Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07-04-2024 21:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e5f13c6bb1109d1197126921de074041_JaffaCakes118.dll
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
e5f13c6bb1109d1197126921de074041_JaffaCakes118.dll
-
Size
188KB
-
MD5
e5f13c6bb1109d1197126921de074041
-
SHA1
6c21987c6231db7514ce3b4c93e2ca3df76c4902
-
SHA256
25b16667b3194dd3d15525eb88f274a305786de7e39fd789ff3da514379f7dcb
-
SHA512
203104e4a72ac6848e60c358896871ae66e35dc30dc14c7e9a399972749e062f9ebddb2c26d24a09b2e90f9a20808f49ea2cf1f6e91e7dc69e3c2de7c9a9b148
-
SSDEEP
3072:gA8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAolo:gzIqATVfQeV2FZalKq6jtGJWuTmd
Malware Config
Extracted
Family
dridex
Botnet
22201
C2
103.82.248.59:443
54.39.98.141:6602
103.109.247.8:10443
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/552-0-0x0000000074C20000-0x0000000074C50000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2944 wrote to memory of 552 2944 rundll32.exe rundll32.exe PID 2944 wrote to memory of 552 2944 rundll32.exe rundll32.exe PID 2944 wrote to memory of 552 2944 rundll32.exe rundll32.exe PID 2944 wrote to memory of 552 2944 rundll32.exe rundll32.exe PID 2944 wrote to memory of 552 2944 rundll32.exe rundll32.exe PID 2944 wrote to memory of 552 2944 rundll32.exe rundll32.exe PID 2944 wrote to memory of 552 2944 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e5f13c6bb1109d1197126921de074041_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e5f13c6bb1109d1197126921de074041_JaffaCakes118.dll,#12⤵