Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/12/2024, 18:26

General

  • Target

    JaffaCakes118_6ba401fd3fe927337e50e4bfa7e6b08078caf17920a1f7ee8e8c6efad8291eb6.dll

  • Size

    490KB

  • MD5

    df0a5568bbf93b2e996f9b46beb2c328

  • SHA1

    91a840a0ce7621b17699ed00b33793aadac1af10

  • SHA256

    6ba401fd3fe927337e50e4bfa7e6b08078caf17920a1f7ee8e8c6efad8291eb6

  • SHA512

    3d880ad1930ea17fe0e2f14bdcd8f4d2d5a0b8ff65e53d24f5ada4f7a7a8dbc6eca5dbc44c141aab6c45287f760976c35d286e2db63a8a622e6476e2a10a884e

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRs:knmj6xK1y3Ik6TZGRs

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6ba401fd3fe927337e50e4bfa7e6b08078caf17920a1f7ee8e8c6efad8291eb6.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1100-0-0x0000000002D30000-0x0000000002D3E000-memory.dmp

    Filesize

    56KB

  • memory/1100-1-0x0000000002D30000-0x0000000002D3E000-memory.dmp

    Filesize

    56KB