210659e02d262eb4b7529ce0493da2fcc13e43985883252c7814e80b66dc4067fcd1f98354f1a44

  • SSDEEP

    12288:lM+ZdkmHubeaCo6TRg522A/sUQBJ8Wvp:lMcpTo6a00BOa

Malware Config

Extracted

Family

dridex

Botnet

10111

C2

176.9.89.122:10172

147.91.31.1:6225

103.30.247.115:7443

rc4.plain
1
55cf5F85ZxYDpGqSBlYEsYNgstGXj5Yiul5T2wM6GSoq
rc4.plain
1
i3CRs4XPeBtw8y5Iix5xGYgjxB0wOQ3umaTe1z1PAA4adeevs2BFAtt0s3Y7yu

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    PID:2200

Network

    No results found
  • 176.9.89.122:10172
    ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 176.9.89.122:10172
    ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe
    152 B
    120 B
    3
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2200-0-0x0000000000220000-0x000000000025C000-memory.dmp

    Filesize

    240KB

  • memory/2200-1-0x0000000000400000-0x000000000051C000-memory.dmp

    Filesize

    1.1MB

  • memory/2200-2-0x0000000000400000-0x000000000051C000-memory.dmp

    Filesize

    1.1MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.