Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

c993b31ce4...5f.dll

windows7-x64

10

c993b31ce4...5f.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 02:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c993b31ce40179bd8997e6a298875c02744cc7d07225dad945a88d7ac755515f.dll

  • Size

    940KB

  • MD5

    eac9db11159f94acffc10b94097debea

  • SHA1

    c2b90ec31a8ba440f14131e5598cecdc65db300a

  • SHA256

    c993b31ce40179bd8997e6a298875c02744cc7d07225dad945a88d7ac755515f

  • SHA512

    4c33638e34a9dcd5f05dab7f212c3dd8c0f293f5f61eb582420171712b27474fa043f1649a6e35c07f1c32afeb981027d14c6fae1361d788c29bb5144e109911

  • SSDEEP

    12288:H0YTYL6Mqi7W8xto9OpWswk1GNup1XhBmsUqOZEYUANgBomHGe0zcPTP3E:H0CYZWgtWkEuHXhBmLHeuWBomaiP

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 12 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c993b31ce40179bd8997e6a298875c02744cc7d07225dad945a88d7ac755515f.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:808
  • C:\Windows\system32\wusa.exe
    C:\Windows\system32\wusa.exe
    1⤵
      PID:2704
    • C:\Users\Admin\AppData\Local\Aj9kz\wusa.exe
      C:\Users\Admin\AppData\Local\Aj9kz\wusa.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2776
    • C:\Windows\system32\DeviceDisplayObjectProvider.exe
      C:\Windows\system32\DeviceDisplayObjectProvider.exe
      1⤵
        PID:2596
      • C:\Users\Admin\AppData\Local\fjYFq\DeviceDisplayObjectProvider.exe
        C:\Users\Admin\AppData\Local\fjYFq\DeviceDisplayObjectProvider.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2616
      • C:\Windows\system32\calc.exe
        C:\Windows\system32\calc.exe
        1⤵
          PID:2404
        • C:\Users\Admin\AppData\Local\AkW\calc.exe
          C:\Users\Admin\AppData\Local\AkW\calc.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1736

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Aj9kz\WTSAPI32.dll
          Filesize

          944KB

          MD5

          0e0859d7116b42b3342c0e560a0bf508

          SHA1

          3a3aa1245e3eb21213376eb6e6ff30b321d5d9ee

          SHA256

          2c5748560d5dc952f2ab4e79341ad632c6b4ce1dd05e90d04447b2076b3b87d6

          SHA512

          e71851254af201b09b3ff639240c19699dba4d579ee3fed79517b1b432b3af55e93b01100af3f7d40aae8d0b77f839b270ce4494d1030cda38032fa5185c165c

          Download Submit

        • C:\Users\Admin\AppData\Local\fjYFq\XmlLite.dll
          Filesize

          944KB

          MD5

          6cfd118462f08458d24e0792f4195a6d

          SHA1

          2dda1644d6064d2c547263a9bde83981418b1082

          SHA256

          9e63ab8574904fb94040744d79f7d948ae9bc386294a8cdced99033f6e4097e0

          SHA512

          983731594f75d84f96b112152590a8f81a6d937379ea4731c3a723ea1c1cd6e1fc3d1a7ab35ab7a8afd355c2db61ac4aed28c97f8f8ce6579d56ca172ac8aead

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Lcuygmmobxhxaxh.lnk
          Filesize

          1KB

          MD5

          96bedf72c78530c83cf6cafea6c7b3bf

          SHA1

          91e9d5de2638afbfa2b674a85a57bdf1aab96312

          SHA256

          c8350d3a5a6c6f645342bd627653f2243b7342d74edef314187cecfc0a78c941

          SHA512

          ad5005089a58f4e7ac554184e4a8bf513aeb39b1bc82ff539fe60c3b9d3b2456f04209ff3755fbd692da9345b4d039a3b30f807374b336b7a45d7705e9f69b62

