Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...e1.dll

windows7-x64

10

JaffaCakes...e1.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2024, 19:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_07adce3d198541f89ed20ede2c27c81801caefe61eac8ca381b83639737228e1.dll

  • Size

    171KB

  • MD5

    d66afafdc9ad8cc4135e1bab32cb0cdd

  • SHA1

    e0550c10cb1b616fcc44f2cdeef8c6379192abda

  • SHA256

    07adce3d198541f89ed20ede2c27c81801caefe61eac8ca381b83639737228e1

  • SHA512

    7a264f9e00b565c8c60201ef02aaddb10a82481efd9515989c6f676f5bba4276958351541dd15efd1f8c0847d489281e4cf878e1af653ec36f8032886f9e0e73

  • SSDEEP

    3072:oi49mEb06hs9BPEmmvt7dNbTqub9Un7WpVJBR13LSoAH7Dk0ZT:oH9RVaPEmsdHdbQUbd2H3

Score
10/10
dridex22201botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

128.199.200.38:443

192.163.233.216:6601

43.229.206.244:4125
rc4.plain
1
e8Tv13iGxjzB4XfTjyfX2ZjB8EnMq5sQ0YbGaHvfvzJJOUoCCTU
rc4.plain
1
DwIOaGXzKtiA9zdrD77uFJEoIixZk63d8IwoSuRAVBG2oa3BiOXdwVg

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Loader 2 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_07adce3d198541f89ed20ede2c27c81801caefe61eac8ca381b83639737228e1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_07adce3d198541f89ed20ede2c27c81801caefe61eac8ca381b83639737228e1.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2392
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 256
        3⤵
        • Program crash
        PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2392-0-0x0000000000160000-0x0000000000166000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2392-1-0x0000000074A30000-0x0000000074A60000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2392-3-0x0000000000160000-0x0000000000166000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2392-2-0x0000000074A30000-0x0000000074A60000-memory.dmp

    Filesize

    192KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.