Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

6c520ed936...18.dll

windows7-x64

10

6c520ed936...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/07/2024, 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c520ed93654e6369dcf1ef50efee865_JaffaCakes118.dll

  • Size

    836KB

  • MD5

    6c520ed93654e6369dcf1ef50efee865

  • SHA1

    1e8ae55c1e4fd4c0cdcdc7f07dcb3bdc58e2d1c0

  • SHA256

    ded7d0db8eaae0010cffb8fd3713ecbc1af523fe04414a324f367abda4e3d02a

  • SHA512

    84e1fb30bf653a8d3b7258b1b632fd7283f462107fae614690b499f5e609c812e770615441870970bd3d15ccaffe12be52c417895204cddad835ab8049997a0b

  • SSDEEP

    12288:1dMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:bMIJxSDX3bqjhcfHk7MzH6z

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 8 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6c520ed93654e6369dcf1ef50efee865_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1676
  • C:\Windows\system32\MusNotificationUx.exe
    C:\Windows\system32\MusNotificationUx.exe
    1⤵
      PID:1040
    • C:\Users\Admin\AppData\Local\DOsSLLr\MusNotificationUx.exe
      C:\Users\Admin\AppData\Local\DOsSLLr\MusNotificationUx.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3476
    • C:\Windows\system32\rdpinput.exe
      C:\Windows\system32\rdpinput.exe
      1⤵
        PID:1548
      • C:\Users\Admin\AppData\Local\hQVb4\rdpinput.exe
        C:\Users\Admin\AppData\Local\hQVb4\rdpinput.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:5024
      • C:\Windows\system32\SystemPropertiesProtection.exe
        C:\Windows\system32\SystemPropertiesProtection.exe
        1⤵
          PID:3792
        • C:\Users\Admin\AppData\Local\4FCmf99qJ\SystemPropertiesProtection.exe
          C:\Users\Admin\AppData\Local\4FCmf99qJ\SystemPropertiesProtection.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1656

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\4FCmf99qJ\SYSDM.CPL
          Filesize

          840KB

          MD5

          f348a143a0069709427cdb5bfc778627

          SHA1

          8277ec0f0925b84364159ae37b19b517a5e58558

          SHA256

          9979f595f91ecaefd58630def90b7c079422cd3405cc5eebae0788524ad77386

          SHA512

          a585a311f201e91757fca5285b29b7a7a251da5f6dce2b2040c8e90f303c1b61f27fc5e6dd28a69376d8d583e3ed3d026334a747fc7f25d67c62fd82b173407c

          Download Submit

        • C:\Users\Admin\AppData\Local\4FCmf99qJ\SystemPropertiesProtection.exe
          Filesize

          82KB

          MD5

          26640d2d4fa912fc9a354ef6cfe500ff

          SHA1

          a343fd82659ce2d8de3beb587088867cf2ab8857

          SHA256

          a8ddf1b17b0cbc96a7eaedb0003aa7b1631da09ebfe85b387f8f630222511b37

          SHA512

          26162a3d9d4a8e3290dbcf6fe387b5c48ab1d9552aa02a38954649d877f408cb282e57580f81e15128e3a41da0eb58328d1d6253e1b57232f9a8cecdd99991dc

          Download Submit

        • C:\Users\Admin\AppData\Local\DOsSLLr\MusNotificationUx.exe
          Filesize

          615KB

          MD5

          869a214114a81712199f3de5d69d9aad

          SHA1

          be973e4188eff0d53fdf0e9360106e8ad946d89f

          SHA256

          405c2df9a36d7cfb5c8382c96f04792eb88c11a6cfa36b1d2ec3e0bec8d17361

          SHA512

          befcdeb8de6e68b9ee0bacd4cbc80f7393a0213d4039b239c98585e0cd5db1755c75559a62372374cbfb7132b6a7973ea9e6a31952e0e0ba007079c56e6d9012

          Download Submit

        • C:\Users\Admin\AppData\Local\DOsSLLr\XmlLite.dll
          Filesize

          840KB

          MD5

          eda35c44f6341b7260767a20f9ab35ad

          SHA1

          86537ced0efb14e17c304389165106666b3126ca

          SHA256

          2752e97c7efca03061b04d3b874e6639be981aeb447f35b7c92275235818a026

          SHA512

          b03eff9efd7b04343b24a07588faf597b1a7a23e0fd157ae283009f07cbdddc9b6bb4d75c5810658733a6d46b83cf24723144e738bc55ac461d4fc9b1cbf09fb

          Download Submit

        • C:\Users\Admin\AppData\Local\hQVb4\WTSAPI32.dll
          Filesize

          840KB

          MD5

          9194eaaf21d7d026a55937dbdf7abcfa

          SHA1

          b461d3ace00cd47a25536c5ad8f01a05626754aa

          SHA256

          371ddb3bea57b1f2c273d0e0bba24f9113a3ec296b8e2dfe5232c4d83baaa5f3

          SHA512

          cf08e4779966f73f4a8d959b31bb419251a21ca8c12b639eeeb9050db79c7ba4547e78f4f5f074f2f6c91ca279120031a616c4ce4972b621f9cc48a44eb7b865

          Download Submit

        • C:\Users\Admin\AppData\Local\hQVb4\rdpinput.exe
          Filesize

          180KB

          MD5

          bd99eeca92869f9a3084d689f335c734

          SHA1

          a2839f6038ea50a4456cd5c2a3ea003e7b77688c

          SHA256

          39bfb2214efeed47f4f5e50e6dff05541e29caeb27966520bdadd52c3d5e7143

          SHA512

          355433c3bbbaa3bcb849633d45713d8a7ac6f87a025732fbe83e259ec3a0cb4eabb18239df26609453f9fc6764c7276c5d0472f11cf12d15ef806aa7594d090e

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Jmwkri.lnk
          Filesize

          1KB

          MD5

          11ab5f42a6f62cdd5846e8e457d09554

          SHA1

          6704a1cff039c6a3d1503f602b8d35d441856c34

          SHA256

          d548912e7cdf0c4dd6d615fa555a5a0c2d820606b105d4798bd890780c512d44

          SHA512

          b4c1e9ed386fa8bd9426ced28b12f59cd3deddaa63cb8e47a0a54640a056583e5359cd00a3094dc6aa0017a67fe47d57a9f5912d1bbf05dccdf2d17dffde8cc0

          Download Submit

        • memory/1656-105-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/1656-102-0x00000294DE060000-0x00000294DE067000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1676-61-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/1676-0-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/1676-2-0x0000019E893A0000-0x0000019E893A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3476-73-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3476-70-0x000001E2E2290000-0x000001E2E2297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3476-68-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3596-34-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-9-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-31-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-30-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-28-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-27-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-26-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-25-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-24-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-23-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-22-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-21-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-19-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-18-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-17-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-16-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-15-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-14-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-12-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-11-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-10-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-32-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-8-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-7-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-6-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-29-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-5-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-33-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-35-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-36-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-45-0x00007FFC8032A000-0x00007FFC8032B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3596-47-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-48-0x00007FFC80420000-0x00007FFC80430000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3596-58-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-49-0x00007FFC80410000-0x00007FFC80420000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3596-3-0x0000000008A80000-0x0000000008A81000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3596-13-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-46-0x0000000008A60000-0x0000000008A67000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3596-37-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/3596-20-0x0000000140000000-0x00000001400D1000-memory.dmp

          Filesize

          836KB

          Download

        • memory/5024-89-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/5024-86-0x0000020EE7420000-0x0000020EE7427000-memory.dmp

          Filesize

          28KB

          Download