Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
31-03-2024 09:05
Static task
static1
Behavioral task
behavioral1
Sample
527a75415c1d67b3aec7434b30b831d5_JaffaCakes118.dll
Resource
win7-20240221-en
General
-
Target
527a75415c1d67b3aec7434b30b831d5_JaffaCakes118.dll
-
Size
608KB
-
MD5
527a75415c1d67b3aec7434b30b831d5
-
SHA1
a34d6f99e35560183d2e3699f26259d534c36537
-
SHA256
d27f8c44bf5a82d98356fba379662d35b57cac933d9601f40e7a6854b1a2f9f5
-
SHA512
e136977710379d28e5bebe6b9eb0284ece56cab8bb78afb15982de6c19ef2826913227fabaddfd63f33d863b611e974dc79e6d67cedeabeb7460d0dcf6428208
-
SSDEEP
12288:3ZGQdqOGrDJqydLqQSeCqsVK8kPRGO35N9mVrzXc6:3Z0fWjeCVVK8kP9N9o/
Malware Config
Extracted
dridex
10444
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 13 1376 rundll32.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1872 wrote to memory of 1376 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 1376 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 1376 1872 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\527a75415c1d67b3aec7434b30b831d5_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\527a75415c1d67b3aec7434b30b831d5_JaffaCakes118.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1376-0-0x0000000000400000-0x0000000000534000-memory.dmpFilesize
1.2MB
-
memory/1376-1-0x0000000000400000-0x0000000000534000-memory.dmpFilesize
1.2MB
-
memory/1376-3-0x0000000002E00000-0x0000000002E01000-memory.dmpFilesize
4KB
-
memory/1376-4-0x0000000000400000-0x0000000000534000-memory.dmpFilesize
1.2MB
-
memory/1376-5-0x0000000000400000-0x0000000000534000-memory.dmpFilesize
1.2MB