Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...d6.dll

windows7-x64

10

JaffaCakes...d6.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2024, 02:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_e07046d0ef99cbd49b815f3bf0054075596498912f734c67e33de8bd01b9c8d6.dll

  • Size

    184KB

  • MD5

    aa97f322814ce927f55a1bef2c335055

  • SHA1

    a3efebb4f3d3e8378d4cfd67321fef82c48f2717

  • SHA256

    e07046d0ef99cbd49b815f3bf0054075596498912f734c67e33de8bd01b9c8d6

  • SHA512

    5f98d65b008d2a63af3c9c2702cf10dd9533f9a8f6a67b628bb8e4c74538818fe5d01a01b731c967368046bcf010e75d5d59c61e25723e2b0f6f1703e6479f5b

  • SSDEEP

    3072:wJQ6H3ykY88YOSs+k1TwEuTcMIznNuOzlr1Xznku9Luk0eJww8JJa//2uFrSc:NfYOX+wTScR/Xzku9LVwuuG

Score
10/10
dridex22201botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723
rc4.plain
1
XH2KyJtcJ7RSk5n0Ak2zUIsoefdhHZlKRYf
rc4.plain
1
cYEsjNtMnqhfNdGdtxJHObrdyxC7I2RsYqPuLirrwkWgKf0csGFj3Ow4lgY2bwEnd8mTqve

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Loader 2 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e07046d0ef99cbd49b815f3bf0054075596498912f734c67e33de8bd01b9c8d6.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e07046d0ef99cbd49b815f3bf0054075596498912f734c67e33de8bd01b9c8d6.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2232
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 220
        3⤵
        • Program crash
        PID:2092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2232-0-0x0000000000120000-0x0000000000126000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2232-1-0x0000000074DD0000-0x0000000074DFF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2232-2-0x0000000074DD0000-0x0000000074DFF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2232-4-0x0000000000120000-0x0000000000126000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.