Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16-04-2024 09:27
Static task
static1
Behavioral task
behavioral1
Sample
f32fce36e7b8c879aa8018a7486507d4_JaffaCakes118.dll
Resource
win7-20240221-en
General
-
Target
f32fce36e7b8c879aa8018a7486507d4_JaffaCakes118.dll
-
Size
664KB
-
MD5
f32fce36e7b8c879aa8018a7486507d4
-
SHA1
7180c9fa8517b9b5b73cc31233e711181c57c6ae
-
SHA256
afbc58cb91e5f23fa6981faf207426e612c8a2dd78e8bc79dbda502275d50a6f
-
SHA512
d552e101bb3f5cdbe5b79b247f8bbc3baa8178025e5572f6349a00016f4f469094cc0bc1aae8576de64b2d4e25303b060ec765d1cadf2067ee37bd546d4e7b68
-
SSDEEP
12288:3/0Qzqf0eli48JM+6TFKywVt6PbEYU0eyJTT/Mu9oV01uVoaEPH:v0zhlqn6TFKywvCbEOxDMu9oyLaEPH
Malware Config
Extracted
dridex
10222
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 37 2100 rundll32.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2240 wrote to memory of 2100 2240 rundll32.exe rundll32.exe PID 2240 wrote to memory of 2100 2240 rundll32.exe rundll32.exe PID 2240 wrote to memory of 2100 2240 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f32fce36e7b8c879aa8018a7486507d4_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f32fce36e7b8c879aa8018a7486507d4_JaffaCakes118.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2100-0-0x0000000000400000-0x000000000053C000-memory.dmpFilesize
1.2MB
-
memory/2100-1-0x0000000000400000-0x000000000053C000-memory.dmpFilesize
1.2MB
-
memory/2100-4-0x0000000000E60000-0x0000000000E61000-memory.dmpFilesize
4KB
-
memory/2100-5-0x0000000000400000-0x000000000053C000-memory.dmpFilesize
1.2MB
-
memory/2100-7-0x0000000000E60000-0x0000000000E61000-memory.dmpFilesize
4KB