          Download Submit

        • \Users\Admin\AppData\Local\Aj9kz\wusa.exe
          Filesize

          300KB

          MD5

          c15b3d813f4382ade98f1892350f21c7

          SHA1

          a45c5abc6751bc8b9041e5e07923fa4fc1b4542b

          SHA256

          8f067da98eb3ea9f1db2f0063ff54e07d992fbf051779b467e222639be4127e3

          SHA512

          6d028fe81fe45d0ef291741513ecf939e412912647347d4d5bad89571f33e1084dc0fd26eb7313c7191f938c3f50243f453e2690e2475fc3f5539a20c2ff2f3c

          Download Submit

        • \Users\Admin\AppData\Local\AkW\WINMM.dll
          Filesize

          948KB

          MD5

          5ddb6742630694b5e04f9fbac63bc6f3

          SHA1

          f34191cf57d8c15ac32b974e40f4ac0edd5f7977

          SHA256

          983bb4d064e5fee6983093bff8ae580b640f321eca6aa94f33413ab8b7622a57

          SHA512

          b039905679beb9b76c7382a8df11f10bfc7e59003c25f2ed73b74163a4dda960974e10d5cd2a456dea733ebafd4715a476de00accac219634e3951c470369929

          Download Submit

        • \Users\Admin\AppData\Local\AkW\calc.exe
          Filesize

          897KB

          MD5

          10e4a1d2132ccb5c6759f038cdb6f3c9

          SHA1

          42d36eeb2140441b48287b7cd30b38105986d68f

          SHA256

          c6a91cba00bf87cdb064c49adaac82255cbec6fdd48fd21f9b3b96abf019916b

          SHA512

          9bd44afb164ab3e09a784c765cd03838d2e5f696c549fc233eb5a69cada47a8e1fb62095568cb272a80da579d9d0e124b1c27cf61bb2ac8cf6e584a722d8864d

          Download Submit

        • \Users\Admin\AppData\Local\fjYFq\DeviceDisplayObjectProvider.exe
          Filesize

          109KB

          MD5

          7e2eb3a4ae11190ef4c8a9b9a9123234

          SHA1

          72e98687a8d28614e2131c300403c2822856e865

          SHA256

          8481a8ec19cb656ce328c877d5817d317203ba34424a2e9d169ddce5bf2cd2b0

          SHA512

          18b1a0637f48929972a463d441182307725ebf1410dd461a1966bd040ac5dcced138155b7c713bfc924ea2f7b39527a084a08b44fa24c3eb9c654871f99caabf

          Download Submit

        • memory/808-2-0x00000000000A0000-0x00000000000A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/808-0-0x000007FEF66A0000-0x000007FEF678B000-memory.dmp

          Filesize

          940KB

          Download

        • memory/808-45-0x000007FEF66A0000-0x000007FEF678B000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-12-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-10-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-26-0x0000000077730000-0x0000000077732000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1216-25-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-24-0x0000000002640000-0x0000000002647000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1216-16-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-15-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-14-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-13-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-11-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-36-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-38-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-7-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-46-0x00000000773C6000-0x00000000773C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-8-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-27-0x0000000077760000-0x0000000077762000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1216-3-0x00000000773C6000-0x00000000773C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-4-0x0000000002E10000-0x0000000002E11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-6-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-17-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1216-9-0x0000000140000000-0x00000001400EB000-memory.dmp

          Filesize

          940KB

          Download

        • memory/1736-88-0x0000000000380000-0x0000000000387000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1736-89-0x000007FEF66A0000-0x000007FEF678D000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1736-93-0x000007FEF66A0000-0x000007FEF678D000-memory.dmp

          Filesize

          948KB

          Download

        • memory/2616-71-0x00000000000E0000-0x00000000000E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2616-72-0x000007FEF66A0000-0x000007FEF678C000-memory.dmp

          Filesize

          944KB

          Download

        • memory/2616-76-0x000007FEF66A0000-0x000007FEF678C000-memory.dmp

          Filesize

          944KB

          Download

        • memory/2776-59-0x000007FEF6D30000-0x000007FEF6E1C000-memory.dmp

          Filesize

          944KB

          Download

        • memory/2776-55-0x000007FEF6D30000-0x000007FEF6E1C000-memory.dmp

          Filesize

          944KB

          Download

        • memory/2776-54-0x0000000000090000-0x0000000000097000-memory.dmp

          Filesize

          28KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.