Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

12e83b8232...aN.dll

windows7-x64

10

12e83b8232...aN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2025, 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12e83b82323d48939373b00da810964eb14b176f112a61437dcc8b83483d789aN.dll

  • Size

    724KB

  • MD5

    16ff194261d802bb962f116de20281f0

  • SHA1

    fe8d67b2362a86ad47bf63abf68ce997cdc42ea0

  • SHA256

    12e83b82323d48939373b00da810964eb14b176f112a61437dcc8b83483d789a

  • SHA512

    9cd53fbce376a94a99ea197bb2d8376e932e2c8a843708205c8c613492657ed1aa731b4bd4d3cdc1e4be8d3229865af7d0bcdeb655e44fd0f53560785be1ecf7

  • SSDEEP

    12288:KO3+ivi0RNOR/5DH2InMtdhtvX2tvJljUWcJxm/Osj3lx7l6X0k97L4HAF3it:7vdvOZ9H2+Mt7tvX2tvJljT/mi1xJ6t6

Score
10/10
dridexbotnetevasionloaderpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Loader 'dmod' strings 11 IoCs

    Detects 'dmod' strings in Dridex loader.

    botnetloader
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\12e83b82323d48939373b00da810964eb14b176f112a61437dcc8b83483d789aN.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2532
  • C:\Windows\system32\calc.exe
    C:\Windows\system32\calc.exe
    1⤵
      PID:2744
    • C:\Users\Admin\AppData\Local\ylFb\calc.exe
      C:\Users\Admin\AppData\Local\ylFb\calc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2180
    • C:\Windows\system32\dwm.exe
      C:\Windows\system32\dwm.exe
      1⤵
        PID:2704
      • C:\Users\Admin\AppData\Local\L9qFERfaz\dwm.exe
        C:\Users\Admin\AppData\Local\L9qFERfaz\dwm.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2312
      • C:\Windows\system32\vmicsvc.exe
        C:\Windows\system32\vmicsvc.exe
        1⤵
          PID:2976
        • C:\Users\Admin\AppData\Local\flq6Ao0J\vmicsvc.exe
          C:\Users\Admin\AppData\Local\flq6Ao0J\vmicsvc.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2984

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\L9qFERfaz\UxTheme.dll
          Filesize

          728KB

          MD5

          74c713984db97b888fba788937945767

          SHA1

          993d0daabbe439a4c4824c46d4e9753eddc06516

          SHA256

          b28bcfcde9ee524d0e8d3bcc5741269ef35086568d5ff6b680a7a0c99993ff88

          SHA512

          b5781a367b81e88b867d0d780e64cdff8e9adc88d2f824f2d2144b558db3a45cbdfcc04a073ea260111325470292270516b9b43586aca12da863ae46f4eadf09

          Download Submit

        • C:\Users\Admin\AppData\Local\flq6Ao0J\ACTIVEDS.dll
          Filesize

          728KB

          MD5

          3b1f9a727a7151ec7535edf241405fda

          SHA1

          9e892f0159f3aff5c25a369b3ba63aecfb878c2c

          SHA256

          ccfa6e19fc98214831002568ccd2cb4f7627a28504971e0276dc6fbd893fc7f0

          SHA512

          ac10eb00c1aa5bf103bae6f717890e6c396e0d6abea5c2c6ab26b37e78e34638cbf021a4022cc062b122bc1dc2d36bdd93e98ab061ad78f495ef9672eaf66cef

          Download Submit

        • C:\Users\Admin\AppData\Local\flq6Ao0J\vmicsvc.exe
          Filesize

          238KB

          MD5

          79e14b291ca96a02f1eb22bd721deccd

          SHA1

          4c8dbff611acd8a92cd2280239f78bebd2a9947e

          SHA256

          d829166db30923406a025bf33d6a0997be0a3df950114d1f34547a9525b749e8

          SHA512

          f3d1fa7732b6b027bbaf22530331d27ede85f92c9fd64f940139fd262bd7468211a8a54c835d3934b1974b3d8ecddefa79ea77901b9ef49ab36069963693f988

