Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

JaffaCakes...47.dll

windows7-x64

10

JaffaCakes...47.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2024, 00:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_dda4d4af2b21535d858ec31f61089ef7b44b1af0340f6d25da1af35fec6f1847.dll

  • Size

    166KB

  • MD5

    87ca21d25055044101a756b93a695987

  • SHA1

    f6a1777ec546203aef03fddbb9adebeff77ae0d7

  • SHA256

    dda4d4af2b21535d858ec31f61089ef7b44b1af0340f6d25da1af35fec6f1847

  • SHA512

    6ba18cc557b6a86ffc14b63dd6c72d169a669189a19336b947ccceac4a6c0aa8e276dd9dcd780c3e4a413ba77adc414c38a778ce29f8d85cb4946dc7556d1ab7

  • SSDEEP

    3072:OuFbQtsYQcjxanytIp92/l1iPPqs1/whG68DaHrnpDZ+rS:O0czbty9uiaJluS

Score
10/10
dridex22202botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

131.100.24.202:443

193.160.214.95:4125

67.43.4.76:8172
rc4.plain
1
NN0UjnLA0nhjhceeXGfugutWMTnFYgDIJGtsNzejobp
rc4.plain
1
neoKRFT8r6pulHdpYlB7gOjjrSpWnJOEzPx5SRtzmdQnkYvLp0LUWvrwrkyGc95

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dda4d4af2b21535d858ec31f61089ef7b44b1af0340f6d25da1af35fec6f1847.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dda4d4af2b21535d858ec31f61089ef7b44b1af0340f6d25da1af35fec6f1847.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 256
        3⤵
        • Program crash
        PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2532-0-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2532-1-0x0000000010000000-0x000000001002E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2532-4-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.