Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
17/07/2024, 19:49
General
-
Target
c3a616358453e48019c7270c1c24c4788acbdbbd17eb1e8882da6670df99b096.dll
-
Size
796KB
-
MD5
7c7ea66ba01a57d19668adafa7292f47
-
SHA1
987fc00ec5d2ec61ecf03b0181f6da93f74a6ab3
-
SHA256
c3a616358453e48019c7270c1c24c4788acbdbbd17eb1e8882da6670df99b096
-
SHA512
68e36af98094c40bf065d80594f1b70b225c42063af6e56532341f0ed0e45c7ef78166b3730c98765880d86b1b704094409aaed05845d7907b21a4d5864a2d00
-
SSDEEP
12288:yBim9Tnts08FbKuPcA8NAc1l/XkGaZKoRQIpRX2/0Ak2ng/Zi66wNdufAdN:e/nts0Q9K/0ooRQIxAk2wi0N/
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Dridex payload 12 IoCs
Detects Dridex x64 core DLL in memory.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c3a616358453e48019c7270c1c24c4788acbdbbd17eb1e8882da6670df99b096.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmstp.exeC:\Windows\system32\cmstp.exe1⤵
-
C:\Users\Admin\AppData\Local\6Ct1OC\cmstp.exeC:\Users\Admin\AppData\Local\6Ct1OC\cmstp.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\raserver.exeC:\Windows\system32\raserver.exe1⤵
-
C:\Users\Admin\AppData\Local\LjnjsK0ol\raserver.exeC:\Users\Admin\AppData\Local\LjnjsK0ol\raserver.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\msconfig.exeC:\Windows\system32\msconfig.exe1⤵
-
C:\Users\Admin\AppData\Local\T93PgIZhP\msconfig.exeC:\Users\Admin\AppData\Local\T93PgIZhP\msconfig.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
800KB
MD5eebe7c2228f682eda3d1efdaafae735a
SHA12e524f8fc99b5e9f5bf2a5e184c2f0b7a95f310a
SHA256b240d2fc49b758f7a5e767f3ee8072382e093e98d60ba78077dc967c461b239d
SHA5129335b180d84e7b45db07c153d19e95aa207e4b20f678a3a5497a3dfa5577accea313102dd79f8609f128d7f282407ffed8865cba27c5a0fcc2c768074b83e645
-
Filesize
800KB
MD57345aaddf64d3bb68708d92693a61cea
SHA19a6df8961d68484b95f82f25e2323aa7019cdb12
SHA256621f7b493494a1247e40eb9f61b69a5f5522675d54532af6f8286846fa76bbae
SHA51241a7fca9420c155bcb6c0cdd091d349be3645811f65386e0dd87fa30a0e492cab944efd87499642d9c284aa815c826c22a8e5990ee04e919e6c55875a403526d
-
Filesize
824KB
MD59528ce7f1b79859b909dc04f614895f8
SHA13c5f302b93c5201becf50ff29de878023046f1b0
SHA256d4b586ced1fb15e422d9077f9de47e8d24f53f6147b9012c688b36fc54bc9b5c
SHA5123854a8b69bf7a975df375ec283c1c3209ac93d2e64f226d19fe57f90e0de7175fbc40ed887051bd1e33e584055200def30a41b29ed6da85ee8a54b968d35a6a0
-
Filesize
1KB
MD59418517b11ffb498dd4809061cefd295
SHA1e971e546df45f4b53fff39bdfeaabe23bf34a729
SHA256d27c4804ad27b48b09cc4dd25eadb49b99b829d6820888d7a9c728c474ba3101
SHA51204f95a6497a95562769e8794f36209e23efc7cdcdc0edebc75137196b180055c2330f554eedb5627c660091771f7e4722bf53c4164c202991fe82b0477bbf62f
-
Filesize
90KB
MD574c6da5522f420c394ae34b2d3d677e3
SHA1ba135738ef1fb2f4c2c6c610be2c4e855a526668
SHA25651d298b1a8a2d00d5c608c52dba0655565d021e9798ee171d7fa92cc0de729a6
SHA512bfd76b1c3e677292748f88bf595bfef0b536eb22f2583b028cbf08f6ae4eda1aa3787c4e892aad12b7681fc2363f99250430a0e7019a7498e24db391868e787a
-
Filesize
123KB
MD5cd0bc0b6b8d219808aea3ecd4e889b19
SHA19f8f4071ce2484008e36fdfd963378f4ebad703f
SHA25616abc530c0367df1ad631f09e14c565cf99561949aa14acc533cd54bf8a5e22c
SHA51284291ea3fafb38ef96817d5fe4a972475ef8ea24a4353568029e892fa8e15cf8e8f6ef4ff567813cd3b38092f0db4577d9dccb22be755eebdd4f77e623dc80ac
-
Filesize
293KB
MD5e19d102baf266f34592f7c742fbfa886
SHA1c9c9c45b7e97bb7a180064d0a1962429f015686d
SHA256f3c8bb430f9c33e6caf06aaebde17b7fddcc55e8bb36cec2b9379038f1fca0b1
SHA5121b9f1880dd3c26ae790b8eead641e73264f90dc7aa2645acc530aad20ad9d247db613e1725282c85bca98c4428ac255752a4f5c9b2a97f90908b7fe4167bb283
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
8KB
-
Filesize
796KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
28KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
4KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
4KB
-
Filesize
796KB
-
Filesize
796KB
-
Filesize
28KB
-
Filesize
824KB
-
Filesize
824KB
-
Filesize
800KB
-
Filesize
28KB
-
Filesize
800KB
-
Filesize
28KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
796KB
-
Filesize
28KB
-
Filesize
796KB