Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
1s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
08/07/2024, 17:47
General
-
Target
necurs.exe
-
Size
1008KB
-
MD5
6e05e84c7a993880409d7a0324c10e74
-
SHA1
4cac8146d54c5e47ec1c31a04c3cafdec9fbf209
-
SHA256
ffb1150bbb28d53f325b00445be935cd657c1d8061ba73e91af5b343b6c0d438
-
SHA512
4a4fa48ce31abea8cab4ca176f9d5be4b1b9b9c45c574f2e3605eaf04fd2fbd3da37d464300b2954623b0b9d377cff0a47d082b7fc1cc82a6d3eeab87555d43a
-
SSDEEP
24576:XiB1Q0SPpqqUGB9Qe5k04Q9RGuRUEy3FKEdeybpk/w:XJ/PMq3B9Qet1pyVbNbGo
Malware Config
Extracted
dridex
0.79.198.234:6811
59.14.232.108:13510
153.85.116.88:34145
109.165.79.26:57028
3.48.31.250:32970
198.99.233.8:64668
4.144.183.219:57415
170.9.63.116:12621
82.190.146.50:8956
110.106.233.26:61144
231.170.120.138:36240
104.89.112.76:49715
14.217.137.57:20854
108.38.229.252:62814
53.121.3.237:39876
97.219.18.138:20575
120.178.203.178:46408
220.127.249.215:18420
172.217.87.204:28067
175.53.142.26:45560
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\necurs.exe"C:\Users\Admin\AppData\Local\Temp\necurs.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1008KB
-
Filesize
24KB