Overview

overview

10

Static

static

3

248928b7b8...18.dll

windows7-x64

10

248928b7b8...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 10:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    248928b7b857f742be05aa928101d5f3_JaffaCakes118.dll

  • Size

    988KB

  • MD5

    248928b7b857f742be05aa928101d5f3

  • SHA1

    e395a8cf2db356a95dcbd1b5adff3937d12caadf

  • SHA256

    1df85ebabf3497906c02c02cd6731f3907815a8a3ccf2acdf3ae5fd6507e83e8

  • SHA512

    9cb1d87c8174314e944f637fb15624a8b6d0f0f29debbd6b7a82476737cf60dddcefed3e7fa76b8755798c2888cf64fab98c0071595d3466f99b0e78df3cf4e8

  • SSDEEP

    24576:GVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:GV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\248928b7b857f742be05aa928101d5f3_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2364
  • C:\Windows\system32\BdeUISrv.exe
    C:\Windows\system32\BdeUISrv.exe
    1⤵
      PID:2432
    • C:\Users\Admin\AppData\Local\x0YR\BdeUISrv.exe
      C:\Users\Admin\AppData\Local\x0YR\BdeUISrv.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2468
    • C:\Windows\system32\msra.exe
      C:\Windows\system32\msra.exe
      1⤵
        PID:2692
      • C:\Users\Admin\AppData\Local\LqUyh\msra.exe
        C:\Users\Admin\AppData\Local\LqUyh\msra.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2760
      • C:\Windows\system32\SystemPropertiesProtection.exe
        C:\Windows\system32\SystemPropertiesProtection.exe
        1⤵
          PID:1616
        • C:\Users\Admin\AppData\Local\PIQ7\SystemPropertiesProtection.exe
          C:\Users\Admin\AppData\Local\PIQ7\SystemPropertiesProtection.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1584

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\LqUyh\UxTheme.dll
          Filesize

          990KB

          MD5

          a333d8db1cb68ded69753a9d45de392a

          SHA1

          ddc72368075c6b9777316977317a209156f79cf3

          SHA256

          7e3ddbe104435537e3143c5006c37d7204a7e90ef4ea04994b00d4690472949b

          SHA512

          93eeb510564eaf848d0a56376c0b5f1eda574685dff4b3b76191a242a716c407bfec622891dc4c19c0bb3e0d7d593b6b00e2c8b354348ee38bf4e05e9bef6dc3

          Download Submit

        • C:\Users\Admin\AppData\Local\PIQ7\SYSDM.CPL
          Filesize

          988KB

          MD5

          9cd6869cb30313f07aa56a92ae0051d1

          SHA1

          0e1a73783f349cfd4f36b14f262da1a38206b265

          SHA256

          ab0b168938fc17846f121c8144096ea27da40cb94af7d923c8b52a2a5c504dc4

          SHA512

          ba4a0b212fa87cea111cb87a35b44d437275baf302c64b52946019adcc9aeebfee64be30e7da4a458ee8fc79affe23022de7dbc203c4c4b587b69f58834daad0

          Download Submit

        • C:\Users\Admin\AppData\Local\PIQ7\SystemPropertiesProtection.exe
          Filesize

          80KB

          MD5

          05138d8f952d3fff1362f7c50158bc38

          SHA1

          780bc59fcddf06a7494d09771b8340acffdcc720

          SHA256

          753a43d8aa74341d06582bd6b3784dc5f8c6f46174c2a306cf284de238a9c6bd

          SHA512

          27fa8c0af3d01f0816852d04693087f3c25d1307d8857a7ea75b0bb3e0ac927d262f5ac5a335afee150142fa3187354d33ebbcf6c3cd5cc33cb4e6cd00c50255

          Download Submit

        • C:\Users\Admin\AppData\Local\x0YR\WTSAPI32.dll
          Filesize

          990KB

          MD5

          0ceb686832748a23d8073c66df521334

          SHA1

          a2ca58accea9385eee736488ab816cc160d3ac50

          SHA256

          d94ad0daafc06e3d7e3e8170353bc3093d2fc18f67debe76bfb284217577b558

          SHA512

          2f155e4c4e8b4a97175c834e0b91991f52a9eec1011b435fdc2bfeb149709cccc63f9583d42d2d6e151c137f12bd3e0558810072a3da2bb33295a6136e7a7b07

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Qscjinkjzo.lnk
          Filesize

          1KB

          MD5

          61591b64a179b96c923abb1321d2e399

          SHA1

          e483c47c750a546432a1d06e847c061285f4f671

          SHA256

          2f45b92fbc66076680f3d3e24716cb7c7f5805a3e298e691e627653b001a73ba

          SHA512

          4664f91c4fd90c4b86f2b40a2f8c1496f8585ec492caf7f7afd394942d3ee2c161f53298e3cc79ff359da042c634ceb6b1dcee9fbcf5dbed939c48dcbe05b3b3

          Download Submit

        • \Users\Admin\AppData\Local\LqUyh\msra.exe
          Filesize

          636KB

          MD5

          e79df53bad587e24b3cf965a5746c7b6

          SHA1

          87a97ec159a3fc1db211f3c2c62e4d60810e7a70

          SHA256

          4e7c22648acf664ab13dfeb2dc062ae90af1e6c621186981f395fb279bbc9b9d

          SHA512

          9a329c39ce0bc5aede01e96c4190cc7ccd17729fbc3a2b6df73057be8efaa3fa92cfef6e26a25bde6f7f94f64f6d6d0e4c5459aef2aead367e43178dd275acfb

          Download Submit

        • \Users\Admin\AppData\Local\x0YR\BdeUISrv.exe
          Filesize

          47KB

          MD5

          1da6b19be5d4949c868a264bc5e74206

          SHA1

          d5ee86ba03a03ef8c93d93accafe40461084c839

          SHA256

          00330a0e0eb1dbb6ee84997963f8e15c7c15c1df787f1c7f109609d7b31bd35c

          SHA512

          9cee858c55eb0852e5bad53a675a094ae591b46b07afe9fb4224cac32e0be577fe36c1ed3e9f6bda4d4eb0c924a773d00e3181cd97f07e24c6c68c70f2b002c6

          Download Submit

        • memory/1200-24-0x00000000024D0000-0x00000000024D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1200-10-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1200-26-0x0000000077930000-0x0000000077932000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-23-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1200-25-0x00000000777A1000-0x00000000777A2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-13-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1200-12-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1200-11-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1200-8-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1200-36-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1200-35-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1200-4-0x0000000077596000-0x0000000077597000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-14-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1200-5-0x00000000024F0000-0x00000000024F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-70-0x0000000077596000-0x0000000077597000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-7-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1200-9-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/1584-92-0x0000000000390000-0x0000000000397000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1584-95-0x0000000140000000-0x00000001400FD000-memory.dmp

          Filesize

          1012KB

          Download

        • memory/2364-3-0x0000000000140000-0x0000000000147000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2364-44-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/2364-0-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/2468-58-0x0000000140000000-0x00000001400FD000-memory.dmp

          Filesize

          1012KB

          Download

        • memory/2468-53-0x0000000140000000-0x00000001400FD000-memory.dmp

          Filesize

          1012KB

          Download

        • memory/2468-52-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2760-71-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2760-77-0x0000000140000000-0x00000001400FD000-memory.dmp

          Filesize

          1012KB

          Download