Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/04/2024, 22:59
General
-
Target
ec2c71472a0103be14ec56663fccb1e3_JaffaCakes118.dll
-
Size
3.2MB
-
MD5
ec2c71472a0103be14ec56663fccb1e3
-
SHA1
5331fc9b33a6a89d066c41f1e75f088cc007eb0f
-
SHA256
8ce0ecc60cb931709f7a4356887eee27d3147375e86902e648072669fba2e9b5
-
SHA512
f36966fbb8902fb6a48ea8e486d11240b9d6fe05c128fc076c1040ee938646d8e747cbe775af4d2ac31dd2921b7d66751ad2f9c3d112829c1a41f2b970762e46
-
SSDEEP
12288:5VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:4fP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ec2c71472a0103be14ec56663fccb1e3_JaffaCakes118.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\systemreset.exeC:\Windows\system32\systemreset.exe1⤵
-
C:\Users\Admin\AppData\Local\PI2006ki\systemreset.exeC:\Users\Admin\AppData\Local\PI2006ki\systemreset.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\phoneactivate.exeC:\Windows\system32\phoneactivate.exe1⤵
-
C:\Users\Admin\AppData\Local\yWEgtjGS\phoneactivate.exeC:\Users\Admin\AppData\Local\yWEgtjGS\phoneactivate.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\ProximityUxHost.exeC:\Windows\system32\ProximityUxHost.exe1⤵
-
C:\Users\Admin\AppData\Local\MqAA\ProximityUxHost.exeC:\Users\Admin\AppData\Local\MqAA\ProximityUxHost.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3720 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
263KB
MD59ea326415b83d77295c70a35feb75577
SHA1f8fc6a4f7f97b242f35066f61d305e278155b8a8
SHA256192bfde77bf280e48f92d1eceacdc7ec4bf31cda46f7d577c7d7c3ec3ac89d8f
SHA5122b1943600f97abcd18778101e33eac00c2bd360a3eff62fef65f668a084d8fa38c3bbdedfc6c2b7e8410aa7c9c3df2734705dc502b4754259121adc9198c3692
-
Filesize
3.2MB
MD5f3c9b9a414b78ff7481e177a42af3bba
SHA1ce872d581639aa37938d1bb0bb11cc2c9be53832
SHA25685ff99eff4effb0db0ecd18fd0a7d916b51d5fcca5c0a8d1eb14a0075dff97f1
SHA51263162fbe7f0d8b3e4320f7a210da31422ca0bb733b1df7f854bf52cd08d24bbfbca88a0ef74570eb6d0defe2858ffa68409628d22f808c9b52a8ffd48a49227f
-
Filesize
3.5MB
MD5ad32cd81b06e473f123a253c49223ee3
SHA117541381ac624207484f409a963acd60f3481f89
SHA25665d177a3921a00361f0386ad3e8a3d5886776e8db723d9539fb5899ad9d60e94
SHA512bf4709d592b98c7fc404d0982b0bbb6cc2f24ec27232b88d0c2f2a3b8207780b4d155a37ea9aa4d8a1898da2ab94ce4592e72c1e6b4c1c3c6b5068733c383c2d
-
Filesize
508KB
MD5325ff647506adb89514defdd1c372194
SHA184234ff97d6ddc8a4ea21303ea842aa76a74e0ea
SHA256ebff6159a7627234f94f606afa2e55e98e1548fd197d22779a5fcff24aa477ad
SHA5128a9758f4af0264be08d684125827ef11efe651138059f6b463c52476f8a8e1bed94d093042f85893cb3e37c5f3ba7b55c6ce9394595001e661bccbc578da3868
-
Filesize
3.5MB
MD5404558a5477c78400ab54b4a74541b97
SHA1258f663d8aaca5a8ae8bedb4dc2fb78735004658
SHA256c22fcafb24194aa2b6106a18fe4b2082124aab125755603243d2c2f417de2c9f
SHA5124835ae72661ed127bde0ed3e3a20727e0260bb443d16f38d074e5b35ee2405e527886d8952976ee62f55056ac53654c2a7fa9bb134f9c8ed6f389e2a6e55d55a
-
Filesize
107KB
MD532c31f06e0b68f349f68afdd08e45f3d
SHA1e4b642f887e2c1d76b6b4777ade91e3cb3b9e27c
SHA256cea83eb34233fed5ebeef8745c7c581a8adbefbcfc0e30e2d30a81000c821017
SHA512fe61764b471465b164c9c2202ed349605117d57ceb0eca75acf8bda44e8744c115767ee0caed0b7feb70ba37b477d00805b3fdf0d0fa879dd4c8e3c1dc1c0d26
-
Filesize
1KB
MD5146d21a95b245b3ddae25820ed4c2492
SHA17a2dda5f95ab7f5d20fafec5e06496575fb1a953
SHA256d38f837e7dcd53f4d026c22b497a68f61c4db984d7baa977d671be7d21e29c09
SHA51294b410ec428de1472ae5d14e7cfb94403abd0149f14ebeb2b69ca2725527d193097593dc83647407e7874b408715008179fb9e5e87cbdd087aed692239ee13f9
-
Filesize
28KB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
4KB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
28KB
-
Filesize
64KB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
4KB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
3.2MB
-
Filesize
3.2MB
-
Filesize
28KB