Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f4dcda795d...18.dll

windows7-x64

10

f4dcda795d...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 01:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4dcda795d669eadc3e6aece306f5edd_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    f4dcda795d669eadc3e6aece306f5edd

  • SHA1

    11264496a75d446d6d6f443d8200caad04340ed9

  • SHA256

    1c173d1937e8af89b502f278fb6053f5a1823663ff45e9d9b174483c5d7b46df

  • SHA512

    93b7ade0fa90d5f7b0db616d79c498b43aeeb92de6e264c7908124c78f8b57cf5554e26ad36e7c08a36cf6c65207760eb60846c63e215dd3852226aa6d9ba165

  • SSDEEP

    24576:luYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9Nipt:f9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f4dcda795d669eadc3e6aece306f5edd_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1244
  • C:\Windows\system32\OptionalFeatures.exe
    C:\Windows\system32\OptionalFeatures.exe
    1⤵
      PID:2068
    • C:\Users\Admin\AppData\Local\N1kJMLe\OptionalFeatures.exe
      C:\Users\Admin\AppData\Local\N1kJMLe\OptionalFeatures.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2632
    • C:\Windows\system32\dpapimig.exe
      C:\Windows\system32\dpapimig.exe
      1⤵
        PID:2212
      • C:\Users\Admin\AppData\Local\uyP\dpapimig.exe
        C:\Users\Admin\AppData\Local\uyP\dpapimig.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2920
      • C:\Windows\system32\rdpclip.exe
        C:\Windows\system32\rdpclip.exe
        1⤵
          PID:1476
        • C:\Users\Admin\AppData\Local\y9tPWsDQ4\rdpclip.exe
          C:\Users\Admin\AppData\Local\y9tPWsDQ4\rdpclip.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2108

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\N1kJMLe\appwiz.cpl
          Filesize

          1.2MB

          MD5

          09b9bc8499ab0cce52d08e83dd0e3537

          SHA1

          4aac1a29289a2baf685518d666b000211c00856b

          SHA256

          2d4cc2aed7904d4d0f07d1e9b4c58987e7af27fe1b3f55580cccd25cbc7a6bbd

          SHA512

          f2d1fc42927381e9bc58e3b368092406d5b54d064efe8c4cc270c0d6bf5e914e8eee5f163f87293292afcfb3b62a9ee05b289d461d82fc49a445fb93c6b40b7d

          Download Submit

        • C:\Users\Admin\AppData\Local\y9tPWsDQ4\rdpclip.exe
          Filesize

          206KB

          MD5

          25d284eb2f12254c001afe9a82575a81

          SHA1

          cf131801fdd5ec92278f9e0ae62050e31c6670a5

          SHA256

          837e0d864c474956c0d9d4e7ae5f884007f19b7f420db9afcf0d266aefa6608b

          SHA512

          7b4f208fa1681a0a139577ebc974e7acfc85e3c906a674e111223783460585eb989cb6b38f215d79f89e747a0e9224d90e1aa43e091d2042edb8bac7b27b968b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ygxjfqh.lnk
          Filesize

          952B

          MD5

          aad769598bbee0370d8ab2fb04927ccb

          SHA1

          eeec49e12616f2258ddc7c802ccd57024852509f

          SHA256

          6e8da17efe5e561867abd696f6b4bd817ce3da3874f7adb0f98cb3c6e37487e8

          SHA512

          0935ba595cd743a48fa4a27625c9a537c30489953831310ce30e7816ab4923bf56e2d6581ba6b1ce278980fbef529d0ec77c33c990d045d6c06aa95713785d9a

          Download Submit

        • \Users\Admin\AppData\Local\N1kJMLe\OptionalFeatures.exe
          Filesize

          95KB

          MD5

          eae7af6084667c8f05412ddf096167fc

          SHA1

          0dbe8aba001447030e48e8ad5466fd23481e6140

          SHA256

          01feebd3aca961f31ba4eac45347b105d1c5772627b08f5538047721b61ff9bc

          SHA512

          172a8accaa35a6c9f86713a330c5899dfeeffe3b43413a3d276fc16d45cd62ed9237aa6bff29cc60a2022fba8dcc156959723c041df4b7463436a3bdabef2a9d

          Download Submit

        • \Users\Admin\AppData\Local\uyP\DUI70.dll
          Filesize

          1.4MB

          MD5

          a41e48f4ffbf50bd3093f23344178014

          SHA1

          d79ec9b2b0f3cde2fcefd97f3ed3dce649c3fc43

          SHA256

          18bde7e65c11b613dd8bb59c9af48085c61fe93ccf06c81e3d0e2941be6a73ba

          SHA512

          6310c05a45ad52184e3edb1f0456dd7c8bc544fd05f5b712c427f278e864cb810d2c6003112ef597cf3aea10ce81e816a5b245a93d297e187cbede115e760d4d

          Download Submit

        • \Users\Admin\AppData\Local\uyP\dpapimig.exe
          Filesize

          73KB

          MD5

          0e8b8abea4e23ddc9a70614f3f651303

          SHA1

          6d332ba4e7a78039f75b211845514ab35ab467b2

          SHA256

          66fc6b68e54b8840a38b4de980cc22aed21009afc1494a9cc68e892329f076a1

          SHA512

          4feded78f9b953472266693e0943030d00f82a5cc8559df60ae0479de281164155e19687afc67cba74d04bb9ad092f5c7732f2d2f9b06274ca2ae87dc2d4a6dc

          Download Submit

        • \Users\Admin\AppData\Local\y9tPWsDQ4\WINSTA.dll
          Filesize

          1.2MB

          MD5

          7bcc923b273d609917761fc6fa255103

          SHA1

          b7f5be00732e90a0592adc5af9aaa49fc6cede3b

          SHA256

          9c7e0877649c62974d6532a0a6ab42ca29be6844b18600d7368314b935a6d7c4

          SHA512

          fa032ac8f3f2d2345c88549eeb3b2c2b63c5e852b0b3862701dd14805a91e1e06eda171989ed45a4792f1bd25171054266dc0f4bc67d20e0f3ce40f2890d78e6

          Download Submit

        • memory/1204-24-0x0000000002940000-0x0000000002947000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1204-28-0x00000000774B1000-0x00000000774B2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-4-0x00000000772A6000-0x00000000772A7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-16-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-36-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-37-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-5-0x0000000002960000-0x0000000002961000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-46-0x00000000772A6000-0x00000000772A7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-25-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-29-0x0000000077640000-0x0000000077642000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-45-0x000007FEF6540000-0x000007FEF6670000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1244-0-0x0000000001E00000-0x0000000001E07000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1244-1-0x000007FEF6540000-0x000007FEF6670000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2108-89-0x000007FEF6530000-0x000007FEF6662000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2108-94-0x000007FEF6530000-0x000007FEF6662000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2632-60-0x000007FEF6BC0000-0x000007FEF6CF1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2632-55-0x000007FEF6BC0000-0x000007FEF6CF1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2632-54-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2920-72-0x000007FEF6030000-0x000007FEF6194000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2920-77-0x000007FEF6030000-0x000007FEF6194000-memory.dmp

          Filesize

          1.4MB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.