Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

82ad4f64c8...18.dll

windows7-x64

10

82ad4f64c8...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 02:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82ad4f64c89c3bbbd8cd8e53607071ea_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    82ad4f64c89c3bbbd8cd8e53607071ea

  • SHA1

    c93046e3777bdce827ecc58e9de0420ddc1cd5a1

  • SHA256

    a594d78a5f1c9a6ca8d3b108513c84fcf4d12819dee46890074d5b0688120ac1

  • SHA512

    aed739f5ebac5f5a5c34632e451d0a0c650227650361fe052dcdd7ee76466ad96c3df3eaeac66ddb98a09c7cf9a3ff717897b5e0ff6d8dfd03b86992bc29236d

  • SSDEEP

    24576:muYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:G9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\82ad4f64c89c3bbbd8cd8e53607071ea_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2096
  • C:\Windows\system32\Netplwiz.exe
    C:\Windows\system32\Netplwiz.exe
    1⤵
      PID:2676
    • C:\Users\Admin\AppData\Local\j3FwB\Netplwiz.exe
      C:\Users\Admin\AppData\Local\j3FwB\Netplwiz.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2664
    • C:\Windows\system32\DeviceDisplayObjectProvider.exe
      C:\Windows\system32\DeviceDisplayObjectProvider.exe
      1⤵
        PID:396
      • C:\Users\Admin\AppData\Local\psrX9\DeviceDisplayObjectProvider.exe
        C:\Users\Admin\AppData\Local\psrX9\DeviceDisplayObjectProvider.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2388
      • C:\Windows\system32\wscript.exe
        C:\Windows\system32\wscript.exe
        1⤵
          PID:2924
        • C:\Users\Admin\AppData\Local\eshiDYnrK\wscript.exe
          C:\Users\Admin\AppData\Local\eshiDYnrK\wscript.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3032

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\eshiDYnrK\VERSION.dll
          Filesize

          1.2MB

          MD5

          2ee1777b4c0dc96c2512e03b684b0dbc

          SHA1

          d53ec7e8902736120fc02dd93828f30dfa48524a

          SHA256

          407dd8671d31147c96623cecbe089e1d047ec7595e642d1fdb484758f11c1ba1

          SHA512

          25aa3a028c0c50772b0e4434c44a62db735ce0edefd1f3ed00e3f4b30926d0ea6bfcd1a5bb40d9e9cd4d0f3ca4bb4d648ea69b041dcc2f65d0c22d1dc92038ed

          Download Submit

        • C:\Users\Admin\AppData\Local\eshiDYnrK\wscript.exe
          Filesize

          165KB

          MD5

          8886e0697b0a93c521f99099ef643450

          SHA1

          851bd390bf559e702b8323062dbeb251d9f2f6f7

          SHA256

          d73f7ee4e6e992a618d02580bdbf4fd6ba7c683d110928001092f4073341e95f

          SHA512

          fc4a176f49a69c5600c427af72d3d274cfeacef48612b18cda966c3b4dda0b9d59c0fe8114d5ed8e0fec780744346e2cd503d1fd15c0c908908d067214b9d837

          Download Submit

        • C:\Users\Admin\AppData\Local\j3FwB\NETPLWIZ.dll
          Filesize

          1.2MB

          MD5

          a06a1ff1a6dd68513d4c12c0aba700bf

          SHA1

          2ede17c9a8c0a368aa8db4d2cee32d144ec194e9

          SHA256

          c449db27f44a18d90537f3c19644db3615b9307b93290a2c427a9c0a8bb407c2

          SHA512

          32c0d7cab4295c60d928e850b4f98bf9960d0b294a503adf474e96af8308b69223b13f4ea88e0a740d78f13575eee789f4f0d1cdaff69f194560791f880160b5

          Download Submit

        • C:\Users\Admin\AppData\Local\psrX9\XmlLite.dll
          Filesize

          1.2MB

          MD5

          c92062f8b38776212c935dc048b4608c

          SHA1

          e037c779c76eafacc7f0029edfd31b897a5bd1cd

          SHA256

          49cfd2fdf31a4c58029c7ecdea38f6ebea8a624706397aff4eabaa38cfbe1b02

          SHA512

          67c04bca0678808a95aea33f4bd1ec18bae45e9ae51ebe54928e4fc3e23cf06ebe190bf6dffd924da7aff4adc8bc1e526468641726512da572f496e911d94700

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dzyzbjcaevupvd.lnk
          Filesize

          1KB

          MD5

          b600f085b5d1099c8f35175b169efd6f

          SHA1

          3bb058c888c92508093bda96c6c724419c4121ab

          SHA256

          679324282caa16e2eddf1301af4e94ceeb43c3027d541c5870260ec728e20bb3

          SHA512

          87b668976e87a84d73947ac007797b9490bdd0bc333a91bda855a7e7d7115f0563772122ecb98467697aa00803d6e4b7aa53af0799922f1a4d8084d693665594

          Download Submit

        • \Users\Admin\AppData\Local\j3FwB\Netplwiz.exe
          Filesize

          26KB

          MD5

          e43ec3c800d4c0716613392e81fba1d9

          SHA1

          37de6a235e978ecf3bb0fc2c864016c5b0134348

          SHA256

          636606415a85a16a7e6c5c8fcbdf35494991bce1c37dfc19c75ecb7ce12dc65c

          SHA512

          176c6d8b87bc5a9ca06698e2542ff34d474bcbbf21278390127981366eda89769bd9dd712f3b34f4dd8332a0b40ee0e609276400f16b51999471c8ff24522a08

          Download Submit

        • \Users\Admin\AppData\Local\psrX9\DeviceDisplayObjectProvider.exe
          Filesize

          109KB

          MD5

          7e2eb3a4ae11190ef4c8a9b9a9123234

          SHA1

          72e98687a8d28614e2131c300403c2822856e865

          SHA256

          8481a8ec19cb656ce328c877d5817d317203ba34424a2e9d169ddce5bf2cd2b0

          SHA512

          18b1a0637f48929972a463d441182307725ebf1410dd461a1966bd040ac5dcced138155b7c713bfc924ea2f7b39527a084a08b44fa24c3eb9c654871f99caabf

          Download Submit

        • memory/1116-27-0x0000000076FD1000-0x0000000076FD2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1116-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-4-0x0000000076EC6000-0x0000000076EC7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1116-26-0x0000000002DD0000-0x0000000002DD7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1116-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-18-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-5-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1116-28-0x0000000077160000-0x0000000077162000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1116-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-75-0x0000000076EC6000-0x0000000076EC7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1116-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2096-46-0x000007FEF6380000-0x000007FEF64B1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2096-0-0x0000000000440000-0x0000000000447000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2096-1-0x000007FEF6380000-0x000007FEF64B1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2388-72-0x000007FEF6380000-0x000007FEF64B2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2388-76-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2388-79-0x000007FEF6380000-0x000007FEF64B2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2664-60-0x000007FEF6E90000-0x000007FEF6FC2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2664-55-0x000007FEF6E90000-0x000007FEF6FC2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2664-54-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3032-99-0x000007FEF6380000-0x000007FEF64B2000-memory.dmp

          Filesize

          1.2MB

          Download