Overview

overview

10

Static

static

3

fa3db9f8a4...18.dll

windows7-x64

10

fa3db9f8a4...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa3db9f8a47e7a349c2f63a26d256792_JaffaCakes118.dll

  • Size

    1.4MB

  • MD5

    fa3db9f8a47e7a349c2f63a26d256792

  • SHA1

    f566a2771def56bd7d8227aa581eacc1252c2ef3

  • SHA256

    c1e2fd72330519fbc4f7d2780814857073c4974cd69502931893a570d83d00fa

  • SHA512

    a24d5ca21aa9a420d7f23f35da54ecef924aa374bc3459a18bb5af9cdcc1e31e2d9e648afdcb2d3dd91e007f4065598a113c55d01756c4fea4426093493b9efe

  • SSDEEP

    12288:TVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:CfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa3db9f8a47e7a349c2f63a26d256792_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2020
  • C:\Windows\system32\unregmp2.exe
    C:\Windows\system32\unregmp2.exe
    1⤵
      PID:2456
    • C:\Users\Admin\AppData\Local\Yb5Jvz\unregmp2.exe
      C:\Users\Admin\AppData\Local\Yb5Jvz\unregmp2.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2568
    • C:\Windows\system32\spinstall.exe
      C:\Windows\system32\spinstall.exe
      1⤵
        PID:2976
      • C:\Users\Admin\AppData\Local\qFLjUGVN\spinstall.exe
        C:\Users\Admin\AppData\Local\qFLjUGVN\spinstall.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2080
      • C:\Windows\system32\BitLockerWizardElev.exe
        C:\Windows\system32\BitLockerWizardElev.exe
        1⤵
          PID:2972
        • C:\Users\Admin\AppData\Local\zUa\BitLockerWizardElev.exe
          C:\Users\Admin\AppData\Local\zUa\BitLockerWizardElev.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2968

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Yb5Jvz\slc.dll
          Filesize

          1.4MB

          MD5

          be8466313000c9fd02b9f470854e8795

          SHA1

          d6015a40ac71e7db92f5cac672ab7423d184d37e

          SHA256

          f7a76021036d79843f31d17bc611f9c798443035aff25d683eb7eef55a594f12

          SHA512

          cf4dee18ea762f25dec6ddadae444d876dbfcfe9e5aa6d984c90fd4adea415bc687b51b7d789266c12dd72622713d12d554bb5c476e2cd7a158d3f6c7c966a48

          Download Submit

        • C:\Users\Admin\AppData\Local\qFLjUGVN\VERSION.dll
          Filesize

          1.4MB

          MD5

          5f02fd23fd0501d43269709e2f6bc992

          SHA1

          5650511edce5f133577f2891e9eac1f255a8cfc0

          SHA256

          15be5f64b8caa1977d54ad093ee64b3d4b5424e7079dae3382358c48762c9427

          SHA512

          97bc4b7d3be0f5571c545887352af3c79730b298e4cfd306824ab5b2c7c5ba861c69a924e7886184cab6933c581fc6adaa5df64f8029422501ae1e0c48f86279

          Download Submit

        • C:\Users\Admin\AppData\Local\qFLjUGVN\spinstall.exe
          Filesize

          584KB

          MD5

          29c1d5b330b802efa1a8357373bc97fe

          SHA1

          90797aaa2c56fc2a667c74475996ea1841bc368f

          SHA256

          048bd22abf158346ab991a377cc6e9d2b20b4d73ccee7656c96a41f657e7be7f

          SHA512

          66f4f75a04340a1dd55dfdcc3ff1103ea34a55295f56c12e88d38d1a41e5be46b67c98bd66ac9f878ce79311773e374ed2bce4dd70e8bb5543e4ec1dd56625ee

          Download Submit

        • C:\Users\Admin\AppData\Local\zUa\FVEWIZ.dll
          Filesize

          1.4MB

          MD5

          68137dbdc5dc3e88d032faf1cb06f089

          SHA1

          14635b7b1e9e4ec02cb44c0ba5fad351db6b046c

          SHA256

          3cd3e4c4a3a45e9b1aae0fb477c38be545ee81832966b46f22ecc2d2f95a768e

          SHA512

          566556d9d1317e5ae55d5fcc69ecab0814cb79f82c52c06fbcd5a3aff520af6881f21043320b8b4692a92f30dd7a3af87329dd3272a7b4c87f582428768af968

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Omdqupblcei.lnk
          Filesize

          1KB

          MD5

          c06713bf08483821c8ec0e1cd9661fdd

          SHA1

          80e3e58e16af8aa2137da2a089cd05f863c1417f

          SHA256

          a0c107531ef892b941ce4cc4289bffc15255b33c4a791800bfa76accacaf2cb3

          SHA512

          1676744e642ae7b98d24fc16e7977b20f164548ffc81b3bff1c3d5e100cbf02ad266e11a0004059028aa1731b79c1f558140852bd9525dc2acc2d0b111e0253d

          Download Submit

        • \Users\Admin\AppData\Local\Yb5Jvz\unregmp2.exe
          Filesize

          316KB

          MD5

          64b328d52dfc8cda123093e3f6e4c37c

          SHA1

          f68f45b21b911906f3aa982e64504e662a92e5ab

          SHA256

          7d6be433ba7dd4a2b8f8b79d7b87055da8daafa3e0404432d40469c39c2040e1

          SHA512

          e29fc068532df36f39c86b79392b5c6191de6f69b7beaba28f9ac96a26089b341b770ff29556eca14f57afd1de59a6f3726818482d6861bdd8ac556ae768df00

          Download Submit

        • \Users\Admin\AppData\Local\zUa\BitLockerWizardElev.exe
          Filesize

          98KB

          MD5

          73f13d791e36d3486743244f16875239

          SHA1

          ed5ec55dbc6b3bda505f0a4c699c257c90c02020

          SHA256

          2483d2f0ad481005cca081a86a07be9060bc6d4769c4570f92ad96fa325be9b8

          SHA512

          911a7b532312d50cc5e7f6a046d46ab5b322aa17ce59a40477173ea50f000a95db45f169f4ea3574e3e00ae4234b9f8363ac79329d683c14ebee1d423e6e43af

          Download Submit

        • memory/1204-9-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-37-0x0000000077C11000-0x0000000077C12000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-25-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-24-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-23-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-22-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-21-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-20-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-19-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-18-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-17-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-15-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-14-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-13-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-12-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-11-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-10-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-133-0x0000000077A06000-0x0000000077A07000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-4-0x0000000077A06000-0x0000000077A07000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-7-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-36-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-26-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-40-0x0000000077D70000-0x0000000077D72000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-47-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-53-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-27-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-31-0x0000000002E00000-0x0000000002E07000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1204-5-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-16-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-28-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2020-8-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2020-0-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2020-1-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2080-89-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2080-86-0x0000000000380000-0x0000000000387000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2080-141-0x0000000000380000-0x0000000000387000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2568-70-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2568-71-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2568-65-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2968-111-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2968-108-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2968-144-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download