Overview

overview

10

Static

static

3

2c82259047...18.dll

windows7-x64

10

2c82259047...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 00:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c82259047ff1a2055de236f59b1145d_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    2c82259047ff1a2055de236f59b1145d

  • SHA1

    c8aec22b2317578d0a4a349e1b3303b545cd1924

  • SHA256

    2c5e903d22f52303dc85482ceca20ce539a634d9874b5050115eebb2822d4fc9

  • SHA512

    614102a31e0a44df03395e77218fc79749adcbf4ce75033779d8f114bfad89d155202761c9109ef52c290d159a7e469103282c712660bf1691c3efd022ca5739

  • SSDEEP

    24576:ZVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:ZV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c82259047ff1a2055de236f59b1145d_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1636
  • C:\Windows\system32\SystemPropertiesHardware.exe
    C:\Windows\system32\SystemPropertiesHardware.exe
    1⤵
      PID:2620
    • C:\Users\Admin\AppData\Local\r05up8Vf\SystemPropertiesHardware.exe
      C:\Users\Admin\AppData\Local\r05up8Vf\SystemPropertiesHardware.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2508
    • C:\Windows\system32\mspaint.exe
      C:\Windows\system32\mspaint.exe
      1⤵
        PID:2184
      • C:\Users\Admin\AppData\Local\ekUY\mspaint.exe
        C:\Users\Admin\AppData\Local\ekUY\mspaint.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2116
      • C:\Windows\system32\mspaint.exe
        C:\Windows\system32\mspaint.exe
        1⤵
          PID:2752
        • C:\Users\Admin\AppData\Local\0r0\mspaint.exe
          C:\Users\Admin\AppData\Local\0r0\mspaint.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1536

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\0r0\WINMM.dll
          Filesize

          1.2MB

          MD5

          2848517c4bfff514b7d6219738748fdb

          SHA1

          e8118535f99b1584851f88c37d4d15283e283e2b

          SHA256

          b292ecad0785733c80c63f2e4d3b2f1bc0da447fba5dab25df3072a89dc023d0

          SHA512

          c86765d8a4b643ff3127d93b96799fb56b58506d58d2440d9047fe06e24651300c707445a9843a960e2dbae342f292104ba5e48a3b206083be7378e55c73e023

          Download Submit
        • C:\Users\Admin\AppData\Local\ekUY\WINMM.dll
          Filesize

          1.2MB

          MD5

          8bf6ce7f998ef9d93a5f014bbe0d0d7b

          SHA1

          218b37320fa953de871589d6f7f8e649c3b71063

          SHA256

          3d9a578f4902a108405aef6563b1b722b23ca6346522883d62777d2324e43d1a

          SHA512

          f5b44abc7f9fffe76b0e7b59540d4488d11b721b1fb34a5d97d03e94e41b9698c05bbe9faf3930ee34c058f1f804ea5e668b40bdfb38e0128399671b8beccc9d

          Download Submit
        • C:\Users\Admin\AppData\Local\r05up8Vf\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          32616332c5d47823238e0dab1e87c38f

          SHA1

          f1d7b3e105079c5fccf002ceb52cf9c310d3a3c6

          SHA256

          7ccae4bf33165f177901eace3605678c3cc1480f7f8608f2965f4d2f035d236f

          SHA512

          1dd11a7a0bfee424850d8b3161fe7e6f2608905cac1452d3280b426c887e8b0474ec9d1c68b272ef6524793eee8c7b6144fdc69d7cfe70e46e1a57332288035d

          Download Submit
        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Mewsro.lnk
          Filesize

          1KB

          MD5

          69f77eec6fcff7a41b6e2db6de969468

          SHA1

          04e604830ea1116c0cb1e56e4717dc6395adcffc

          SHA256

          6f483f1eaeb4180e25facfbc0e783d5cabc4f808b8280be015bc80f73b1ba1ac

          SHA512

          9293013de8c9b6b26161dfc3efaa50c362e0ecfbc057c74fd517a483acd67e927a3874dcc7ca41582c4e93dd8eadb960d8bb18b866826069a1579cb8e7d5b1a5

          Download Submit
        • \Users\Admin\AppData\Local\ekUY\mspaint.exe
          Filesize

          6.4MB

          MD5

          458f4590f80563eb2a0a72709bfc2bd9

          SHA1

          3f97dc3bd1467c710c6a8d26b97bb6cf47deb4c6

          SHA256

          ff923c051ae380bf30d749ebe9cf310ccab6572d84eb81b76fb1012bcbdf557f

          SHA512

          e34500658dbe105a704fff6988b75d13aa9931adfd585b8ce1f023c61abd573d58067ee1f43e80076729ba99c9a00c17eb8cfcfac9c3d271d76bd251ccab1681

          Download Submit
        • \Users\Admin\AppData\Local\r05up8Vf\SystemPropertiesHardware.exe
          Filesize

          80KB

          MD5

          c63d722641c417764247f683f9fb43be

          SHA1

          948ec61ebf241c4d80efca3efdfc33fe746e3b98

          SHA256

          4759296b421d60c80db0bb112a30425e04883900374602e13ed97f7c03a49df2

          SHA512

          7223d1c81a4785ed790ec2303d5d9d7ebcae9404d7bf173b3145e51202564de9977e94ac10ab80c6fe49b5f697af3ec70dfd922a891915e8951b5a1b5841c8be

          Download Submit
        • memory/1180-13-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-38-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-7-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-12-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-25-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-26-0x00000000024C0000-0x00000000024C7000-memory.dmp
          Filesize

          28KB

          Download
        • memory/1180-27-0x0000000077491000-0x0000000077492000-memory.dmp
          Filesize

          4KB

          Download
        • memory/1180-16-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-15-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-14-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-4-0x0000000077386000-0x0000000077387000-memory.dmp
          Filesize

          4KB

          Download
        • memory/1180-28-0x0000000077620000-0x0000000077622000-memory.dmp
          Filesize

          8KB

          Download
        • memory/1180-37-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-8-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-5-0x00000000024E0000-0x00000000024E1000-memory.dmp
          Filesize

          4KB

          Download
        • memory/1180-9-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-10-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-11-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1180-64-0x0000000077386000-0x0000000077387000-memory.dmp
          Filesize

          4KB

          Download
        • memory/1536-95-0x0000000140000000-0x0000000140145000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1636-46-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/1636-0-0x0000000000120000-0x0000000000127000-memory.dmp
          Filesize

          28KB

          Download
        • memory/1636-1-0x0000000140000000-0x0000000140143000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/2116-75-0x00000000002B0000-0x00000000002B7000-memory.dmp
          Filesize

          28KB

          Download
        • memory/2116-72-0x0000000140000000-0x0000000140145000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/2116-78-0x0000000140000000-0x0000000140145000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/2508-59-0x0000000140000000-0x0000000140144000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/2508-54-0x0000000140000000-0x0000000140144000-memory.dmp
          Filesize

          1.3MB

          Download