Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/12/2024, 01:22 UTC
General
-
Target
JaffaCakes118_cadb2af5498f354aeec9d84df80751d54f01bc2c59fed7a15ab88e78d941e6ed.dll
-
Size
490KB
-
MD5
ff30f55909fb7db354b02e7db70a6adb
-
SHA1
683cbb00c9e74f00645f2675b4aef18f01b886c2
-
SHA256
cadb2af5498f354aeec9d84df80751d54f01bc2c59fed7a15ab88e78d941e6ed
-
SHA512
41aa386845821adab2f4ec8477a2ce1d379b5a9537e712dc6da4f872756880104ecf92a43370937201da46b7bc2fbb0d1c6eff50adc45796d9a1f4f4fb20d228
-
SSDEEP
12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRy:knmj6xK1y3Ik6TZGRy
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3467965077
C2
firenicatrible.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Icedid family
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cadb2af5498f354aeec9d84df80751d54f01bc2c59fed7a15ab88e78d941e6ed.dll1⤵
- Suspicious behavior: EnumeratesProcesses
Network
-
DNSfirenicatrible.comRemote address:8.8.8.8:53Requestfirenicatrible.comIN AResponse
No results found
-
8.8.8.8:53firenicatrible.comdns
DNS Request
firenicatrible.com
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
-
Filesize
56KB