Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

65a62742a7...18.dll

windows7-x64

10

65a62742a7...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2024, 05:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65a62742a787e492b028d52bdb05e703_JaffaCakes118.dll

  • Size

    1.1MB

  • MD5

    65a62742a787e492b028d52bdb05e703

  • SHA1

    f2b8cf85e293861d8cb1cd943909c96e528781e6

  • SHA256

    60bd90f888794eb99bba351ecab0e7c63e74bc5a05ffa87404e0f60912fbf384

  • SHA512

    e3bc49d29f577273ca331cd1f4325de3edda00bef6fe0a999534b7ddda3d548a683bdb2a4f5e8a5ab4ceb13520a7183d5b03f04bf775206896d7d74bceb5504c

  • SSDEEP

    12288:ydMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0Tkr:EMIJxSDX3bqjhcfHk7MzH6zQr

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\65a62742a787e492b028d52bdb05e703_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4868
  • C:\Windows\system32\dxgiadaptercache.exe
    C:\Windows\system32\dxgiadaptercache.exe
    1⤵
      PID:4992
    • C:\Users\Admin\AppData\Local\SBa3\dxgiadaptercache.exe
      C:\Users\Admin\AppData\Local\SBa3\dxgiadaptercache.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3988
    • C:\Windows\system32\EaseOfAccessDialog.exe
      C:\Windows\system32\EaseOfAccessDialog.exe
      1⤵
        PID:8
      • C:\Users\Admin\AppData\Local\cpvlgfDnH\EaseOfAccessDialog.exe
        C:\Users\Admin\AppData\Local\cpvlgfDnH\EaseOfAccessDialog.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2824
      • C:\Windows\system32\ApplicationFrameHost.exe
        C:\Windows\system32\ApplicationFrameHost.exe
        1⤵
          PID:3296
        • C:\Users\Admin\AppData\Local\tdySK4BK\ApplicationFrameHost.exe
          C:\Users\Admin\AppData\Local\tdySK4BK\ApplicationFrameHost.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4240

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\SBa3\dxgi.dll
          Filesize

          1.1MB

          MD5

          933499acbf2e15349e741b9e29744a92

          SHA1

          97f0e5032655c3fd97f180a6df1ec875e6cd3f7c

          SHA256

          7b26844c3bf898c9e76d1c84d6e90b2d96f2e11ceb2490db71c3a5c335df515c

          SHA512

          7e439bb1c3d86a4cdb13bd3c6aa44ed4e247129fdfe25cd01ae881007d7c276f636afc9795e4a103c4f0e1d0842c33387a2c63f802dc88978b20a9e9eff77517

          Download Submit

        • C:\Users\Admin\AppData\Local\SBa3\dxgiadaptercache.exe
          Filesize

          230KB

          MD5

          e62f89130b7253f7780a862ed9aff294

          SHA1

          b031e64a36e93f95f2061be5b0383069efac2070

          SHA256

          4bea9f741fe4ca9d6262477849896b9fa6377326d11af044561c31bde2d994b5

          SHA512

          05649d38a0b5d825bb8442549427b0ff77b139c9dd297b04d6c0fb1415504c95ed750cd79efea2ff514abfc5d1003e6251a3cd871d352dcea06be0cdeb0304f7

          Download Submit

        • C:\Users\Admin\AppData\Local\cpvlgfDnH\DUI70.dll
          Filesize

          1.3MB

          MD5

          f6b156d85ccaf74affdba5751f192870

          SHA1

          f2b9218e147d6183c078e74b6fb0a3a1147495b1

          SHA256

          8b61fe852a7a70bc87709bedb00fde4e0a5e99941ed59c107313bfd98c028d97

          SHA512

          0b8c80a904d585eb60b314b3724d641fc79f65191fec9f2ad5fbb7b20dda85a4abe99c30e46b0ea121ae7be37c85d8232718815dc4b38b8b8da6cab732334f9f

