Analysis
-
max time kernel
106s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
15-04-2024 22:11
General
-
Target
f20adeaee7a762965e7a010eeecaedb0_JaffaCakes118.dll
-
Size
1.5MB
-
MD5
f20adeaee7a762965e7a010eeecaedb0
-
SHA1
64978ed23c7de4cd2e36f1b9a1e72934b81ee546
-
SHA256
bb989b8a563ee7a14473a127b7510b04c2bf8d2e03d863e761f6f7697c5bb05d
-
SHA512
8dd2eb8824d4d50cec03b62bed3e11569b3cfbac0483c11bab48fb1707f3482446b343da8819b367e513af9180b652c416ef223e1e99584d4583fd15af49df54
-
SSDEEP
12288:IVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:dfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f20adeaee7a762965e7a010eeecaedb0_JaffaCakes118.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\wermgr.exeC:\Windows\system32\wermgr.exe1⤵
-
C:\Users\Admin\AppData\Local\WcFx2EPWv\wermgr.exeC:\Users\Admin\AppData\Local\WcFx2EPWv\wermgr.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\mmc.exeC:\Windows\system32\mmc.exe1⤵
-
C:\Users\Admin\AppData\Local\CEZqnZvy\mmc.exeC:\Users\Admin\AppData\Local\CEZqnZvy\mmc.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\shrpubw.exeC:\Windows\system32\shrpubw.exe1⤵
-
C:\Users\Admin\AppData\Local\Rd8x1age\shrpubw.exeC:\Users\Admin\AppData\Local\Rd8x1age\shrpubw.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD58c86b80518406f14a4952d67185032d6
SHA19269f1fbcf65fefbc88a2e239519c21efe0f6ba5
SHA256895eef1eda5700a425934ae3782d4741dfefb7deafa53891bde490150187b98a
SHA5121bbdaa3ae8b5716ad2bd517055533e286ddb8a6c23cbc7aa602143dbb1ae132b513088ab61527c49737c554269c51416cceb80206ac8128ac6b003f1864eb099
-
Filesize
1.5MB
MD58fa514c2bee0a006f85fdc3f44998e54
SHA1e10217a7fdff7f8010fce8fd0053d42e5163224c
SHA256493cc3ae3a25a3aa2574cf5a4e2c38d7a1e290183d7fd4818f817bae181f002c
SHA51219b8db30f3bfc730cf12547a6ae1f52662eacd681245e2d5c204116b60335fd662f73b6252a2b8ce3456ee081a2f11e1fb55a27ac8defb348d671504ac92d374
-
Filesize
59KB
MD59910d5c62428ec5f92b04abf9428eec9
SHA105f27d7515e8ae1fa3bc974ec65b864ec4c9ac8b
SHA2566b84e6e55d8572d7edf0b6243d00abb651fcb0cddddac8461de5f9bb80035a2e
SHA51201be043f7ff879a683e53962eec58456ba200d6787ea66581bb62669ae65d5e58a5577cdf23441165f7a535fce1dec933e3ad2465c72172b4a1488b24ce722cb
-
Filesize
1.5MB
MD5120af2e97e71064e5c722fcf998ef7a7
SHA14737c9f91ff61f89311250f554f7e95868dccc30
SHA256d2852d997c23a9df5e82506fbd2af7abef34c5bc469c9d62036bdaf8c35df99d
SHA5125e1c27ea178352d3606877d471c4acba7b90ff5445b2499e4e16ed91fcc204f50434ed32950aed7770716c21b01b659f7e20d4346f7330e8a1337e0371596033
-
Filesize
1.5MB
MD51b13e96fafbe2d0647d1045385b8addb
SHA1167abc00d0d4c12324e60fa0d47a94d32c62be3c
SHA256e9f00fa3f423713e8a8c9e7b8977e7b3a560658e4bf1e75f3c6f839af2b21347
SHA51204b9fa5f9bc926dd2c05df70ce28917d402a7c2321b1c0d9b32dfb6bfe07fe211dd206ff7d8724c5575cf4b27e342a7db11b6d1cd9e7c58f45f6129f3c6bfdd4
-
Filesize
223KB
MD5f7991343cf02ed92cb59f394e8b89f1f
SHA1573ad9af63a6a0ab9b209ece518fd582b54cfef5
SHA2561c09759dcd31fdc81bcd6685438d7efb34e0229f1096bfd57d41ecfe614d07dc
SHA512fa3cf314100f5340c7d0f6a70632a308fcadb4b48785753310a053a510169979a89637b8b4fedf4d3690db6b8b55146e323cad70d704c4e2ede4edff5284237d
-
Filesize
1KB
MD54e294c86e5703034d35a542cb11dbcbb
SHA1baa09bf0d81d4f9a2ce17ef72c742bede2890337
SHA25601b64e2642e0cd7e94efa1b0355e295dfc88ab3e4fa728e3fcd77de016d28ad9
SHA5129e09d725a8c088a64cdc706173fdefbeda01eefff7d24cf9f0c8029c8ca6a758ab7cf20d7d3882b0a07165bfb91728a52953a145cc1b4bd4bf2a60b2a889eb4d
-
Filesize
1.5MB
-
Filesize
28KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
28KB
-
Filesize
1.5MB
-
Filesize
64KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
28KB