Overview

overview

10

Static

static

3

fd57127a9d...18.dll

windows7-x64

10

fd57127a9d...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 18:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd57127a9d03362b266131627024567f_JaffaCakes118.dll

  • Size

    1.7MB

  • MD5

    fd57127a9d03362b266131627024567f

  • SHA1

    8fd4756ed988115415e16ddd1813f1d6a7127efb

  • SHA256

    745a55baf57dd1b7ce9c758087660f6d408b6cf9471df4c7e823f5f622097394

  • SHA512

    7da2e4c387bb16ee026e20db9954b138090e501cf15247bb404b8b6cae781f0980cfcff817cbe0f8a059af05adf22d01cf0ad9557f7ccbbf0ada9b7a3af0447a

  • SSDEEP

    12288:PVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:mfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fd57127a9d03362b266131627024567f_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1080
  • C:\Windows\system32\printfilterpipelinesvc.exe
    C:\Windows\system32\printfilterpipelinesvc.exe
    1⤵
      PID:2976
    • C:\Users\Admin\AppData\Local\r0s\printfilterpipelinesvc.exe
      C:\Users\Admin\AppData\Local\r0s\printfilterpipelinesvc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2632
    • C:\Windows\system32\tcmsetup.exe
      C:\Windows\system32\tcmsetup.exe
      1⤵
        PID:4432
      • C:\Users\Admin\AppData\Local\3KhcT8\tcmsetup.exe
        C:\Users\Admin\AppData\Local\3KhcT8\tcmsetup.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3800
      • C:\Windows\system32\CameraSettingsUIHost.exe
        C:\Windows\system32\CameraSettingsUIHost.exe
        1⤵
          PID:1000
        • C:\Users\Admin\AppData\Local\we79YJWE\CameraSettingsUIHost.exe
          C:\Users\Admin\AppData\Local\we79YJWE\CameraSettingsUIHost.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1504

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\3KhcT8\TAPI32.dll
          Filesize

          1.7MB

          MD5

          7710200faf3a4546b151c58a218c99e8

          SHA1

          4b999d80823e94d91686f56520c6af7c33392e63

          SHA256

          0ede644051ca29c49f43c0167cb4ae747458ffd2b3a57f3fa92faa7948816460

          SHA512

          5f374862bc1d91eea97acef7793937c8239f69c12048268a5bbbeb0ccb7ccc1b8ad543dd4cc857e03a26acf1c0507ce0d24c494f341a9f93f1dcd5712362104f

          Download Submit

        • C:\Users\Admin\AppData\Local\3KhcT8\tcmsetup.exe
          Filesize

          16KB

          MD5

          58f3b915b9ae7d63431772c2616b0945

          SHA1

          6346e837da3b0f551becb7cac6d160e3063696e9

          SHA256

          e243501ba2ef7a6f04f51410bb916faffe0ec23450a4d030ce6bfe747e544b39

          SHA512

          7b09192af460c502d1a94989a0d06191c8c7a058ce3a4541e3f45960a1e12529d0cdaff9da3d5bacfdceed57aeb6dc9a159c6c0a95675c438f99bf7e418c6dc5

          Download Submit

        • C:\Users\Admin\AppData\Local\r0s\XmlLite.dll
          Filesize

          1.7MB

          MD5

          dcc72e21fd06f404fd8190879a337f1f

          SHA1

          1696a95362bc81d5f5a0a3a467e6a32942d29286

          SHA256

          4fc4e46cead4966a590070619d0651856276f63d263f713d1697881dfc6ec71a

          SHA512

          75c3c30783aeffb1dc930acf74d25568dab5267a2b50bb138598171ba68b0867e8766117ba92e6496ddce4d9d239910fe6454555b93fae5a5a31a24417e27541

          Download Submit

        • C:\Users\Admin\AppData\Local\r0s\printfilterpipelinesvc.exe
          Filesize

          813KB

          MD5

          331a40eabaa5870e316b401bd81c4861

          SHA1

          ddff65771ca30142172c0d91d5bfff4eb1b12b73

          SHA256

          105099819555ed87ef3dab70a2eaf2cb61076f453266cec57ffccb8f4c00df88

          SHA512

          29992dbf10f327d77865af5e6ebbe66b937a5b4ad04c68cafbf4e6adbd6c6532c8a82ac7e638d97c1f053353a7c8a6d7e379f389af15443c94a1e8f9b16be5f8

          Download Submit

        • C:\Users\Admin\AppData\Local\we79YJWE\CameraSettingsUIHost.exe
          Filesize

          31KB

          MD5

          9e98636523a653c7a648f37be229cf69

          SHA1

          bd4da030e7cf4d55b7c644dfacd26b152e6a14c4

          SHA256

          3bf20bc5a208dfa1ea26a042fd0010b1268dcfedc94ed775f11890bc1d95e717

          SHA512

          41966166e2ddfe40e6f4e6da26bc490775caac9997465c6dd94ba6a664d3a797ffc2aa5684c95702e8657e5cea62a46a75aee3e7d5e07a47dcaaa5c4da565e78

          Download Submit

        • C:\Users\Admin\AppData\Local\we79YJWE\DUI70.dll
          Filesize

          1.9MB

          MD5

          091acbf4c1b2a82064a031927e95da9a

          SHA1

          dc9a804a2b4ad533442ea178f274566459eeb587

          SHA256

          0cfc11d34931fe528637ed0dcd7cc2f931816a58ab15909149e69d417061298d

          SHA512

          8593fbb0af633b78b298db18db0a49d9e8b7de7cb75d34028af3aa813c12013f2a8a1c377068d10deb761d3a5a6802b1901fc9414ec299d9ed1e2432b93858e3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Vqslomum.lnk
          Filesize

          1KB

          MD5

          44f3e895a618c298b19f06edb9aea4c0

          SHA1

          08c23207fd33fb49be072a0d392cfe8c7671a5a6

          SHA256

          6f4811e039efbca80306b269c8d80d84922ba90b553aa471dfc7ce4ce097313a

          SHA512

          7e0fb8f0f86cf999574e529065076b34dcccf00206c247e4a66bbf20167d849565d073246989e25a3b7596f38040e00277cb331c853d9f7be41e269f6441a3a8

          Download Submit

        • memory/1080-0-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1080-7-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1080-1-0x00000000005C0000-0x00000000005C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1504-95-0x0000000140000000-0x00000001401EF000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1504-98-0x000002A9485F0000-0x000002A9485F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1504-101-0x0000000140000000-0x00000001401EF000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2632-67-0x0000000140000000-0x00000001401AA000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2632-61-0x0000000140000000-0x00000001401AA000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2632-63-0x000001E86A430000-0x000001E86A437000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3512-15-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-19-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-21-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-22-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-23-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-24-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-26-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-25-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-28-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-29-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-30-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-32-0x0000000001390000-0x0000000001397000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3512-27-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-38-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-39-0x00007FF8B9640000-0x00007FF8B9650000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3512-48-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-50-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-20-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-18-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-17-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-16-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-14-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-4-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3512-6-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-8-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-13-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-11-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-12-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3512-9-0x00007FF8B8FBA000-0x00007FF8B8FBB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3512-10-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3800-80-0x00000201391C0000-0x00000201391C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3800-84-0x0000000140000000-0x00000001401AB000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3800-78-0x0000000140000000-0x00000001401AB000-memory.dmp

          Filesize

          1.7MB

          Download