          Download Submit

        • C:\Users\Admin\AppData\Local\cpvlgfDnH\EaseOfAccessDialog.exe
          Filesize

          123KB

          MD5

          e75ee992c1041341f709a517c8723c87

          SHA1

          471021260055eac0021f0abffa2d0ba77a2f380e

          SHA256

          0b1731562413eaa972b373cd7388c644a3059940ce67eb89668e4073f3e068dc

          SHA512

          48c3a8531df6bcc5077367cdf32af104c94cf7701118a85e8beabba2e9c4f511ae14e47b6d1b57d11a2bc1e8b4f6d5bacae27a8d16fcd09a8f9e0018f5a6370a

          Download Submit

        • C:\Users\Admin\AppData\Local\tdySK4BK\ApplicationFrameHost.exe
          Filesize

          76KB

          MD5

          d58a8a987a8dafad9dc32a548cc061e7

          SHA1

          f79fc9e0ab066cad530b949c2153c532a5223156

          SHA256

          cf58e424b86775e6f2354291052126a646f842fff811b730714dfbbd8ebc71a4

          SHA512

          93df28b65af23a5f82124ba644e821614e2e2074c98dbb2bd7319d1dfe9e2179b9d660d7720913c79a8e7b2f8560440789ad5e170b9d94670589885060c14265

          Download Submit

        • C:\Users\Admin\AppData\Local\tdySK4BK\dxgi.dll
          Filesize

          1.1MB

          MD5

          2fa1812b4badfbe934a745a92c356956

          SHA1

          6e4b3fe118730067e45e6afbb073442496e58a47

          SHA256

          cbce7a8f7f246dc59e2c2725874421daf723d8082522fba79e73b01783c557c5

          SHA512

          8a5ec0e3ad711f10339f246b0ab53e7929a22cae19cb059de05da43cbc595e498707e075d863ccc64d059486dea65f42a9107e557240be5510412410ce8bab25

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Womuvunldsugi.lnk
          Filesize

          1KB

          MD5

          fc29fe1fd8e2a751466e212be13ac2cd

          SHA1

          349c1ae92fafe8b45e6bf0cae246f7a3c03eafa6

          SHA256

          40ffc657a857b2677a6b3dfca948670427543075523799b0f784a1488037e66f

          SHA512

          00854666fbb577158801aae8e23d3849514be49e6db2780f6cb710a9fa5d3ce550816f6e0475b3c07701095db407db42212ed82a2a3a0c357be9193bb307fb16

          Download Submit

        • memory/2824-88-0x0000000140000000-0x0000000140158000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2824-83-0x0000000140000000-0x0000000140158000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2824-85-0x000001496A520000-0x000001496A527000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3396-31-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-8-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-35-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-32-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-3-0x00000000027A0000-0x00000000027A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3396-30-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-29-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-28-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-27-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-26-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-25-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-22-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-21-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-20-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-19-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-18-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-17-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-16-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-13-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-11-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-10-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-9-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-34-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-45-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-7-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-33-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-6-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-15-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-14-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-12-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-5-0x00007FF9460AA000-0x00007FF9460AB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3396-46-0x00007FF947EC0000-0x00007FF947ED0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3396-47-0x00007FF947EB0000-0x00007FF947EC0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3396-23-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-24-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-36-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-56-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3396-44-0x0000000000810000-0x0000000000817000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3988-72-0x0000000140000000-0x0000000140113000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3988-68-0x0000000140000000-0x0000000140113000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3988-67-0x000001BE1BD70000-0x000001BE1BD77000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4240-101-0x000002335E0E0000-0x000002335E0E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4240-104-0x0000000140000000-0x0000000140113000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4868-59-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4868-0-0x0000000000BE0000-0x0000000000BE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4868-1-0x0000000140000000-0x0000000140112000-memory.dmp

          Filesize

          1.1MB

          Download