Overview

overview

10

Static

static

3

f389570341...18.dll

windows7-x64

10

f389570341...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-04-2024 12:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f3895703410910aa0ef2f7da6a12dd49_JaffaCakes118.dll

  • Size

    175KB

  • MD5

    f3895703410910aa0ef2f7da6a12dd49

  • SHA1

    18a05909877ba997e3acda5426d5a28a4159c089

  • SHA256

    688bc9341860e2f04f307f162f71a628896bc6ca9fa200be54eee05a4b69cb72

  • SHA512

    9e7fb076d894f8ab933ad00b2d1e4dfc9d92e2608ec1efe41d08346be287991a6cdc3528eb93935bf07c2525af1008e5e4199e976fbb1f25906ef563e88f2c2b

  • SSDEEP

    3072:cC1Oe6ths2hyT0DzJfN3ZKU3YkmN5Sw4Q2kUl59Pn9ObAAW0f3:cC1Oem/DzJhok45X4HPYb

Score
10/10
dridex22201botnetloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

46.55.222.10:443

104.248.178.90:4664

173.212.243.155:7002
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 2 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3895703410910aa0ef2f7da6a12dd49_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3968
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3895703410910aa0ef2f7da6a12dd49_JaffaCakes118.dll,#1
      2⤵
        PID:1368
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 608
          3⤵
          • Program crash
          PID:2816
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1368 -ip 1368
      1⤵
        PID:1588
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4828 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4028

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1368-0-0x0000000074E60000-0x0000000074E90000-memory.dmp
          Filesize

          192KB

          Download
        • memory/1368-2-0x00000000012C0000-0x00000000012C6000-memory.dmp
          Filesize

          24KB

          Download
        • memory/1368-3-0x0000000074E60000-0x0000000074E90000-memory.dmp
          Filesize

          192KB

          Download