Analysis
-
max time kernel
55s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
29-04-2024 06:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0704068b7be5426f38f2da38c965d04e_JaffaCakes118.dll
Resource
win7-20240220-en
windows7-x64
3 signatures
150 seconds
General
-
Target
0704068b7be5426f38f2da38c965d04e_JaffaCakes118.dll
-
Size
280KB
-
MD5
0704068b7be5426f38f2da38c965d04e
-
SHA1
80ef0434d370a4b112cb632b1868aad93d53a9bd
-
SHA256
8c8896ec10234612dd5063dfa4f84ca815ace19c4c2b0b3def9c29be0029f390
-
SHA512
042f7eb2107965149f7cd249de9adcda4a5367d5a789fa4cc71450332f80c7c1d861653646c57faeebe173ca2371530585f0dd36b9164f46132f0652eaa98808
-
SSDEEP
6144:SqUtrd+yrmjlZI3vIVMPN6SG2H9X0A6NPXiGmJ5WMm:Sz+yoZIwVMPN6SG2x0dNfiGuI
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
146.164.126.197:443
69.16.193.166:9443
193.90.12.122:3098
157.245.103.132:14043
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/2888-1-0x0000000000400000-0x000000000045C000-memory.dmp dridex_ldr_dmod -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 3788 wrote to memory of 2888 3788 regsvr32.exe regsvr32.exe PID 3788 wrote to memory of 2888 3788 regsvr32.exe regsvr32.exe PID 3788 wrote to memory of 2888 3788 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\0704068b7be5426f38f2da38c965d04e_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\0704068b7be5426f38f2da38c965d04e_JaffaCakes118.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2888-1-0x0000000000400000-0x000000000045C000-memory.dmpFilesize
368KB