Overview

overview

10

Static

static

3

f2f492e429...18.dll

windows7-x64

10

f2f492e429...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-04-2024 07:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2f492e429e493de3dc50d1d0e6f1c89_JaffaCakes118.dll

  • Size

    188KB

  • MD5

    f2f492e429e493de3dc50d1d0e6f1c89

  • SHA1

    29a3c18b3c08ddea1196db7024db088554d897f5

  • SHA256

    8a33e1d8569fc15804e88298a5eb85d2c6f452e43c55ea430e92b2db3ff700d4

  • SHA512

    de45b20ffaf9dc33d9db0ab229be3c9ebada8237fa4fdb0e6eb6d00a693f89c614e3b70402077f1540cbff310928b4f4bdb21e096c80fdbc133ed5b88f475bf6

  • SSDEEP

    3072:6A8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAo1o:6zIqATVfQeV2FZalKq6jtGJWuTmd

Score
10/10
dridex22201botnetloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.82.248.59:443

54.39.98.141:6602

103.109.247.8:10443
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f492e429e493de3dc50d1d0e6f1c89_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f492e429e493de3dc50d1d0e6f1c89_JaffaCakes118.dll,#1
      2⤵
        PID:1948
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 688
          3⤵
          • Program crash
          PID:1528
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1948 -ip 1948
      1⤵
        PID:212

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1948-0-0x00000000751D0000-0x0000000075200000-memory.dmp
        Filesize

        192KB

        Download
      • memory/1948-1-0x00000000009C0000-0x00000000009C6000-memory.dmp
        Filesize

        24KB

        Download