Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d7044a93e6...18.dll

windows7-x64

10

d7044a93e6...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 20:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7044a93e62fc987856a17bd21b84245_JaffaCakes118.dll

  • Size

    376KB

  • MD5

    d7044a93e62fc987856a17bd21b84245

  • SHA1

    64eca0c5ff2564df922acef6b04613fd77a41d84

  • SHA256

    499ca0fe7ccf47d465bb6dc804b978cd2785e99e45dd257d15fcbf101b26bcab

  • SHA512

    2669f3d2ae37a36de1e8ee2714c6ffdd2cf29f2fff439000e588d87173850b446650b0316b95f6df746f390c40d7437bf719e42e7095ff9bfbada9b992a1c8f2

  • SSDEEP

    6144:1PRMLaqvB+YPrj0qfKNr3IBBX3k7UZpSN/wpgLhGew+GOeD6FAOCQx2Sl:1PRGLsYPrjbKluBHk7UZpowWDeD6FaSl

Score
10/10
dridex10444botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

146.164.126.197:443

69.16.193.166:9443

193.90.12.122:3098

157.245.103.132:14043
rc4.plain
1
jsopLD6K7FhXYxgDoMa2WRik48K1cPadEOkJZuH
rc4.plain
1
GIzcTyvHjnMLukFZJfY2PtW2iDomatKk3n3dPowfkq5yAWGb1jteZJwoHTIcpMkNZKL

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 'dmod' strings 3 IoCs

    Detects 'dmod' strings in Dridex loader.

    botnetloader
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d7044a93e62fc987856a17bd21b84245_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\d7044a93e62fc987856a17bd21b84245_JaffaCakes118.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2672

Network

    No results found
  • 146.164.126.197:443
    regsvr32.exe
    152 B
     3
  • 146.164.126.197:443
    regsvr32.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2672-0-0x0000000074C4D000-0x0000000074C51000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2672-1-0x0000000074BF0000-0x0000000074C5F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2672-3-0x0000000074BF0000-0x0000000074C5F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2672-4-0x0000000074C4D000-0x0000000074C51000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2672-8-0x0000000074BF0000-0x0000000074C5F000-memory.dmp

    Filesize

    444KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.