Overview

overview

10

Static

static

3

28f9d2567f...18.dll

windows7-x64

10

28f9d2567f...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-07-2024 22:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28f9d2567ff022f9487d72b412530ca6_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    28f9d2567ff022f9487d72b412530ca6

  • SHA1

    11c59d4f551d171cd7719f68018a5881be91f0dc

  • SHA256

    3d91e0a34af694a2c0dcecbf51e9aea69df32acfafa28e778f8136585c188a9b

  • SHA512

    6923bdeb098a1e1df22ffc683766fdb5c44b4b2e01acd6b2622886229efa1e1bc601f66426f5447cb16021e4502af31c09f0ea1f57e81c6221fb3d81e32f44d7

  • SSDEEP

    24576:WuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:W9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\28f9d2567ff022f9487d72b412530ca6_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2476
  • C:\Windows\system32\shrpubw.exe
    C:\Windows\system32\shrpubw.exe
    1⤵
      PID:5008
    • C:\Users\Admin\AppData\Local\Q0m\shrpubw.exe
      C:\Users\Admin\AppData\Local\Q0m\shrpubw.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:868
    • C:\Windows\system32\wscript.exe
      C:\Windows\system32\wscript.exe
      1⤵
        PID:1980
      • C:\Users\Admin\AppData\Local\QpE\wscript.exe
        C:\Users\Admin\AppData\Local\QpE\wscript.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2856
      • C:\Windows\system32\EhStorAuthn.exe
        C:\Windows\system32\EhStorAuthn.exe
        1⤵
          PID:3680
        • C:\Users\Admin\AppData\Local\POQpvlDg\EhStorAuthn.exe
          C:\Users\Admin\AppData\Local\POQpvlDg\EhStorAuthn.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3140

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\POQpvlDg\EhStorAuthn.exe
          Filesize

          128KB

          MD5

          d45618e58303edb4268a6cca5ec99ecc

          SHA1

          1f8049fc5ea8b57bb68e19fb55cb9dc1e18e9513

          SHA256

          d527323643be9df4d174c3169c6f2c7854a59b781654bcaebd154cb51fb4219c

          SHA512

          5d7ae663dcfedfaf00836dc018131851e5a40778bd582b417b9f0bbd4bb6d1b2eb8f37f7f5a01cd2beed78b6037ef6eb2a3290248d5e901173b1407990a202bd

          Download Submit

        • C:\Users\Admin\AppData\Local\POQpvlDg\UxTheme.dll
          Filesize

          1.2MB

          MD5

          76cd883ea3f3fbb3758d6a9d34d7a9e1

          SHA1

          4aa470f809e3fd28899a9ec50beeb2cffda9fa2a

          SHA256

          c3002d5c580e29381dc60a6310d4a1cc5b6d97967272414c6d27a641a61b1b3e

          SHA512

          0427da0be36b7340d0f52a52ad6b57ac8bd727009d894237467367334060c33e9ee852bb5fdfed2534e33831c6ae4022afdad7656a602895251e540035cba134

          Download Submit

        • C:\Users\Admin\AppData\Local\Q0m\shrpubw.exe
          Filesize

          59KB

          MD5

          9910d5c62428ec5f92b04abf9428eec9

          SHA1

          05f27d7515e8ae1fa3bc974ec65b864ec4c9ac8b

          SHA256

          6b84e6e55d8572d7edf0b6243d00abb651fcb0cddddac8461de5f9bb80035a2e

          SHA512

          01be043f7ff879a683e53962eec58456ba200d6787ea66581bb62669ae65d5e58a5577cdf23441165f7a535fce1dec933e3ad2465c72172b4a1488b24ce722cb

          Download Submit

        • C:\Users\Admin\AppData\Local\Q0m\srvcli.dll
          Filesize

          1.2MB

          MD5

          5110301fae3d875cc689d62804b3d0b6

          SHA1

          d5e7fda302055f5c2c32810088df63f5d64ef84c

          SHA256

          dc07da33cb60ce7962309cb235233e619cffc96b12312ab5f0b04ee20104e9c5

          SHA512

          ebf21c81bffae3677eb77d64538168aa6cbe074f9e39f0ceb824c7cf88139099c8c58da4a90afc2875e9fb4091a6d2072f07bb5e3d8918bde7cc4a6eb658f3b7

          Download Submit

        • C:\Users\Admin\AppData\Local\QpE\VERSION.dll
          Filesize

          1.2MB

          MD5

          b0951acaffa3570e28eeb4df8ff61e7b

          SHA1

          142e94b105eabf123e142ee0b6aad0d36ebe19fe

          SHA256

          6637b644ad510cf3d3cbc1f903cf8fc9b28b17c90f76f5c320add69c353972b9

          SHA512

          35fa2dd061694f8153db00d1c53d4ea1852deebe9febde89132fc066537de09e96ec0f88e5125adcd0ac1af90b5ff965f82398def02e086fe4a092ba4e7dd5d9

          Download Submit

        • C:\Users\Admin\AppData\Local\QpE\wscript.exe
          Filesize

          166KB

          MD5

          a47cbe969ea935bdd3ab568bb126bc80

          SHA1

          15f2facfd05daf46d2c63912916bf2887cebd98a

          SHA256

          34008e2057df8842df210246995385a0441dc1e081d60ad15bd481e062e7f100

          SHA512

          f5c81e6dc4d916944304fc85136e1ff6dee29a21e50a54fe6280a475343eccbfe094171d62475db5f38e07898c061126158c34d48b9d8f4f57f76d49e564e3fc

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Vmoyh.lnk
          Filesize

          1KB

          MD5

          5e81bf47f3af6f494a3556644e8d766c

          SHA1

          c311d85e94ab1b3c073b725bb3b07d9fa13e920e

          SHA256

          80a696797d4b9da666611f6d0c265852f2128f10cd350ad47552cacc4f4d3003

          SHA512

          37da2d1a8dc40976031766ae86e4f7796b6d1b7dab63eff75db3acc08e8a1d2044ec92859315069c47be5da06c266231b52a2c4a0005cfd114c836b739a21a6d

          Download Submit

        • memory/868-46-0x00007FFEDBB60000-0x00007FFEDBC92000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/868-49-0x0000017526BE0000-0x0000017526BE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/868-50-0x00007FFEDBB60000-0x00007FFEDBC92000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2476-3-0x000001CDA2490000-0x000001CDA2497000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2476-39-0x00007FFEDBB60000-0x00007FFEDBC91000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2476-1-0x00007FFEDBB60000-0x00007FFEDBC91000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2856-69-0x00007FFEDBB60000-0x00007FFEDBC92000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2856-68-0x000002CE76910000-0x000002CE76917000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3140-83-0x0000020E4ECE0000-0x0000020E4ECE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3140-86-0x00007FFEDBB60000-0x00007FFEDBC92000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-30-0x0000000001420000-0x0000000001427000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3452-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-24-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-29-0x00007FFEE86BA000-0x00007FFEE86BB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3452-36-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-34-0x00007FFEEA0D0000-0x00007FFEEA0E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3452-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-6-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-4-0x00000000014F0000-0x00000000014F1000-memory.dmp

          Filesize

          4KB

          Download