Analysis
-
max time kernel
91s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2024 19:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
818eb40d9ae3bda113194f718f70db08_JaffaCakes118.dll
Resource
win7-20240508-en
2 signatures
150 seconds
General
-
Target
818eb40d9ae3bda113194f718f70db08_JaffaCakes118.dll
-
Size
324KB
-
MD5
818eb40d9ae3bda113194f718f70db08
-
SHA1
2346825b6b6dea431231a15941ce61058855b197
-
SHA256
5d2e121c650aea3012ab7891236953dd3b09672788a7be2e4a74716c59e94d98
-
SHA512
f49b847f3776e8b25c9e684f38c9559d2398975c6ee0b5c74e6401e203f500e4fee025999fb5b1915caeb27ca84ad082711f3e111e2708989163faa50aa29643
-
SSDEEP
6144:dudJKJ4hF7popQTRq3va4jl6u31Ut+Ji370HnBs4NeuVCC:w7yUReva4jlNoQnBXek1
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
51.75.24.85:443
46.22.116.163:3074
173.249.46.113:3889
192.241.174.45:4443
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4116 wrote to memory of 3880 4116 rundll32.exe rundll32.exe PID 4116 wrote to memory of 3880 4116 rundll32.exe rundll32.exe PID 4116 wrote to memory of 3880 4116 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\818eb40d9ae3bda113194f718f70db08_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\818eb40d9ae3bda113194f718f70db08_JaffaCakes118.dll,#12⤵