Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02/10/2024, 01:12
General
-
Target
0832c0c85d04226274463b210f2c0c6c_JaffaCakes118.dll
-
Size
2.0MB
-
MD5
0832c0c85d04226274463b210f2c0c6c
-
SHA1
d999989abbbb6a8df30d61afcfdc9efee292d0ca
-
SHA256
37175ce8db20c813ad2466c36318302a57832598d5896fbf3bfda8d437bc5275
-
SHA512
f8d5b1ecafa4eecf0b2c95b53ead1157fb9628dcb7515e1a9a6821f247bcc89542f61191d972f0644284a2f1bbf1f08313ce2085fd5352dbd6936322341ecbb8
-
SSDEEP
12288:NVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:UfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0832c0c85d04226274463b210f2c0c6c_JaffaCakes118.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\taskmgr.exeC:\Windows\system32\taskmgr.exe1⤵
-
C:\Users\Admin\AppData\Local\ZpT\taskmgr.exeC:\Users\Admin\AppData\Local\ZpT\taskmgr.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\irftp.exeC:\Windows\system32\irftp.exe1⤵
-
C:\Users\Admin\AppData\Local\VsqvrK\irftp.exeC:\Users\Admin\AppData\Local\VsqvrK\irftp.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\calc.exeC:\Windows\system32\calc.exe1⤵
-
C:\Users\Admin\AppData\Local\fEKvzia8\calc.exeC:\Users\Admin\AppData\Local\fEKvzia8\calc.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD5d6f7b76694eed05da9359b5e43f21927
SHA172925a7f88a44b5e53acc52707a9f55b83179440
SHA25637c6574881f9e89f93e2822cd60237d4ea334c7cf527cf183e077e5458ea9116
SHA5127cc2c681a05b2e4a601d0847c5e5612cbae970d34750d1f166e1dd79fabebea348c8ce65624db3fc025d81c7957ddd3144209ac614495727dcd51b24ad199f7f
-
Filesize
2.0MB
MD5ae797708fba6dcf08e42334023b0123f
SHA1bc63768c6ab491ad63e38c48d27b1fd46e30bfea
SHA256108cc4fc4e7a324b7ea04797f7ef61c1167a1b861a9cb26954ffc64ed877f2f8
SHA51252fa35783cdc74fa288c4a10238a9d55d3f2839f4515cdbe2b85f25ce2045729eee80ffa295eb938523bc07df7e40405c307629cffedb15ca25bdf9d41423a0e
-
Filesize
251KB
MD509f7401d56f2393c6ca534ff0241a590
SHA1e8b4d84a28e5ea17272416ec45726964fdf25883
SHA2566766717b8afafe46b5fd66c7082ccce6b382cbea982c73cb651e35dc8187ace1
SHA5127187a27cd32c1b295c74e36e1b6148a31d602962448b18395a44a721d17daa7271d0cd198edb2ed05ace439746517ffb1bcc11c7f682e09b025c950ea7b83192
-
Filesize
2.0MB
MD5e69f2229871e4a28f6622f3466a31f9e
SHA1c9858fdae5d37833adbf0266ba19f8da72dbc494
SHA25615f94339429066cf9209debded8ce7bbdfd4194f091565183e0e16395654f6a8
SHA512986ddf69f82e052b2013426ce767a152646e77eb09fbe094cf5a1f72de75eae58b83a64b86f85ed0454719de6d46f5c16b5f0641b74688cc1b42cf1c5e1d88a8
-
Filesize
897KB
MD510e4a1d2132ccb5c6759f038cdb6f3c9
SHA142d36eeb2140441b48287b7cd30b38105986d68f
SHA256c6a91cba00bf87cdb064c49adaac82255cbec6fdd48fd21f9b3b96abf019916b
SHA5129bd44afb164ab3e09a784c765cd03838d2e5f696c549fc233eb5a69cada47a8e1fb62095568cb272a80da579d9d0e124b1c27cf61bb2ac8cf6e584a722d8864d
-
Filesize
1KB
MD5056f6bf430b4c6789427408f014aee00
SHA17c268f7733bb43feed1ad557bb8b852da045412f
SHA256a5c694da59575dc47938ae2809ef8669c1e572447d89f374e3802c0439843fa1
SHA5124c200c17d4e61d88771ecc76ba7677a61ee53956ae4384e34762c6de6232eec20163b2a9ccbdb8265e8c1225f700a50a11a870bdb8f0e55684db556a96e0ec34
-
Filesize
192KB
MD50cae1fb725c56d260bfd6feba7ae9a75
SHA1102ac676a1de3ec3d56401f8efd518c31c8b0b80
SHA256312f4107ff37dc988d99c5f56178708bb74a3906740cff4e337c0dde8f1e151d
SHA512db969064577c4158d6bf925354319766b0d0373ddefb03dbfc9a9d2cadf8ddcd50a7f99b7ddf2ffad5e7fdbb6f02090b5b678bdf792d265054bff3b56ee0b8ec
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
28KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
4KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
28KB
-
Filesize
28KB