Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17-04-2024 09:33
General
-
Target
f579600a6574f3180a38366e521e062d_JaffaCakes118.dll
-
Size
1.5MB
-
MD5
f579600a6574f3180a38366e521e062d
-
SHA1
cc123d182933a36f5989fc689bc537f9bf7f89c2
-
SHA256
bf69701383654649697c0a1b2ff900751ffd006daad2d58b688913fcf360f5a7
-
SHA512
51bf19b830c2a7254f9b75ea1fb81d89924f24bc111fe69eeedfdcca716bcf13599849bc4db933b2a79d79f26a24064f8368e0f79af1448294fd9f93fb40c910
-
SSDEEP
12288:ZVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:YfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f579600a6574f3180a38366e521e062d_JaffaCakes118.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\recdisc.exeC:\Windows\system32\recdisc.exe1⤵
-
C:\Users\Admin\AppData\Local\m8sRKTq\recdisc.exeC:\Users\Admin\AppData\Local\m8sRKTq\recdisc.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\MpSigStub.exeC:\Windows\system32\MpSigStub.exe1⤵
-
C:\Users\Admin\AppData\Local\7on\MpSigStub.exeC:\Users\Admin\AppData\Local\7on\MpSigStub.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\cmstp.exeC:\Windows\system32\cmstp.exe1⤵
-
C:\Users\Admin\AppData\Local\cSEVtE4U\cmstp.exeC:\Users\Admin\AppData\Local\cSEVtE4U\cmstp.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD559437a08d7df3c3c4fbc182e96e4f704
SHA1c966a2d2b4fb621805bbe80d3544a7a8b715cebf
SHA256fac0f9d40e6dcfdd94addc4aea49e8152e44c56f458c1d9b37ece06a104a1e5e
SHA512b6633f343751ac88d4595f6457512b8b01da136a797623232df718f9d13de74585140cd225803ac3592594e643b95ef2bdfe9b7071e5cb7e82ca45a1d1fa9881
-
Filesize
1.5MB
MD5d3890b2c0d15c847d9e694f49aa3a95e
SHA1478ada4247d969bfce6e5c957403090e75921040
SHA256489853a670c3bfd936680d8e5bd7e1159a822a3d6392674a7e208307bd483fc8
SHA512d39b672a8a3d698b20de1352394a98a2ca5a546af5b434e9a43b0d604f712881921fee3027deddce531f019b344a12d897eb327fb4409f708ac01c59939a63ed
-
Filesize
1.5MB
MD528984220bbd661d540b5c12bb49f57b4
SHA181af42ca429679764ebc04e6a3013c22d4c9a450
SHA256bb571a49c7321be2a4be852b7031c4b3a61e60522b99cf58370d2409bf96aac3
SHA5129c8f4ec4bd5eb8e782306835a4e7228a173a18c49be557ba9f47f6d866fa35fc54c7636ae3a554e4f4c07fec370601020353564bf2a01f997a54072182ef6347
-
Filesize
1KB
MD51de1b3f9a7be1c894144de3a7936bb6c
SHA11b708bf76d9e4d1ff743e46f29f1dd2c959bb60e
SHA25609660fc68fe30ff821ddad2d5e92c76615d5fc8830d9270ea199f8ee2b952198
SHA512d9908065b867d3dd6a933570dc04bc897ba40966c3c3f13c48c01ae9a68ce51d07498aa52da3767fbcd35eb13e2dbf9ba7bcc34379b9b71c7192d62147a9deba
-
Filesize
264KB
MD52e6bd16aa62e5e95c7b256b10d637f8f
SHA1350be084477b1fe581af83ca79eb58d4defe260f
SHA256d795968b8067bb610033fa4a5b21eb2f96cef61513aba62912b8eb5c6a5ff7b3
SHA5121f37150f6bcbe0df54bb85a5ad585824cea9332baa9be1649a95c1dfb41723de85c09d98fb2ca8261a49c2184d3bda638b84b2b7b60b97fe42a15ab1620a2542
-
Filesize
90KB
MD574c6da5522f420c394ae34b2d3d677e3
SHA1ba135738ef1fb2f4c2c6c610be2c4e855a526668
SHA25651d298b1a8a2d00d5c608c52dba0655565d021e9798ee171d7fa92cc0de729a6
SHA512bfd76b1c3e677292748f88bf595bfef0b536eb22f2583b028cbf08f6ae4eda1aa3787c4e892aad12b7681fc2363f99250430a0e7019a7498e24db391868e787a
-
Filesize
232KB
MD5f3b306179f1840c0813dc6771b018358
SHA1dec7ce3c13f7a684cb52ae6007c99cf03afef005
SHA256dcaeb590394b42d180e23e3cef4dd135513395b026e0ed489aec49848b85b8f0
SHA5129f9ec4c2ca6373bd738bf415d059f3536390e46e5b0a560e9ee1b190407a6d0f481c38664c51b834a9e72d8878f71c3c19e427e3a6b5ca4ec6b02d1156eb9ef4
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
4KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
28KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
28KB
-
Filesize
28KB