Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

128c0d0800...18.dll

windows7-x64

10

128c0d0800...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    28/07/2024, 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    128c0d0800f9ddc1fc1ad2adbfe2af4c_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    128c0d0800f9ddc1fc1ad2adbfe2af4c

  • SHA1

    9eec1f0a49a705b50defa8855671e6265890992c

  • SHA256

    ec2deee820615d16428c4fa1b4d150ec6ed62fa45a11ef64f174fa297d3ad00d

  • SHA512

    64a7ffea8fc75775f5a72584a720606e71e3d5166fa25185ce4bc39d11e001d4fe9a54734933efa275ca770e8a3ebab1d6ed88f8eb1f9130db15e82d24538e4f

  • SSDEEP

    24576:muYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:G9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\128c0d0800f9ddc1fc1ad2adbfe2af4c_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:712
  • C:\Windows\system32\SystemPropertiesProtection.exe
    C:\Windows\system32\SystemPropertiesProtection.exe
    1⤵
      PID:3028
    • C:\Users\Admin\AppData\Local\ACtx1\SystemPropertiesProtection.exe
      C:\Users\Admin\AppData\Local\ACtx1\SystemPropertiesProtection.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2676
    • C:\Windows\system32\winlogon.exe
      C:\Windows\system32\winlogon.exe
      1⤵
        PID:964
      • C:\Users\Admin\AppData\Local\6rI0wV\winlogon.exe
        C:\Users\Admin\AppData\Local\6rI0wV\winlogon.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2508
      • C:\Windows\system32\mstsc.exe
        C:\Windows\system32\mstsc.exe
        1⤵
          PID:1980
        • C:\Users\Admin\AppData\Local\CTDHVZD\mstsc.exe
          C:\Users\Admin\AppData\Local\CTDHVZD\mstsc.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2880

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\6rI0wV\WINSTA.dll
          Filesize

          1.2MB

          MD5

          d75c16f82958107ffb4530201c7e3abd

          SHA1

          134badec71d54bb8839656f397a6273adbd9373e

          SHA256

          06f53044e163ae6a2cb442cfe8cd8f4fbe296a8a2d0f70578735debc1a691c69

          SHA512

          564bee64e3a34ea5a733e56fead628446b96858d4cd10d31b97452dbf538853e88b12e080593688720796cbf5b5d13dbd2b162b500a184a70e8d6e7fee9ab5d0

          Download Submit

        • C:\Users\Admin\AppData\Local\ACtx1\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          bc0a5d65fefb3be48900809fe268a272

          SHA1

          628262999a0f992dc436abf97ce7f00b5a01681e

          SHA256

          6b1043828fd26360b2154fed433ca45433cca399bb4e536f14954dfb22aa55a0

          SHA512

          84b61bd808d8385fa83b3ed6859b8030f7691af765242b06ff4dab4436cfc04d78f07bf58f591270a38eec75995ebec38aca629b62db23e4d3a954b29fc5e01f

          Download Submit

        • C:\Users\Admin\AppData\Local\CTDHVZD\mstsc.exe
          Filesize

          1.1MB

          MD5

          50f739538ef014b2e7ec59431749d838

          SHA1

          b439762b8efe8cfb977e7374c11a7e4d8ed05eb3

          SHA256

          85c510c7fa8d64c70886ea01ec99e7b9064594f021a95b4cf88359421e732be3

          SHA512

          02e231ddc4ac012c597b9db42f8a77fbf35ca8253c030d443a0dd4db3d76a9ee1cced600f12d7bb06305e7a4da4a8fda980faad335adcb12738d80d453cb3cc8

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Nhelokvclymi.lnk
          Filesize

          1KB

          MD5

          d954dd4176968bee4bff00f285b22f7d

          SHA1

          8feb50d3e454eb4e5c1a3b10ae6d3fa4153ae117

          SHA256

          3f466524487303f73a93893cc6bb35b00eab1456eb7f90370d127a3b40ff8b4b

          SHA512

          be4e779035bb3058e99546e2f063cb9d6ccb87b68def4e8dc504e52e77e26aad3f23bf038ed2ee512eca8b4d6c8fdf53aae3b561e7235f7c79aca002943524fd

          Download Submit

        • \Users\Admin\AppData\Local\6rI0wV\winlogon.exe
          Filesize

          381KB

          MD5

          1151b1baa6f350b1db6598e0fea7c457

          SHA1

          434856b834baf163c5ea4d26434eeae775a507fb

          SHA256

          b1506e0a7e826eff0f5252ef5026070c46e2235438403a9a24d73ee69c0b8a49

          SHA512

          df728d06238da1dece96f8b8d67a2423ed4dcb344b42d5958768d23bd570a79e7189e7c5ba783c1628fe8ddd1deaebeacb1b471c59c8a7c9beb21b4f1eb9edab

          Download Submit

        • \Users\Admin\AppData\Local\ACtx1\SystemPropertiesProtection.exe
          Filesize

          80KB

          MD5

          05138d8f952d3fff1362f7c50158bc38

          SHA1

          780bc59fcddf06a7494d09771b8340acffdcc720

          SHA256

          753a43d8aa74341d06582bd6b3784dc5f8c6f46174c2a306cf284de238a9c6bd

          SHA512

          27fa8c0af3d01f0816852d04693087f3c25d1307d8857a7ea75b0bb3e0ac927d262f5ac5a335afee150142fa3187354d33ebbcf6c3cd5cc33cb4e6cd00c50255

          Download Submit

        • \Users\Admin\AppData\Local\CTDHVZD\WINMM.dll
          Filesize

          1.2MB

          MD5

          4fb0a8c5e119b61541115ea3d8ebb664

          SHA1

          3788ab79176c40aded1a79fecf4077e15d20264e

          SHA256

          dc51ca5586432cfa365b3d05c307cc12e9c0b80c6d25aeb699ade07e9d0ec48e

          SHA512

          6a2be037a8feaed06f4709d80075c388b9bd36ac5a35e45ee7d468536aaadb789d343a9d4189d3c93f29d4550a12d7ca0bbd73f14db616384d80e02d8a7bfd35

          Download Submit

        • memory/712-0-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/712-1-0x000007FEF80C0000-0x000007FEF81F1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/712-46-0x000007FEF80C0000-0x000007FEF81F1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-31-0x0000000077E50000-0x0000000077E52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1244-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-27-0x0000000077CC1000-0x0000000077CC2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-26-0x00000000024A0000-0x00000000024A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1244-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-39-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-4-0x0000000077AB6000-0x0000000077AB7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-5-0x00000000024C0000-0x00000000024C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-65-0x0000000077AB6000-0x0000000077AB7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2508-73-0x000007FEF80D0000-0x000007FEF8203000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2508-76-0x0000000001F90000-0x0000000001F97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2508-79-0x000007FEF80D0000-0x000007FEF8203000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2676-60-0x000007FEF8200000-0x000007FEF8332000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2676-55-0x000007FEF8200000-0x000007FEF8332000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2676-54-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2880-91-0x00000000001C0000-0x00000000001C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2880-97-0x000007FEF80D0000-0x000007FEF8203000-memory.dmp

          Filesize

          1.2MB

          Download