Analysis
-
max time kernel
114s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16-04-2024 12:56
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f3895703410910aa0ef2f7da6a12dd49_JaffaCakes118.dll
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
General
-
Target
f3895703410910aa0ef2f7da6a12dd49_JaffaCakes118.dll
-
Size
175KB
-
MD5
f3895703410910aa0ef2f7da6a12dd49
-
SHA1
18a05909877ba997e3acda5426d5a28a4159c089
-
SHA256
688bc9341860e2f04f307f162f71a628896bc6ca9fa200be54eee05a4b69cb72
-
SHA512
9e7fb076d894f8ab933ad00b2d1e4dfc9d92e2608ec1efe41d08346be287991a6cdc3528eb93935bf07c2525af1008e5e4199e976fbb1f25906ef563e88f2c2b
-
SSDEEP
3072:cC1Oe6ths2hyT0DzJfN3ZKU3YkmN5Sw4Q2kUl59Pn9ObAAW0f3:cC1Oem/DzJhok45X4HPYb
Malware Config
Extracted
Family
dridex
Botnet
22201
C2
46.55.222.10:443
104.248.178.90:4664
173.212.243.155:7002
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1368-0-0x0000000074E60000-0x0000000074E90000-memory.dmp dridex_ldr behavioral2/memory/1368-3-0x0000000074E60000-0x0000000074E90000-memory.dmp dridex_ldr -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2816 1368 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3968 wrote to memory of 1368 3968 rundll32.exe rundll32.exe PID 3968 wrote to memory of 1368 3968 rundll32.exe rundll32.exe PID 3968 wrote to memory of 1368 3968 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f3895703410910aa0ef2f7da6a12dd49_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f3895703410910aa0ef2f7da6a12dd49_JaffaCakes118.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 6083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1368 -ip 13681⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4828 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:81⤵