Overview

overview

10

Static

static

3

fa3db9f8a4...18.dll

windows7-x64

10

fa3db9f8a4...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa3db9f8a47e7a349c2f63a26d256792_JaffaCakes118.dll

  • Size

    1.4MB

  • MD5

    fa3db9f8a47e7a349c2f63a26d256792

  • SHA1

    f566a2771def56bd7d8227aa581eacc1252c2ef3

  • SHA256

    c1e2fd72330519fbc4f7d2780814857073c4974cd69502931893a570d83d00fa

  • SHA512

    a24d5ca21aa9a420d7f23f35da54ecef924aa374bc3459a18bb5af9cdcc1e31e2d9e648afdcb2d3dd91e007f4065598a113c55d01756c4fea4426093493b9efe

  • SSDEEP

    12288:TVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:CfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa3db9f8a47e7a349c2f63a26d256792_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:632
  • C:\Windows\system32\ApplySettingsTemplateCatalog.exe
    C:\Windows\system32\ApplySettingsTemplateCatalog.exe
    1⤵
      PID:2468
    • C:\Users\Admin\AppData\Local\s3hnRP\ApplySettingsTemplateCatalog.exe
      C:\Users\Admin\AppData\Local\s3hnRP\ApplySettingsTemplateCatalog.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1000
    • C:\Windows\system32\msconfig.exe
      C:\Windows\system32\msconfig.exe
      1⤵
        PID:2588
      • C:\Users\Admin\AppData\Local\2ogV\msconfig.exe
        C:\Users\Admin\AppData\Local\2ogV\msconfig.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2720
      • C:\Windows\system32\PresentationHost.exe
        C:\Windows\system32\PresentationHost.exe
        1⤵
          PID:3420
        • C:\Users\Admin\AppData\Local\zf4Dt1p\PresentationHost.exe
          C:\Users\Admin\AppData\Local\zf4Dt1p\PresentationHost.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3520

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\2ogV\VERSION.dll
          Filesize

          1.4MB

          MD5

          c134d6bf76a60e4b0ac0b1e6e2ccc218

          SHA1

          88f31212ba962d8d6cc5d7781cdf2955e6b810c8

          SHA256

          07b796e9d8a2520a2978f36662aa18c796ee31b4a24a3fc87c3755662912bd06

          SHA512

          e503e2056936a8997b6e59fd2d6d1c73f7a55887f1c602d90be1cd4a7e09ffdf2f82bf28d2c727367808d517a76087e74f7b4b06754b252c92b8772455b53fc7

          Download Submit

        • C:\Users\Admin\AppData\Local\2ogV\msconfig.exe
          Filesize

          193KB

          MD5

          39009536cafe30c6ef2501fe46c9df5e

          SHA1

          6ff7b4d30f31186de899665c704a105227704b72

          SHA256

          93d2604f7fdf7f014ac5bef63ab177b6107f3cfc26da6cbd9a7ab50c96564a04

          SHA512

          95c9a8bc61c79108634f5578825544323e3d980ae97a105a325c58bc0e44b1d500637459969602f08d6d23d346baec6acd07d8351803981000c797190d48f03a

          Download Submit

        • C:\Users\Admin\AppData\Local\s3hnRP\ACTIVEDS.dll
          Filesize

          1.4MB

          MD5

          a956d55dae9a117767a374a263eace1f

          SHA1

          6b6e9eab5c67e831b45637add4426ce2003f7407

          SHA256

          386fc8318659cfeeabddd7ffa083702512cbb58c4eddb28f8041a154934c418e

          SHA512

          e3344f5e312da8023205f422f9e5ac7e32623b5fd5cdba7bd21e3d93389b277ff1b72da92444a4326028ff6a06884778da0661df4865dfd8752d2b3eb2f23c25

          Download Submit

        • C:\Users\Admin\AppData\Local\s3hnRP\ApplySettingsTemplateCatalog.exe
          Filesize

          1.1MB

          MD5

          13af41b1c1c53c7360cd582a82ec2093

          SHA1

          7425f893d1245e351483ab4a20a5f59d114df4e1

          SHA256

          a462f29efaaa3c30411e76f32608a2ba5b7d21af3b9804e5dda99e342ba8c429

          SHA512

          c7c82acef623d964c520f1a458dbfe34099981de0b781fb56e14b1f82632e3a8437db6434e7c20988aa3b39efde47aab8d188e80845e841a13e74b079285706a

          Download Submit

        • C:\Users\Admin\AppData\Local\zf4Dt1p\PresentationHost.exe
          Filesize

          276KB

          MD5

          ef27d65b92d89e8175e6751a57ed9d93

          SHA1

          7279b58e711b459434f047e9098f9131391c3778

          SHA256

          17d6dcfaced6873a4ac0361ff14f48313f270ac9c465e9f02b5c12b5a5274c48

          SHA512

          40f46c3a131bb0388b8a3f7aee422936f6e2aa8d2cda547c43c4e7979c163d06c5aa20033a5156d3eeee5d455eeb929cbce89bcc8bb1766cbb65d7f03dd23e2e

          Download Submit

        • C:\Users\Admin\AppData\Local\zf4Dt1p\VERSION.dll
          Filesize

          1.4MB

          MD5

          5dfa453d34818209004aabc840ec53eb

          SHA1

          10345f929d3d94809e782049805f8c94e46c7616

          SHA256

          dca3d9512a264a99329c7ff7d5d132af2bd58210db26edb834549d551214ce6b

          SHA512

          091035ccc4a83dc256cd3e99cb3f7c73875506d59120ef34f5197de8863b254bebf738b0a335b588b36ea401bbe5dec66bd07423ce63f7d0362a57e4cbf96765

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Hsqdjhworldfy.lnk
          Filesize

          1KB

          MD5

          7b7956c13bcaa327f124948fa932f873

          SHA1

          c8e67523a2ac88c11ff3e7086c81c2e4945b0609

          SHA256

          89cb90ba01223f4cc6540896d68e0959473c3866a3d32230224750c56f9bc567

          SHA512

          5015e6ba496f3c904c12e4869d3d1d238eefaa4b5dacbc03bc2508c6e47ed4cc21e578ddc2d12062d844b201a031e5eda46184b5ebcc0db84edde9a9b0a9a77b

          Download Submit

        • memory/632-9-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/632-1-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/632-0-0x00000270252B0000-0x00000270252B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1000-61-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1000-58-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1000-57-0x000001D699C30000-0x000001D699C37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2720-80-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2720-74-0x000002286F0F0000-0x000002286F0F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3424-14-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-48-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-21-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-18-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-22-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-24-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-23-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-26-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-25-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-27-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-28-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-29-0x0000000000620000-0x0000000000627000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3424-36-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-39-0x00007FFBA2C00000-0x00007FFBA2C10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3424-46-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-20-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-19-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-17-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-16-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-15-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-13-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-12-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-4-0x00000000024A0000-0x00000000024A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3424-10-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-11-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-8-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-7-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3424-5-0x00007FFBA205A000-0x00007FFBA205B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3520-94-0x00000271F62D0000-0x00000271F6433000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3520-100-0x00000271F62D0000-0x00000271F6433000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3520-95-0x00000271F7CE0000-0x00000271F7CE7000-memory.dmp

          Filesize

          28KB

          Download