Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
17/07/2024, 19:49
General
-
Target
e2de0d401a8809be7f287cdb30e3151282c0de21c5bcb7b41437e8fdd6b38f66.dll
-
Size
800KB
-
MD5
252395046102ed9612e50d71bdc56fe5
-
SHA1
23b893ede7e9473b4fdae8051d935ca08593c958
-
SHA256
e2de0d401a8809be7f287cdb30e3151282c0de21c5bcb7b41437e8fdd6b38f66
-
SHA512
a5cde48eff1e96551d66cae42d8cc88c58efd71bf3ce9da18bdd77c82b285d643c11ffbe55631d22c6e9ecaaa0c45053d74ba46254766c983563704d5d4ba12e
-
SSDEEP
12288:zBim9Tnts08FbKuPcA8NAc1l/XkGaZKoRQIpRX2/0Ak2ng/Zi66wNdufAdN:t/nts0Q9K/0ooRQIxAk2wi0N/
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Dridex payload 11 IoCs
Detects Dridex x64 core DLL in memory.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e2de0d401a8809be7f287cdb30e3151282c0de21c5bcb7b41437e8fdd6b38f66.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\dpnsvr.exeC:\Windows\system32\dpnsvr.exe1⤵
-
C:\Users\Admin\AppData\Local\hdQU\dpnsvr.exeC:\Users\Admin\AppData\Local\hdQU\dpnsvr.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\perfmon.exeC:\Windows\system32\perfmon.exe1⤵
-
C:\Users\Admin\AppData\Local\plicqJ\perfmon.exeC:\Users\Admin\AppData\Local\plicqJ\perfmon.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\SystemPropertiesComputerName.exeC:\Windows\system32\SystemPropertiesComputerName.exe1⤵
-
C:\Users\Admin\AppData\Local\eEiXM\SystemPropertiesComputerName.exeC:\Users\Admin\AppData\Local\eEiXM\SystemPropertiesComputerName.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
804KB
MD5f2bdf2364790d1be9f6683a3bd1d6983
SHA1723499ce87b05f03905c30d77863348671ee7dda
SHA25692a80b424e3771068f73b97e52e1b63df7e5979984536fa131c3145688eac05f
SHA51290247ebe2c99d25c55f2db482aa2b0915ba296988344a0b562be1545388e2284cb433ff33e202e7a37a4ec980323f6383b469803453b252b2e1ba87cf6b54f86
-
Filesize
808KB
MD5e897f0c4aab89ee797828423449c4d23
SHA140c1cbe08b2dcbc949c636826b3e92ce520cc971
SHA256480918156fede89192ec08403db11a4ebd2c0a47b8fd2fff87c70f924a05905b
SHA5125e46a7a3a103f48c1aea0578f9e90800257d23f7ae90fc5fd36507e5047dba871bf1072252565bfe581e0ae6d9af2b18184bceff250bbbf567961229ad654c01
-
Filesize
804KB
MD530921147fe8a324cf18008ae652a0fd8
SHA130ca7d81c01877cc0d542780003a3f71130b6d5f
SHA256525411fd4b857a9ec0b1588d6782aa01252b70e3825c9d417f42836599d6dfa1
SHA5120d3b1c579d0468c93e41ede8fd4cd39f1c2ec278c32c8f7416248c15934be755451699ab1dc57fbd76d5e3cd2923f01188b7d7c28cacbcc4cdc75dd454c1458f
-
Filesize
1KB
MD503ef75560f24e70fe7104c45c0220e9a
SHA180f095f3fb2be4e89621e79ace9acd22f92b6779
SHA25685107716de99ec31166c711caba52d94b920a9d36900e9ab7977a739c405baf5
SHA512db63c797de88dc4e85d23c441e2035c9d3742ecd2f20746aa712ec8077f901c4b316b8c6f470c3fc624637a0c4326a3f75747d1fbd1465062ace67cfc1f39ac2
-
Filesize
80KB
MD5bd889683916aa93e84e1a75802918acf
SHA15ee66571359178613a4256a7470c2c3e6dd93cfa
SHA2560e22894595891a9ff9706e03b3db31a751541c4a773f82420fce57237d6c47cf
SHA5129d76de848b319f44657fb7fbe5a3b927774ae999362ff811a199002ffa77ad9e1638a65a271388e605ab5e5a7cb6ce5aa7fcabc3ed583ade00eaa4c265552026
-
Filesize
33KB
MD56806b72978f6bd27aef57899be68b93b
SHA1713c246d0b0b8dcc298afaed4f62aed82789951c
SHA2563485ee4159c5f9e4ed9dd06e668d1e04148154ff40327a9ccb591e8c5a79958c
SHA51243c942358b2e949751149ecc4be5ff6cb0634957ff1128ad5e6051e83379fb5643100cae2f6ef3eaf36aff016063c150e93297aa866e780d0e4d51656a251c7b
-
Filesize
168KB
MD53eb98cff1c242167df5fdbc6441ce3c5
SHA1730b27a1c92e8df1e60db5a6fc69ea1b24f68a69
SHA2566d8d5a244bb5a23c95653853fec3d04d2bdd2df5cff8cffb9848bddeb6adb081
SHA512f42be2a52d97fd1db2ed5a1a1a81a186a0aab41204980a103df33a4190632ba03f3cbb88fcea8da7ed9a5e15f60732d49a924b025fe6d3e623195ec1d37dfb35
-
Filesize
804KB
-
Filesize
28KB
-
Filesize
804KB
-
Filesize
800KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
8KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
4KB
-
Filesize
800KB
-
Filesize
28KB
-
Filesize
4KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
800KB
-
Filesize
28KB
-
Filesize
804KB
-
Filesize
800KB
-
Filesize
28KB
-
Filesize
800KB
-
Filesize
808KB
-
Filesize
28KB
-
Filesize
808KB