Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/12/2024, 05:11 UTC
General
-
Target
JaffaCakes118_6ba5374a57f997f0343b7088e3b3a882f0ab8030eff21355fb9a29f282b4a798.dll
-
Size
337KB
-
MD5
8d0a602b30c1737b9270d3d9c3483f7f
-
SHA1
bdbd10daa9722922de013c52ed03a29aa3970428
-
SHA256
6ba5374a57f997f0343b7088e3b3a882f0ab8030eff21355fb9a29f282b4a798
-
SHA512
8ae37b7e43dd860fcf7cc90c74ba2fde3df6bb9394f87e7b5242d473b2da77cdfb8ba5cb25e9c66599cb73fb27fab4c9af66c8c1f25686bec1d5dfd7f9e5dd5b
-
SSDEEP
6144:W2qOZMfQw8fRGgJj65m7TJhjcll5WaZplFY00vgFqIDohuupc:7mowiRGg56YTXMl5P2v4o
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
988048349
C2
keepfootbal.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Icedid family
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6ba5374a57f997f0343b7088e3b3a882f0ab8030eff21355fb9a29f282b4a798.dll1⤵
- Suspicious behavior: EnumeratesProcesses
Network
-
DNSaws.amazon.comRemote address:8.8.8.8:53Requestaws.amazon.comIN AResponseaws.amazon.comIN CNAMEtp.8e49140c2-frontier.amazon.comtp.8e49140c2-frontier.amazon.comIN CNAMEdr49lng3n1n2s.cloudfront.netdr49lng3n1n2s.cloudfront.netIN A3.162.38.112dr49lng3n1n2s.cloudfront.netIN A3.162.38.14dr49lng3n1n2s.cloudfront.netIN A3.162.38.126dr49lng3n1n2s.cloudfront.netIN A3.162.38.78 -
DNSkeepfootbal.comRemote address:8.8.8.8:53Requestkeepfootbal.comIN AResponse
-
3.162.38.112:443aws.amazon.comtls -
3.162.38.112:443aws.amazon.comtls
-
8.8.8.8:53aws.amazon.comdns
DNS Request
aws.amazon.com
DNS Response
3.162.38.1123.162.38.143.162.38.1263.162.38.78
-
8.8.8.8:53keepfootbal.comdns
DNS Request
keepfootbal.com
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB