Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

128c0d0800...18.dll

windows7-x64

10

128c0d0800...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/07/2024, 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    128c0d0800f9ddc1fc1ad2adbfe2af4c_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    128c0d0800f9ddc1fc1ad2adbfe2af4c

  • SHA1

    9eec1f0a49a705b50defa8855671e6265890992c

  • SHA256

    ec2deee820615d16428c4fa1b4d150ec6ed62fa45a11ef64f174fa297d3ad00d

  • SHA512

    64a7ffea8fc75775f5a72584a720606e71e3d5166fa25185ce4bc39d11e001d4fe9a54734933efa275ca770e8a3ebab1d6ed88f8eb1f9130db15e82d24538e4f

  • SSDEEP

    24576:muYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:G9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\128c0d0800f9ddc1fc1ad2adbfe2af4c_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3000
  • C:\Windows\system32\WFS.exe
    C:\Windows\system32\WFS.exe
    1⤵
      PID:1032
    • C:\Users\Admin\AppData\Local\ybCsi\WFS.exe
      C:\Users\Admin\AppData\Local\ybCsi\WFS.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4760
    • C:\Windows\system32\SndVol.exe
      C:\Windows\system32\SndVol.exe
      1⤵
        PID:2852
      • C:\Users\Admin\AppData\Local\kEIM9N\SndVol.exe
        C:\Users\Admin\AppData\Local\kEIM9N\SndVol.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1860
      • C:\Windows\system32\eudcedit.exe
        C:\Windows\system32\eudcedit.exe
        1⤵
          PID:4484
        • C:\Users\Admin\AppData\Local\7VrA9P\eudcedit.exe
          C:\Users\Admin\AppData\Local\7VrA9P\eudcedit.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4416

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\7VrA9P\MFC42u.dll
          Filesize

          1.2MB

          MD5

          c1748fca0640ddc45793711b172902f6

          SHA1

          97c50b908de286fdff7f2b3fab67d33a3a67c6b6

          SHA256

          e9809ad62a7b9c76b6ba64fe3cca56a5a64971c3508fdcb4b34596b0c18a59bd

          SHA512

          42524f5716ff7d9bdc63caadf302e2a675aacd8dd5e9fb66c88e18c5107106920e652195f2ebc3553b98b3774399b2d583c42a399954bd70cf3090bb46af1491

          Download Submit

        • C:\Users\Admin\AppData\Local\7VrA9P\eudcedit.exe
          Filesize

          365KB

          MD5

          a9de6557179d371938fbe52511b551ce

          SHA1

          def460b4028788ded82dc55c36cb0df28599fd5f

          SHA256

          83c8d1a7582b24b4bbc0d453c813487185c2b05c483bd1759ef647a7e7e92dfe

          SHA512

          5790cac8dae16a785b48f790e6645b137f211c1587fb64ea88e743b846ff3a886324afcfef4bebc61f869023b9a22ba925c461dfb2e12497b70f501e6b79153c

          Download Submit

        • C:\Users\Admin\AppData\Local\kEIM9N\SndVol.exe
          Filesize

          269KB

          MD5

          c5d939ac3f9d885c8355884199e36433

          SHA1

          b8f277549c23953e8683746e225e7af1c193ad70

          SHA256

          68b6ced01f5dfc2bc9556b005f4fff235a3d02449ad9f9e4de627c0e1424d605

          SHA512

          8488e7928e53085c00df096af2315490cd4b22ce2ce196b157dc0fbb820c5399a9dbd5dead40b24b99a4a32b6de66b4edc28339d7bacd9c1e7d5936604d1a4f0

          Download Submit

        • C:\Users\Admin\AppData\Local\kEIM9N\UxTheme.dll
          Filesize

          1.2MB

          MD5

          e778fbadc9fb2380a5494b8ed1ba79d4

          SHA1

          e67c2101d1554d1ea91c3906abf99b474f7857cb

          SHA256

          533af40a7889220680a8c2ce1532342a7b50f41a999abbd68681f92993b7ec52

          SHA512

          2ffff189b19dd5d93308b3c4e139f6fcbe25689b153f6d02c96afbc08597347d1af1b54a84d5cec2e94a7280a2c81edd9ed8315eceb973561fe67d570f03204d

          Download Submit

        • C:\Users\Admin\AppData\Local\ybCsi\MFC42u.dll
          Filesize

          1.2MB

          MD5

          8eb42e61528ee0cab6a6990d63871eb8

          SHA1

          9fcfaad8f5e9a03e813e36098215b103a990194d

          SHA256

          25d9f9ce4e81cac526229e47b6ba53b60ab79f596728e16b80beb20e293961a2

          SHA512

          4d7a96932cdb5dc7fafe7b32196f7b8c357995a5b99165b041574d457e8405cbc8501d651dc7761555a9c1d363038eaf4429450d39821fb870e068fea2cc4142

          Download Submit

        • C:\Users\Admin\AppData\Local\ybCsi\WFS.exe
          Filesize

          944KB

          MD5

          3cbc8d0f65e3db6c76c119ed7c2ffd85

          SHA1

          e74f794d86196e3bbb852522479946cceeed7e01

          SHA256

          e23e4182efe7ed61aaf369696e1ce304c3818df33d1663872b6d3c75499d81f4

          SHA512

          26ae5845a804b9eb752078f1ffa80a476648a8a9508b4f7ba56c94acd4198f3ba59c77add4feb7e0420070222af56521ca5f6334f466d5db272c816930513f0a

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Arrotspbllekcvw.lnk
          Filesize

          1KB

          MD5

          d6ef9e4aabf88c2762550820357dbcf6

          SHA1

          3a4a2726135737d7fa1af99467c89a167150e269

          SHA256

          c9353aa9628eebbce7ef1f16309a500e73eec4bcca5b46e9028f1ff420f48036

          SHA512

          b8cbe8ac0adb61e4f90505b68cbec7724c7c3be8bc2ad7df3e838d6ce0ef3b106b5feb84074ab8bd933c2b6432a4548b362353bf463370be641f52db21420be7

          Download Submit

        • memory/1860-63-0x00007FFBDC6D0000-0x00007FFBDC802000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1860-69-0x00007FFBDC6D0000-0x00007FFBDC802000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1860-66-0x00000140D8F40000-0x00000140D8F47000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3000-0-0x00007FFBDC6D0000-0x00007FFBDC801000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3000-39-0x00007FFBDC6D0000-0x00007FFBDC801000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3000-3-0x000001AE5AA60000-0x000001AE5AA67000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3412-36-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-4-0x0000000002A90000-0x0000000002A91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3412-6-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3412-32-0x00007FFBEA8CA000-0x00007FFBEA8CB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3412-33-0x0000000002AA0000-0x0000000002AA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3412-34-0x00007FFBEB150000-0x00007FFBEB160000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3412-24-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4416-86-0x00007FFBDC6D0000-0x00007FFBDC808000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4416-83-0x000002079A250000-0x000002079A257000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4760-46-0x00007FFBDC6D0000-0x00007FFBDC808000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4760-49-0x0000010F0B150000-0x0000010F0B157000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4760-52-0x00007FFBDC6D0000-0x00007FFBDC808000-memory.dmp

          Filesize

          1.2MB

          Download