Overview

overview

10

Static

static

3

563694b5b3...18.dll

windows7-x64

10

563694b5b3...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18/07/2024, 04:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    563694b5b3e24156272e80505a060dfb_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    563694b5b3e24156272e80505a060dfb

  • SHA1

    e95033c6a1c1a711134aedc993f56b953cd86efb

  • SHA256

    692edebbe453068bc42b4ca091ef8eaf27c544777b71b2f17930bde34cd67698

  • SHA512

    7fe4a9bb7d9ed79a7aba262c0bbb664ff2c6685a61ef8810f7b30fe17a888c44adfa2427c896087d567511098745c1e876f4f326024e9302248f9df83c0dba6a

  • SSDEEP

    12288:rVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:qfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\563694b5b3e24156272e80505a060dfb_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2092
  • C:\Windows\system32\DeviceDisplayObjectProvider.exe
    C:\Windows\system32\DeviceDisplayObjectProvider.exe
    1⤵
      PID:2504
    • C:\Users\Admin\AppData\Local\m1fHQcroz\DeviceDisplayObjectProvider.exe
      C:\Users\Admin\AppData\Local\m1fHQcroz\DeviceDisplayObjectProvider.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2060
    • C:\Windows\system32\unregmp2.exe
      C:\Windows\system32\unregmp2.exe
      1⤵
        PID:2928
      • C:\Users\Admin\AppData\Local\8QsFSC6Dc\unregmp2.exe
        C:\Users\Admin\AppData\Local\8QsFSC6Dc\unregmp2.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2848
      • C:\Windows\system32\ComputerDefaults.exe
        C:\Windows\system32\ComputerDefaults.exe
        1⤵
          PID:2980
        • C:\Users\Admin\AppData\Local\FdqrMG2g\ComputerDefaults.exe
          C:\Users\Admin\AppData\Local\FdqrMG2g\ComputerDefaults.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2940

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\8QsFSC6Dc\slc.dll
          Filesize

          1.2MB

          MD5

          7621ee690966cbcb9f31215ffdd15110

          SHA1

          d9ae84f58d88b81d1153bc4d0d3c2de8d116ae42

          SHA256

          de8b9d1eb318e34370327ab30fba6b8ab50894b056ee07ef9c6cb786f2c927e4

          SHA512

          2d30aa6407c6b9b96d858092fff559e4add4a7e903078afdf8140e15c43023ecac3f2f207c148b24f91ea24393f4efe4b6b976785b70e524580ec935c1c7291d

          Download Submit

        • C:\Users\Admin\AppData\Local\FdqrMG2g\appwiz.cpl
          Filesize

          1.2MB

          MD5

          09fc9fc325765e325d0d1df2c8cec082

          SHA1

          83070939e7d8c96613266e26ba2e4a2fd298772b

          SHA256

          92565831e76e5bb240fb541b6ebb0635bd056f6409aabe0eebf7d16875b054f3

          SHA512

          97432a15ed2bbcc65ba9751953e6239ba49020ee31d8e7613726df0303cf959c157527bcd8e50cf9ffb0f9f69aa69e6316657ffdf9f6c44a98cdeccc1b9748a4

          Download Submit

        • C:\Users\Admin\AppData\Local\m1fHQcroz\DeviceDisplayObjectProvider.exe
          Filesize

          109KB

          MD5

          7e2eb3a4ae11190ef4c8a9b9a9123234

          SHA1

          72e98687a8d28614e2131c300403c2822856e865

          SHA256

          8481a8ec19cb656ce328c877d5817d317203ba34424a2e9d169ddce5bf2cd2b0

          SHA512

          18b1a0637f48929972a463d441182307725ebf1410dd461a1966bd040ac5dcced138155b7c713bfc924ea2f7b39527a084a08b44fa24c3eb9c654871f99caabf

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dwxzrb.lnk
          Filesize

          1KB

          MD5

          5ec9b7da1a4a7ff7d1ce5959bb2e1059

          SHA1

          be23eab40559ea1db15e8b955039ba6e4bf5d798

          SHA256

          cb4bfb6c96085760fbd580b1c1835097aa7ac76bf46a57d94e11cb39775f1188

          SHA512

          07848e175de56282aaab2e07a81a525ffa2079426d36f0d9bd7251f767f68b225ac465b2763de33ffd91630b08dbd8b5e4eeb47a681dfab1a9417d4c8226764e

          Download Submit

        • \Users\Admin\AppData\Local\8QsFSC6Dc\unregmp2.exe
          Filesize

          316KB

          MD5

          64b328d52dfc8cda123093e3f6e4c37c

          SHA1

          f68f45b21b911906f3aa982e64504e662a92e5ab

          SHA256

          7d6be433ba7dd4a2b8f8b79d7b87055da8daafa3e0404432d40469c39c2040e1

          SHA512

          e29fc068532df36f39c86b79392b5c6191de6f69b7beaba28f9ac96a26089b341b770ff29556eca14f57afd1de59a6f3726818482d6861bdd8ac556ae768df00

          Download Submit

        • \Users\Admin\AppData\Local\FdqrMG2g\ComputerDefaults.exe
          Filesize

          36KB

          MD5

          86bd981f55341273753ac42ea200a81e

          SHA1

          14fe410efc9aeb0a905b984ac27719ff0dd10ea7

          SHA256

          40b194be2bad2d3d4d1b69f9aec2853c8b663130810a11607ff72a9e3a06d5b3

          SHA512

          49bb6d4bf7a9356fadde7f6165af6973630827d28b69db10ad477a84d98b08fb82e4daae777166e1ddddb5b5efcdf634e4e9bd34b255dae87462ba32e8bba143

          Download Submit

        • \Users\Admin\AppData\Local\m1fHQcroz\XmlLite.dll
          Filesize

          1.2MB

          MD5

          3c608863af3997b8b6c2262794ed3aba

          SHA1

          26afe227fe27ac5df5641840bde9ad3bd9404295

          SHA256

          6e1732920b7f9c07737376d4292b3ff422860599c008f8c8b6f2ca36dfea4d99

          SHA512

          f66411b66304b397e6e7bda827a056e663dcd4d8ad31bc4136e6672cf3632cde9b9f6054ba16695e92ca5aa1f37eccf0eafac6886995ee29cbb1e3eac8a5bd55

          Download Submit

        • memory/1096-38-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-34-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-17-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-16-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-15-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-18-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-54-0x0000000002600000-0x0000000002607000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1096-53-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-46-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-45-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-44-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-42-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-41-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-40-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-65-0x0000000076E90000-0x0000000076E92000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1096-149-0x0000000076C26000-0x0000000076C27000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1096-5-0x0000000002960000-0x0000000002961000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1096-8-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-9-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-68-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-64-0x0000000076D31000-0x0000000076D32000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1096-63-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-39-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-4-0x0000000076C26000-0x0000000076C27000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1096-37-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-36-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-35-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-7-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-33-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-32-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-31-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-30-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-29-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-28-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-27-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-26-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-25-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-24-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-23-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-22-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-21-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-20-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-43-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-19-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-10-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-12-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-14-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-13-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2060-83-0x0000000140000000-0x000000014013C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2060-87-0x0000000000380000-0x0000000000387000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2092-11-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2092-3-0x00000000000B0000-0x00000000000B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2092-0-0x0000000140000000-0x000000014013B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2848-111-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2940-124-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download