Overview

overview

10

Static

static

3

52ab939a75...18.dll

windows7-x64

10

52ab939a75...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-05-2024 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    52ab939a75757880e9bfc35fd2fa2576_JaffaCakes118.dll

  • Size

    1.4MB

  • MD5

    52ab939a75757880e9bfc35fd2fa2576

  • SHA1

    3f2653d7e6126b092d0dde6b762771f69fc53bce

  • SHA256

    7ecf07ac53b189273246a924e5dfec00f279ef61109ef416a064ceae4363a03b

  • SHA512

    e977a0e211fd2080da59b8402f3871e260c6bb5972834116086719b61ef246a3ea7057f9561df03ada1e478f55799e77adf510774610d78f3e42d6ce9159a1c9

  • SSDEEP

    24576:oVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8y:oV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\52ab939a75757880e9bfc35fd2fa2576_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1396
  • C:\Windows\system32\phoneactivate.exe
    C:\Windows\system32\phoneactivate.exe
    1⤵
      PID:4972
    • C:\Users\Admin\AppData\Local\o26q0Be\phoneactivate.exe
      C:\Users\Admin\AppData\Local\o26q0Be\phoneactivate.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2460
    • C:\Windows\system32\Magnify.exe
      C:\Windows\system32\Magnify.exe
      1⤵
        PID:3244
      • C:\Users\Admin\AppData\Local\H518ClO2j\Magnify.exe
        C:\Users\Admin\AppData\Local\H518ClO2j\Magnify.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4088
      • C:\Windows\system32\ApplicationFrameHost.exe
        C:\Windows\system32\ApplicationFrameHost.exe
        1⤵
          PID:3832
        • C:\Users\Admin\AppData\Local\joiflTg1r\ApplicationFrameHost.exe
          C:\Users\Admin\AppData\Local\joiflTg1r\ApplicationFrameHost.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4528

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\H518ClO2j\Magnify.exe
          Filesize

          639KB

          MD5

          4029890c147e3b4c6f41dfb5f9834d42

          SHA1

          10d08b3f6dabe8171ca2dd52e5737e3402951c75

          SHA256

          57137f784594793dc0669042ccd3a71ddbfedeb77da6d97173d82613e08add4d

          SHA512

          dbdc60f8692f13c23dbed0b76e9c6758a5b413bd6aaf4e4d0ba74e69c0871eb759da95c3f85a31d972388b545dcf3bb8abbcbedd29a1e7e48c065130b98b893d

          Download Submit

        • C:\Users\Admin\AppData\Local\H518ClO2j\OLEACC.dll
          Filesize

          1.4MB

          MD5

          a9f2ae88a79ec467262849a84a9ce330

          SHA1

          b79186d690af85c68c10a5cd5acf50ae79948a2e

          SHA256

          ccdb80341ac831350d2833a8305760bdae98acbb90b7f30fbc9c43b7b2db569e

          SHA512

          f6a9696160b823a7da865def27fc6b77971cec8ceac0e0bdf4bd242b0200e53014a885674a0bee79c473ee892b6e4b4eab0273688f3dbdb61e24fad7f1850a82

          Download Submit

        • C:\Users\Admin\AppData\Local\joiflTg1r\ApplicationFrameHost.exe
          Filesize

          76KB

          MD5

          d58a8a987a8dafad9dc32a548cc061e7

          SHA1

          f79fc9e0ab066cad530b949c2153c532a5223156

          SHA256

          cf58e424b86775e6f2354291052126a646f842fff811b730714dfbbd8ebc71a4

          SHA512

          93df28b65af23a5f82124ba644e821614e2e2074c98dbb2bd7319d1dfe9e2179b9d660d7720913c79a8e7b2f8560440789ad5e170b9d94670589885060c14265

          Download Submit

        • C:\Users\Admin\AppData\Local\joiflTg1r\dxgi.dll
          Filesize

          1.4MB

          MD5

          8dbb5362a0b5ddd9fee3c49453c5c627

          SHA1

          32274f75f40bae6afbde2ba5b4e8dad1bd46f0b9

          SHA256

          c7af8fb1ef6307261244f94c73d8477fd49f98d16fd553d0b4286c36205586c0

          SHA512

          d186d7c10ee5e28d2923cde387fd9be5dd72153815c68514a0d006079c1b5b525dd7ea78ec5b8443dc0586871e77f45da3bea925c0681bc9d122d100855e14f8

          Download Submit

        • C:\Users\Admin\AppData\Local\o26q0Be\DUI70.dll
          Filesize

          1.7MB

          MD5

          121344aeb8ad8ba5c6f1e5c27a0c2e5a

          SHA1

          e1ad156eacdc27f03056b973baff95bc70f38b4e

          SHA256

          d83e6ff3076e745f736cf116801d6e70d016acc0e07497b6e1e86b0c2cc95a18

          SHA512

          c60f9e1318e172f5ff22538b78a64399c4ab755498e046d70bb7f9534ba61d8cd6d2619ad83751111b485518f2666fa4cd619560c03e53274fa98917d9c4284b

          Download Submit

        • C:\Users\Admin\AppData\Local\o26q0Be\phoneactivate.exe
          Filesize

          107KB

          MD5

          32c31f06e0b68f349f68afdd08e45f3d

          SHA1

          e4b642f887e2c1d76b6b4777ade91e3cb3b9e27c

          SHA256

          cea83eb34233fed5ebeef8745c7c581a8adbefbcfc0e30e2d30a81000c821017

          SHA512

          fe61764b471465b164c9c2202ed349605117d57ceb0eca75acf8bda44e8744c115767ee0caed0b7feb70ba37b477d00805b3fdf0d0fa879dd4c8e3c1dc1c0d26

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Arcabpqqvo.lnk
          Filesize

          1KB

          MD5

          058ddd5fd36a2cea663267acb7602808

          SHA1

          380ac058e68e5bd762539fb3b9189845034dddb9

          SHA256

          14f11cc31d3c02e67949ff2ea40a9b1f5a565038d86bb537aeca0b2acdbb0b00

          SHA512

          1d4ff8b10ad1fa7a7ad345646943145df05a9b6f37e83d728f5d0463341f2c667d1181ee9a910240716e04d8d88628c6e698ebdd81271096332529b55cceab9f

          Download Submit

        • memory/1396-39-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1396-3-0x0000020AFB3B0000-0x0000020AFB3B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1396-1-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2460-52-0x0000000140000000-0x00000001401BC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2460-47-0x0000000140000000-0x00000001401BC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2460-46-0x000001C2CF690000-0x000001C2CF697000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3508-37-0x0000000000980000-0x0000000000987000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3508-36-0x00007FF81DE8A000-0x00007FF81DE8B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3508-10-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-8-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-7-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-12-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-14-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-13-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-33-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-11-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-38-0x00007FF81F0B0000-0x00007FF81F0C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3508-24-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-15-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-4-0x00000000009C0000-0x00000000009C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3508-9-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-6-0x0000000140000000-0x0000000140176000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4088-68-0x0000000140000000-0x0000000140177000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4088-67-0x00000140AA970000-0x00000140AA977000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4088-63-0x0000000140000000-0x0000000140177000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4528-82-0x0000000140000000-0x0000000140177000-memory.dmp

          Filesize

          1.5MB

          Download