Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

14fff56aba...18.dll

windows7-x64

10

14fff56aba...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/07/2024, 10:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14fff56abaf6a088651764782bc59549_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    14fff56abaf6a088651764782bc59549

  • SHA1

    b8df62e709c9c42ff241448557973c8f7fca43cb

  • SHA256

    caa4ce651ab88ad9a49b05e59df3065f8488b9051b3195849775dc29e83957b6

  • SHA512

    c59177fba64d6c286b1d74af945ffd73b55cd6734b194803862534337c9e838131ede5d5f59c9834cfeebf5b399f281a7af91eebf43b779d730821aef5d37d62

  • SSDEEP

    24576:fuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:h9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\14fff56abaf6a088651764782bc59549_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4704
  • C:\Windows\system32\wextract.exe
    C:\Windows\system32\wextract.exe
    1⤵
      PID:4788
    • C:\Users\Admin\AppData\Local\d9L5g\wextract.exe
      C:\Users\Admin\AppData\Local\d9L5g\wextract.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1156
    • C:\Windows\system32\Taskmgr.exe
      C:\Windows\system32\Taskmgr.exe
      1⤵
        PID:4568
      • C:\Users\Admin\AppData\Local\GT4mbDEGR\Taskmgr.exe
        C:\Users\Admin\AppData\Local\GT4mbDEGR\Taskmgr.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3160
      • C:\Windows\system32\sigverif.exe
        C:\Windows\system32\sigverif.exe
        1⤵
          PID:4380
        • C:\Users\Admin\AppData\Local\8oaH1MKs\sigverif.exe
          C:\Users\Admin\AppData\Local\8oaH1MKs\sigverif.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1200

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\8oaH1MKs\VERSION.dll
          Filesize

          1.2MB

          MD5

          ca9c995f248780062ae5ba430a6d9538

          SHA1

          3578725c55dcb0a9eef25dc7a54dd0c9e1ee4a0e

          SHA256

          4f6e41a0da229dc83c3c5a0ac59762db08c68862a301efefda1eee41fa11ed50

          SHA512

          b4b142fc479eb08f2dc42c43f254b37a777989bc88a805f0587c628f8e8a31d5bb97edca528a42a08018cbb33336e91fe1f297b95af6b6113a691d80ca8d2a3a

          Download Submit

        • C:\Users\Admin\AppData\Local\8oaH1MKs\sigverif.exe
          Filesize

          77KB

          MD5

          2151a535274b53ba8a728e542cbc07a8

          SHA1

          a2304c0f2616a7d12298540dce459dd9ccf07443

          SHA256

          064de47877b00dc35886e829a697e4adb3d3cfdf294ddba13b6009a0f415b1bd

          SHA512

          e6fd520ee1bd80a5fe8a7c2ae6446dcaabd4e335a602c36356f85305abef751b7dffa7eaac1ec13c105ccd8c3e9070bd32ed4b14bc8a9e52dc5f47b936d69a9f

          Download Submit

        • C:\Users\Admin\AppData\Local\GT4mbDEGR\Taskmgr.exe
          Filesize

          1.2MB

          MD5

          58d5bc7895f7f32ee308e34f06f25dd5

          SHA1

          7a7f5e991ddeaf73e15a0fdcb5c999c0248a2fa4

          SHA256

          4e305198f15bafd5728b5fb8e7ff48d9f312399c744ecfea0ecac79d93c5e478

          SHA512

          872c84c92b0e4050ae4a4137330ec3cda30008fd15d6413bf7a913c03a021ad41b6131e5a7356b374ced98d37ae207147ebefd93893560dc15c3e9875f93f7a9

          Download Submit

        • C:\Users\Admin\AppData\Local\GT4mbDEGR\credui.dll
          Filesize

          1.2MB

          MD5

          d11072e2ea5dfc24318bb31d7583a7b2

          SHA1

          5ab68c60fa9a0016a7c3d2381ac5184dddcf9296

          SHA256

          90861338d3f64c48be4f7e8f80fb847ce099bfadda0c27ec66d4107983ef7348

          SHA512

          5c87a8acdf4b411eb05be0912773ad0abcb86f6b65f10c3e59f2b71371814c8fa7c81da198549515c50cb94fbd3952690a71a1ebcf723cab080ac4dbfe132c55

          Download Submit

        • C:\Users\Admin\AppData\Local\d9L5g\VERSION.dll
          Filesize

          1.2MB

          MD5

          2f369470928ef2d50f1485d731097955

          SHA1

          c2135a4f0687d420e96881188f27b2145d9054ac

          SHA256

          c418ebe615e39fa333cd7c59e80f74e48dd6653fee082551703446f4d2f36fb3

          SHA512

          c46972bdf020809d2665599d2b02039394c7348889dc9ec8dc7243f0b7c86e91240a931d2ff83448d87fb5e504f83ef0092c4617d35455eab6ee3fa51b265574

          Download Submit

        • C:\Users\Admin\AppData\Local\d9L5g\wextract.exe
          Filesize

          143KB

          MD5

          56e501e3e49cfde55eb1caabe6913e45

          SHA1

          ab2399cbf17dbee7b302bea49e40d4cee7caea76

          SHA256

          fbb6dc62abeeb222b49a63f43dc6eea96f3d7e9a8da55381c15d57a5d099f3e0

          SHA512

          2b536e86cbd8ab026529ba2c72c0fda97e9b6f0bc4fd96777024155852670cb41d17937cde372a44cdbad3e53b8cd3ef1a4a3ee9b34dfb3c2069822095f7a172

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rzzww.lnk
          Filesize

          1KB

          MD5

          1b8b7eb5635cc85d2e32b580d22b73c1

          SHA1

          89f2284cf7ae19bce840ce6ff7c2989608488a1c

          SHA256

          a797273dca427ed35f23039c3633fa09f91e695774f0862dd4b3ca8b1d464b25

          SHA512

          fd5631def321ed45fa8c01d28c24689b2162a2dd441fcea75152ad98f21d0cd00bbf0fba91722e149129b7ba11e8197e15b1a55656a474eab725b60671cc3a26

          Download Submit

        • memory/1156-51-0x00007FFF898C0000-0x00007FFF899F1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1156-46-0x00007FFF898C0000-0x00007FFF899F1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1156-45-0x000001FEB4010000-0x000001FEB4017000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1200-84-0x00007FFF898C0000-0x00007FFF899F1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3160-65-0x000002739ACC0000-0x000002739ACC7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3160-68-0x00007FFF898C0000-0x00007FFF899F1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-35-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-34-0x00007FFF97B90000-0x00007FFF97BA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3516-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-4-0x0000000003210000-0x0000000003211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3516-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-32-0x00007FFF961FA000-0x00007FFF961FB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3516-6-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-33-0x0000000001300000-0x0000000001307000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3516-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-23-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3516-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4704-0-0x000001D0CFE20000-0x000001D0CFE27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4704-38-0x00007FFF898D0000-0x00007FFF89A00000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4704-1-0x00007FFF898D0000-0x00007FFF89A00000-memory.dmp

          Filesize

          1.2MB

          Download