Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/12/2024, 00:43 UTC
General
-
Target
JaffaCakes118_e33630ef8cb1e390e02fb14d5a6f0995024d3d7b65eee7fc05d874a909ccc5ce.dll
-
Size
490KB
-
MD5
0bdc6bfd554e3c84e84180d39c795be0
-
SHA1
8187da4fb1def7146be4de76cf9f38c2238e42a2
-
SHA256
e33630ef8cb1e390e02fb14d5a6f0995024d3d7b65eee7fc05d874a909ccc5ce
-
SHA512
3e6a96155f87a60c956469d9c8f48116f39ca233edadc53671cbce97f5c4e2c1e28b57aa13d34d6e97325ecd8b9aea1306cd92264c7bcba478bb83be5d932753
-
SSDEEP
12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRV:knmj6xK1y3Ik6TZGRV
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3467965077
C2
firenicatrible.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Icedid family
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e33630ef8cb1e390e02fb14d5a6f0995024d3d7b65eee7fc05d874a909ccc5ce.dll1⤵
- Suspicious behavior: EnumeratesProcesses
Network
-
DNSfirenicatrible.comRemote address:8.8.8.8:53Requestfirenicatrible.comIN AResponse
No results found
-
8.8.8.8:53firenicatrible.comdns
DNS Request
firenicatrible.com
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
-
Filesize
56KB