Analysis
-
max time kernel
51s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
10-06-2024 20:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9bce97f19e31a1e3b783ac32d2c726fa_JaffaCakes118.dll
Resource
win7-20240508-en
2 signatures
150 seconds
General
-
Target
9bce97f19e31a1e3b783ac32d2c726fa_JaffaCakes118.dll
-
Size
324KB
-
MD5
9bce97f19e31a1e3b783ac32d2c726fa
-
SHA1
77b24c8ba771792da6aec76f4ec248f0ecb235c3
-
SHA256
2d7c7b9472f1f4bb2f678822f16e8575971574ba763bd9e98fdb7d8b2a8f5d2e
-
SHA512
8bcd3785c816a469c6992583556e3aa07f5f3d301de328c1629fc99e667ba474eff355ebe0670bffa5db387d589d2d900ada70ac8069fd2861cc49a6d001722d
-
SSDEEP
6144:Eud4KJ4hF7popQTRq3va4jl6u31Ut+Ji370HnBs4NeuVCC:O7yUReva4jlNoQnBXek1
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
51.75.24.85:443
46.22.116.163:3074
173.249.46.113:3889
192.241.174.45:4443
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 620 wrote to memory of 1712 620 rundll32.exe rundll32.exe PID 620 wrote to memory of 1712 620 rundll32.exe rundll32.exe PID 620 wrote to memory of 1712 620 rundll32.exe rundll32.exe PID 620 wrote to memory of 1712 620 rundll32.exe rundll32.exe PID 620 wrote to memory of 1712 620 rundll32.exe rundll32.exe PID 620 wrote to memory of 1712 620 rundll32.exe rundll32.exe PID 620 wrote to memory of 1712 620 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9bce97f19e31a1e3b783ac32d2c726fa_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9bce97f19e31a1e3b783ac32d2c726fa_JaffaCakes118.dll,#12⤵