Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ca85c8ac9e...18.dll

windows7-x64

10

ca85c8ac9e...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/08/2024, 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca85c8ac9e78fff1382072443b979d98_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    ca85c8ac9e78fff1382072443b979d98

  • SHA1

    ac2624a13f968db008cec1aac51691778b98c743

  • SHA256

    f493377faeb311a801726886346632f0cecb8f6a70547a01b69114192c3caa2a

  • SHA512

    3a273ec1b7b3c81a163bc2a5b4082da83427eaa798c449e34b25f79ca6ea4e84d749f319321604b9871ab4a9dc94b960d0e69a02244b9a44f7544a65bbc9b764

  • SSDEEP

    24576:muYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:G9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca85c8ac9e78fff1382072443b979d98_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4948
  • C:\Windows\system32\sigverif.exe
    C:\Windows\system32\sigverif.exe
    1⤵
      PID:4240
    • C:\Users\Admin\AppData\Local\uRQyG3u9T\sigverif.exe
      C:\Users\Admin\AppData\Local\uRQyG3u9T\sigverif.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3264
    • C:\Windows\system32\SystemPropertiesProtection.exe
      C:\Windows\system32\SystemPropertiesProtection.exe
      1⤵
        PID:668
      • C:\Users\Admin\AppData\Local\Lk5t\SystemPropertiesProtection.exe
        C:\Users\Admin\AppData\Local\Lk5t\SystemPropertiesProtection.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:264
      • C:\Windows\system32\RdpSa.exe
        C:\Windows\system32\RdpSa.exe
        1⤵
          PID:1080
        • C:\Users\Admin\AppData\Local\madyi\RdpSa.exe
          C:\Users\Admin\AppData\Local\madyi\RdpSa.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3724

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Lk5t\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          49f7c3397ef1fbc9307a8baa3025fbea

          SHA1

          fef05e4f5ab98ced1f7ef701f296df882750831c

          SHA256

          dfe98783bf583b18be0c492e95d0b9e151d075d78a2ee8c100426ab2117ef46c

          SHA512

          d73ad109f9f7232676935a9496a3a558edf2e9cd6208b7ac33f9d07c04847ba80a39f1fce0e97afb17a9d9f62a0fd4497931f06b59bed13309e468badfbd492a

          Download Submit

        • C:\Users\Admin\AppData\Local\Lk5t\SystemPropertiesProtection.exe
          Filesize

          82KB

          MD5

          26640d2d4fa912fc9a354ef6cfe500ff

          SHA1

          a343fd82659ce2d8de3beb587088867cf2ab8857

          SHA256

          a8ddf1b17b0cbc96a7eaedb0003aa7b1631da09ebfe85b387f8f630222511b37

          SHA512

          26162a3d9d4a8e3290dbcf6fe387b5c48ab1d9552aa02a38954649d877f408cb282e57580f81e15128e3a41da0eb58328d1d6253e1b57232f9a8cecdd99991dc

          Download Submit

        • C:\Users\Admin\AppData\Local\madyi\RdpSa.exe
          Filesize

          56KB

          MD5

          5992f5b5d0b296b83877da15b54dd1b4

          SHA1

          0d87be8d4b7aeada4b55d1d05c0539df892f8f82

          SHA256

          32f60eabe54c4d0cd0f0ec29f48f55ca1ad097bf35097247b186fd70426f847c

          SHA512

          4f6da913af530301da1d0638aa2635ada446ebee6e27b5059db5c2b7fe439162ac3b1a595ecf4163a093890df9ac94d9085a53d8c991e48703f9d2691326e7e6

          Download Submit

        • C:\Users\Admin\AppData\Local\madyi\WINSTA.dll
          Filesize

          1.2MB

          MD5

          d52be6ba03afad7b1c51a3b0a6804975

          SHA1

          c1e65350ee1a32a9a2969bb2333c63eff0f3006a

          SHA256

          fe4ad2a0e743df5d66486d4d1611f65a52485cde0b24da457054000892a24439

          SHA512

          eebbf6c84de3d789ae784e4ad25f6e5eea851b2587d5ac4251975e6a35f073629d0bf60796db2dd65ec550fd01796a8d7826b7e2d02d952ee9aba11e49435c3f

          Download Submit

        • C:\Users\Admin\AppData\Local\uRQyG3u9T\VERSION.dll
          Filesize

          1.2MB

          MD5

          08c7f661ff863e617d5fd2ac73226268

          SHA1

          7a32c98a2001adf5ce3802a1b265d0a00d088ab4

          SHA256

          dbc11644580df6f89d2199286dd61e6db69930033d4e3ec06ba7690b2c278faf

          SHA512

          e187f3449ad11b57b51ef01aed2b8cd7db7799c99bf6f4696560d60c71541e829cc56eb9e03d22621296e7e43307efa3796ea0d03486ce99ba52a52b84290d38

          Download Submit

        • C:\Users\Admin\AppData\Local\uRQyG3u9T\sigverif.exe
          Filesize

          77KB

          MD5

          2151a535274b53ba8a728e542cbc07a8

          SHA1

          a2304c0f2616a7d12298540dce459dd9ccf07443

          SHA256

          064de47877b00dc35886e829a697e4adb3d3cfdf294ddba13b6009a0f415b1bd

          SHA512

          e6fd520ee1bd80a5fe8a7c2ae6446dcaabd4e335a602c36356f85305abef751b7dffa7eaac1ec13c105ccd8c3e9070bd32ed4b14bc8a9e52dc5f47b936d69a9f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pvdelpvduyz.lnk
          Filesize

          1KB

          MD5

          a19219225b4c2238c199168dff98c15b

          SHA1

          afcf17be740b9e64691990e42dfb24eaa0faec08

          SHA256

          863ee310e6174b82f95bd630d591d161c61c4ffe94bb494559014ded1f7f9722

          SHA512

          65e20915b3a7f280b30004f9ec51e0d0eca52d3505bac43524338f28afe03d51723be3f69eadadc673772ba27440b5b32572bd6a765fecb4e07d29f8b35059d1

          Download Submit

        • memory/264-69-0x00007FFE73CD0000-0x00007FFE73E02000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/264-63-0x0000026D0D1B0000-0x0000026D0D1B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3264-52-0x00007FFE73CD0000-0x00007FFE73E02000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3264-46-0x00007FFE73CD0000-0x00007FFE73E02000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3264-49-0x0000018677370000-0x0000018677377000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3460-34-0x0000000003290000-0x0000000003297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3460-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-4-0x0000000004670000-0x0000000004671000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3460-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-5-0x00007FFE906AA000-0x00007FFE906AB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3460-36-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-35-0x00007FFE91970000-0x00007FFE91980000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3460-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3724-80-0x0000026C28E10000-0x0000026C28E17000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3724-81-0x00007FFE73CD0000-0x00007FFE73E03000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3724-86-0x00007FFE73CD0000-0x00007FFE73E03000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4948-0-0x000001FD73520000-0x000001FD73527000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4948-39-0x00007FFE830E0000-0x00007FFE83211000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4948-1-0x00007FFE830E0000-0x00007FFE83211000-memory.dmp

          Filesize

          1.2MB

          Download