Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

85ca9b6e2d...18.dll

windows7-x64

10

85ca9b6e2d...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85ca9b6e2d3628cea4badad665e74407_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    85ca9b6e2d3628cea4badad665e74407

  • SHA1

    951a6bd5f11a3e473a5e13b4cd9d76e1d8128fa5

  • SHA256

    09fb14c04c646802ded6085bf57fd6afd60d168d570cfed4db4ff7e820d0db72

  • SHA512

    b3fa6263f5fd2e72dd20b36100e2272cb823f899123525bb7176acfeb481aadde026ab5edf8163a51aba7236008cd3ec3aa3419f0d779052ed35b23975c1cd66

  • SSDEEP

    24576:QuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N9t:A9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\85ca9b6e2d3628cea4badad665e74407_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2360
  • C:\Windows\system32\msdtc.exe
    C:\Windows\system32\msdtc.exe
    1⤵
      PID:2576
    • C:\Users\Admin\AppData\Local\NdZqUV\msdtc.exe
      C:\Users\Admin\AppData\Local\NdZqUV\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2780
    • C:\Windows\system32\rdpclip.exe
      C:\Windows\system32\rdpclip.exe
      1⤵
        PID:3012
      • C:\Users\Admin\AppData\Local\sa3\rdpclip.exe
        C:\Users\Admin\AppData\Local\sa3\rdpclip.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1684
      • C:\Windows\system32\TpmInit.exe
        C:\Windows\system32\TpmInit.exe
        1⤵
          PID:1992
        • C:\Users\Admin\AppData\Local\w7wLGNo\TpmInit.exe
          C:\Users\Admin\AppData\Local\w7wLGNo\TpmInit.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2092

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\NdZqUV\VERSION.dll
          Filesize

          1.2MB

          MD5

          984ff6bcd7b62254bb7c99ab04a7c03d

          SHA1

          3896cf396151768a03a4edfb493b1077e80fb646

          SHA256

          33c521bb96514b53157a51e3d5495939e245384544880f55f01b204c682c029f

          SHA512

          dccd45e3af6d2560587e22fdbf31a1fa5c1d006df9023ae84c64412e1296f15c06b0a83f1e1442f46068fe5437078a3b7cab79df53a241c5b7969c9e28eb8baa

          Download Submit

        • C:\Users\Admin\AppData\Local\sa3\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          58373b73bd7f56f7e0be202ed1c8a41f

          SHA1

          34fe46e13a9f52eeffeed8792de7535cb286ce41

          SHA256

          55452229621d68f87fb87f96852ef10d84adc97e05ce0afc1837c086583ca3cf

          SHA512

          6ba1c8089adbc908a4839d33c97e5d4a0d04a88df5589cb601c47efd1f5c219ce63dce7a066d87275349b8d9bc9947bd1e941f675b27fd30dafe0bd7e8bae166

          Download Submit

        • C:\Users\Admin\AppData\Local\w7wLGNo\Secur32.dll
          Filesize

          1.2MB

          MD5

          47131ba58417ad96aa7b4ee6b4c06193

          SHA1

          46e1fff3b75164d752fd4c88d119d3f221f53941

          SHA256

          9c0f50c8a847a971597040cb963658f3348238e03cf37b0135893df549291e41

          SHA512

          4e0b08d4f583c13ec755197639c9b1fcd629089c442ba6829a0fde1d4b9906e37d38a31d61f21e27f1eda11e5b09ac6abf302d6ddfa0fe8068f059884ae33a40

          Download Submit

        • C:\Users\Admin\AppData\Local\w7wLGNo\TpmInit.exe
          Filesize

          112KB

          MD5

          8b5eb38e08a678afa129e23129ca1e6d

          SHA1

          a27d30bb04f9fabdb5c92d5150661a75c5c7bc42

          SHA256

          4befa614e1b434b2f58c9e7ce947a946b1cf1834b219caeff42b3e36f22fd97c

          SHA512

          a7245cde299c68db85370ae1bdf32a26208e2cda1311afd06b0efd410664f36cafb62bf4b7ce058e203dcc515c45ebdef01543779ead864f3154175b7b36647d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ygxjfqh.lnk
          Filesize

          887B

          MD5

          b022e17c596472535197cb7a965e15b9

          SHA1

          110d0833d327c8d1f48699948191f33ed58bbc45

          SHA256

          f71d0fa0c0f7adbe04f89d80394833dabb54d09081d80e36544e2a3ae5297d53

          SHA512

          57e49fe84514f95896109ac1a982c3222dd898c106891011d93fd43bdc97f44cd8a0995d86c78ef06f1fbf9d7d90700b791882f28cce146a17260cd6b12ba95a

          Download Submit

        • \Users\Admin\AppData\Local\NdZqUV\msdtc.exe
          Filesize

          138KB

          MD5

          de0ece52236cfa3ed2dbfc03f28253a8

          SHA1

          84bbd2495c1809fcd19b535d41114e4fb101466c

          SHA256

          2fbbec4cacb5161f68d7c2935852a5888945ca0f107cf8a1c01f4528ce407de3

          SHA512

          69386134667626c60c99d941c8ab52f8e5235e3897b5af76965572287afd5dcd42b8207a520587844a57a268e4decb3f3c550e5b7a06230ee677dc5e40c50bb3

          Download Submit

        • \Users\Admin\AppData\Local\sa3\rdpclip.exe
          Filesize

          206KB

          MD5

          25d284eb2f12254c001afe9a82575a81

          SHA1

          cf131801fdd5ec92278f9e0ae62050e31c6670a5

          SHA256

          837e0d864c474956c0d9d4e7ae5f884007f19b7f420db9afcf0d266aefa6608b

          SHA512

          7b4f208fa1681a0a139577ebc974e7acfc85e3c906a674e111223783460585eb989cb6b38f215d79f89e747a0e9224d90e1aa43e091d2042edb8bac7b27b968b

          Download Submit

        • memory/1228-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-4-0x0000000077B46000-0x0000000077B47000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1228-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-26-0x0000000002AC0000-0x0000000002AC7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1228-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-27-0x0000000077C51000-0x0000000077C52000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1228-28-0x0000000077DE0000-0x0000000077DE2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1228-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-5-0x0000000002D50000-0x0000000002D51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1228-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1228-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1684-72-0x000007FEF7E50000-0x000007FEF7F82000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1684-75-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1684-78-0x000007FEF7E50000-0x000007FEF7F82000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2092-95-0x000007FEF7E50000-0x000007FEF7F82000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2360-46-0x000007FEF7E10000-0x000007FEF7F41000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2360-1-0x000007FEF7E10000-0x000007FEF7F41000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2360-0-0x00000000001B0000-0x00000000001B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2780-60-0x000007FEF72D0000-0x000007FEF7402000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2780-57-0x00000000000A0000-0x00000000000A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2780-54-0x000007FEF72D0000-0x000007FEF7402000-memory.dmp

          Filesize

          1.2MB

          Download