Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

144023104c...18.dll

windows7-x64

10

144023104c...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28/07/2024, 10:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    144023104c70b0a9aa922598713dc3ff_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    144023104c70b0a9aa922598713dc3ff

  • SHA1

    85f48200ea9ff6a73c6ae805a8f3533a1197431e

  • SHA256

    1c96cd76a5127c8080f7a82d9d488dcb7914d8f412ae35a26c6ba45216e60d6c

  • SHA512

    b6b501105c3411e120cc9786840248f7dfecc24325e8c74b6c2434f4340aa26a4925ee81faa9e3e64fe88e29c4b5bb7a5f3820ea9d0f7a829fa37e4ff6378069

  • SSDEEP

    24576:LuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:V9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\144023104c70b0a9aa922598713dc3ff_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2668
  • C:\Windows\system32\dpnsvr.exe
    C:\Windows\system32\dpnsvr.exe
    1⤵
      PID:2172
    • C:\Users\Admin\AppData\Local\bIxOvTO\dpnsvr.exe
      C:\Users\Admin\AppData\Local\bIxOvTO\dpnsvr.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3044
    • C:\Windows\system32\p2phost.exe
      C:\Windows\system32\p2phost.exe
      1⤵
        PID:2952
      • C:\Users\Admin\AppData\Local\eCSTyyuA\p2phost.exe
        C:\Users\Admin\AppData\Local\eCSTyyuA\p2phost.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2936
      • C:\Windows\system32\SystemPropertiesProtection.exe
        C:\Windows\system32\SystemPropertiesProtection.exe
        1⤵
          PID:492
        • C:\Users\Admin\AppData\Local\RIPm\SystemPropertiesProtection.exe
          C:\Users\Admin\AppData\Local\RIPm\SystemPropertiesProtection.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2796

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\RIPm\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          3d067e4e58fec0a87906aecf588cbaa5

          SHA1

          28c3eb0e8535c6396dc7734887687e22671804d4

          SHA256

          dbaea653508ca8f611ef7b6546847796f4428bb1a5117f33f70562f027073dad

          SHA512

          320630e21af2e82dce8ea43f2bf5443768da3b08833ce90588d91426e419e4ea4405adf88b4c49bc1a2310221ad19cbb5a59461a59c2788af362ad081c886cd9

          Download Submit

        • C:\Users\Admin\AppData\Local\bIxOvTO\WINMM.dll
          Filesize

          1.2MB

          MD5

          b31d044f29376a9e5cac3a8bd37292e9

          SHA1

          43a12b1439481d279bff92f1bac67a7005dea5bf

          SHA256

          789cdac6dd82bb8d767137f19c19c66a15d7051c2087baaf2043410365cfb5e9

          SHA512

          db59e978fb3f4e3e9de8786d3f8220379dd7978fc939b9c77c44971ce89ea9e97a4cf85cb07d6e0faa8a834d0ebfe7517c97fa9d9c7d1450150945c63a534c16

          Download Submit

        • C:\Users\Admin\AppData\Local\eCSTyyuA\P2PCOLLAB.dll
          Filesize

          1.2MB

          MD5

          d12e885a875acbf011e064d46dafd07e

          SHA1

          16feec32e1e11e39baf84a8a9626ab5f4f1a73e1

          SHA256

          6c775d3f17a03ef2f67b8201f78e63313f94d2452a5903fb6740934a5ce0d568

          SHA512

          090540ee6c6ecce795e2e630d6b5f7979d79fc8d3c35785a97348d4a442e48faecafa5126ddad6a4f07ec0da01c873d7339e70a2752dc8cd905187be3a8f65ee

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ygxjfqh.lnk
          Filesize

          1KB

          MD5

          555b82e6422ca5b40fac28c1cf5e6207

          SHA1

          12d5657ef793ad74a90912a9d45ae8701a7a6ebd

          SHA256

          31f342b5d8ce0e774d00cde38889f6a954689c0ccd7d456663b0fced471a7cff

          SHA512

          4470ba3e642c4dd3571d478fd4c8f987aa22cb1b5c44caf99bb840c4009df14397313f0f6b2b64d65a80b263b76727e1caed4fab3a1ba8314c68d593a3777a5a

          Download Submit

        • \Users\Admin\AppData\Local\RIPm\SystemPropertiesProtection.exe
          Filesize

          80KB

          MD5

          05138d8f952d3fff1362f7c50158bc38

          SHA1

          780bc59fcddf06a7494d09771b8340acffdcc720

          SHA256

          753a43d8aa74341d06582bd6b3784dc5f8c6f46174c2a306cf284de238a9c6bd

          SHA512

          27fa8c0af3d01f0816852d04693087f3c25d1307d8857a7ea75b0bb3e0ac927d262f5ac5a335afee150142fa3187354d33ebbcf6c3cd5cc33cb4e6cd00c50255

          Download Submit

        • \Users\Admin\AppData\Local\bIxOvTO\dpnsvr.exe
          Filesize

          33KB

          MD5

          6806b72978f6bd27aef57899be68b93b

          SHA1

          713c246d0b0b8dcc298afaed4f62aed82789951c

          SHA256

          3485ee4159c5f9e4ed9dd06e668d1e04148154ff40327a9ccb591e8c5a79958c

          SHA512

          43c942358b2e949751149ecc4be5ff6cb0634957ff1128ad5e6051e83379fb5643100cae2f6ef3eaf36aff016063c150e93297aa866e780d0e4d51656a251c7b

          Download Submit

        • \Users\Admin\AppData\Local\eCSTyyuA\p2phost.exe
          Filesize

          172KB

          MD5

          0dbd420477352b278dfdc24f4672b79c

          SHA1

          df446f25be33ac60371557717073249a64e04bb2

          SHA256

          1baba169de6c8f3b3c33cea96314c67b709a171bdc8ea9c250a0d016db767345

          SHA512

          84014b2dcc00f9fa1a337089ad4d4abcaa9e3155171978ec07bc155ddaebebfabb529d8de3578e564b3aae59545f52d71af173ebb50d2af252f219ac60b453d1

          Download Submit

        • memory/1252-25-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-24-0x00000000025D0000-0x00000000025D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1252-4-0x00000000779D6000-0x00000000779D7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1252-16-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-36-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-38-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-5-0x0000000002B00000-0x0000000002B01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1252-29-0x0000000077D70000-0x0000000077D72000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1252-28-0x0000000077BE1000-0x0000000077BE2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1252-74-0x00000000779D6000-0x00000000779D7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1252-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1252-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2668-45-0x000007FEF7EA0000-0x000007FEF7FD0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2668-3-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2668-1-0x000007FEF7EA0000-0x000007FEF7FD0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2796-89-0x000007FEF7E90000-0x000007FEF7FC1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2796-92-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2796-95-0x000007FEF7E90000-0x000007FEF7FC1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2936-71-0x000007FEF7E40000-0x000007FEF7F71000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2936-77-0x000007FEF7E40000-0x000007FEF7F71000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3044-59-0x000007FEF7FC0000-0x000007FEF80F2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3044-56-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3044-53-0x000007FEF7FC0000-0x000007FEF80F2000-memory.dmp

          Filesize

          1.2MB

          Download