          Download Submit

        • C:\Users\Admin\AppData\Local\ylFb\UxTheme.dll
          Filesize

          728KB

          MD5

          9772c6848fdf0962e92837fcc5fb482a

          SHA1

          11e353b9c0a3b57798059692584cdd2fecc5e9f3

          SHA256

          58fa144e0e33b1bc8008dab637885769a15789de04039308e0f967d496b4593d

          SHA512

          ae03f11e7e776cb058f123219332d2931521830750e9f1ed1dde6a0c21941a224143b15426b451fc1129fcfe94d02c8fe3486e2849064ad488c7b4fbccc2ec9a

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ncfyujonfo.lnk
          Filesize

          1KB

          MD5

          7189aa819b67ae33c6fb050e564cffab

          SHA1

          021d1504bdc434309752c94ebe54190fea43d5dc

          SHA256

          085038785b284e69995283e5c5b362c4161b964c40d00485ecc4660f675bafe7

          SHA512

          c7305fd9f6c25501fdac777f848bd0ef183c6e738f82df63e142277e70251b1af3f5a0fe4daf55de62c732b89649312842677628c81f06302e92f9eb0c90a9b9

          Download Submit

        • \Users\Admin\AppData\Local\L9qFERfaz\dwm.exe
          Filesize

          117KB

          MD5

          f162d5f5e845b9dc352dd1bad8cef1bc

          SHA1

          35bc294b7e1f062ef5cb5fa1bd3fc942a3e37ae2

          SHA256

          8a7b7528db30ab123b060d8e41954d95913c07bb40cdae32e97f9edb0baf79c7

          SHA512

          7077e800453a4564a24af022636a2f6547bdae2c9c6f4ed080d0c98415ecc4fbf538109cbebd456e321b9b74a00613d647b63998e31925fbd841fc9d4613e851

          Download Submit

        • \Users\Admin\AppData\Local\ylFb\calc.exe
          Filesize

          897KB

          MD5

          10e4a1d2132ccb5c6759f038cdb6f3c9

          SHA1

          42d36eeb2140441b48287b7cd30b38105986d68f

          SHA256

          c6a91cba00bf87cdb064c49adaac82255cbec6fdd48fd21f9b3b96abf019916b

          SHA512

          9bd44afb164ab3e09a784c765cd03838d2e5f696c549fc233eb5a69cada47a8e1fb62095568cb272a80da579d9d0e124b1c27cf61bb2ac8cf6e584a722d8864d

          Download Submit

        • memory/1244-22-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-27-0x0000000077960000-0x0000000077962000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1244-4-0x00000000775C6000-0x00000000775C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-15-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-14-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-12-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-11-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-10-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-9-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-8-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-13-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-34-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-35-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-5-0x0000000002A90000-0x0000000002A91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-44-0x00000000775C6000-0x00000000775C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-26-0x00000000777D1000-0x00000000777D2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1244-23-0x0000000002A70000-0x0000000002A77000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1244-7-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1244-16-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/2180-58-0x000007FEF6EB0000-0x000007FEF6F66000-memory.dmp

          Filesize

          728KB

          Download

        • memory/2180-53-0x000007FEF6EB0000-0x000007FEF6F66000-memory.dmp

          Filesize

          728KB

          Download

        • memory/2180-52-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2312-70-0x000007FEF66F0000-0x000007FEF67A6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/2312-75-0x000007FEF66F0000-0x000007FEF67A6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/2312-74-0x00000000001B0000-0x00000000001B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2532-43-0x000007FEF6DF0000-0x000007FEF6EA5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/2532-0-0x000007FEF6DF0000-0x000007FEF6EA5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/2532-3-0x00000000006D0000-0x00000000006D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2984-90-0x000007FEF66F0000-0x000007FEF67A6000-memory.dmp

          Filesize

          728KB

          Download