Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

fef6b272e8...18.dll

windows7-x64

10

fef6b272e8...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 09:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fef6b272e83c2db9338ad55ffb6e8f6e_JaffaCakes118.dll

  • Size

    1.3MB

  • MD5

    fef6b272e83c2db9338ad55ffb6e8f6e

  • SHA1

    90c912ce3613ebcc0ecad406bf1c86fdc58162a8

  • SHA256

    90d3303cc9628d39013556750168afdcb0d3196d95ae004fd5a9642238636875

  • SHA512

    4b7d93dd2e9458e277391f3074dc76d4e92442bf1db0d7fb630f4896f27001bf4350062ddeb452887d1d6e69f6cac914bab6bad34e086a2fb8b6b951d23e4f7c

  • SSDEEP

    24576:2cFXB3P/KiY386VWysaBaotyaD8u9hZ0Bc0TU522c:tWzXko8awdc0Ty22c

Score
10/10
danabot15bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

15

C2

192.52.167.44:443

192.52.166.92:443

192.52.167.45:443

173.254.204.95:443
Attributes
  • embedded_hash

    740FCC7615F224B3D909D4EC25568A2A

  • type

    loader

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCX+LhsoxcvmIw/a4O0dRy2Y0mp
3
bxQzvGQFTYy5/zrmf+FDKKvvxI2NSyhjP2/CnVYCPDds5/AKiKdy06LAbu5ZsGWB
4
l07IjPoAXz+X/K+D/ROUwjQ0MRj7ligpT2FYBy3jGALm/Nm12P0cbYhuWxFg2otG
5
sF8fpzFA38TKPrbIVQIDAQAB
6
-----END PUBLIC KEY-----
rsa_privkey.plain
1
-----BEGIN PRIVATE KEY-----
2
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKQGqho6IZgMXeXY
3
EYC4/OJ1JWPa4HisQCEb8nJ50i9McjpFmcYtdpf4mBp28L8xvThQm0c+xFa2502c
4
PGl+Gl7riQrpmzw4qLUaVaUTHmhq9y1LE93N9vhH7yXGUFmhxwtERgxcRuIMLHjs
5
tZXQnX9j8QthO/jm1IFVKHvr5W25AgMBAAECgYEAk+2SwX6Fx5v3nw+DkYTERPQD
6
mY/Pe+VVHMcYm9d0EMYwCo+0xH9CAoLnoo58RuJz1XMU52cbKV1hM6Rg838QBfKp
7
RZHp+Hjl1jC8stka8y/6Xl6rcBY88+dfXlBSHl0nGYcrj3d0vLXnd7ecfUqCDOaW
8
zRYSV1NVczJSnm9b6WUCQQDaSumj1xW28GH6JPfY22td5BvuvLaIe7uhipwB09w3
9
SW6fZJUrsnhDoYFECaTocskPWawo8LEp6YNYs8F4BqhrAkEAwFwJUvhNN0S1qOYO
10
EBAcr+BDyQWJMbwlEJTXhh9qoDAUQWDCTXtAiuLpSHSv+PHZd6DWUmR5OWQeRtwC

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 2 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fef6b272e83c2db9338ad55ffb6e8f6e_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fef6b272e83c2db9338ad55ffb6e8f6e_JaffaCakes118.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:2772

Network

    No results found
  • 192.52.167.44:443
    rundll32.exe
    152 B
     3
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2772-0-0x0000000001F90000-0x00000000020ED000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2772-1-0x0000000001F90000-0x00000000020ED000-memory.dmp

    Filesize

    1.4MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.