Overview

overview

10

Static

static

3

2b619456f2...18.dll

windows7-x64

10

2b619456f2...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28-07-2024 23:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b619456f28686f6e8a7626fe7b24a57_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    2b619456f28686f6e8a7626fe7b24a57

  • SHA1

    64bf0dee2bbe9994547303b29d6725536ccf6b04

  • SHA256

    501fed924342c7023015068c2dc4317c7f23a301ac6d62442880dfa0afda68d6

  • SHA512

    92a1882ff972e34da28be4e115ab349ae9cf85519266a26def634d0eade600d2fb900dabd494956ab620aa0ec056fc58b07f0bfa509e373888655a1d801a14aa

  • SSDEEP

    24576:WuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:W9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b619456f28686f6e8a7626fe7b24a57_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:696
  • C:\Windows\system32\msconfig.exe
    C:\Windows\system32\msconfig.exe
    1⤵
      PID:2688
    • C:\Users\Admin\AppData\Local\Q8IwYWlb\msconfig.exe
      C:\Users\Admin\AppData\Local\Q8IwYWlb\msconfig.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2152
    • C:\Windows\system32\ddodiag.exe
      C:\Windows\system32\ddodiag.exe
      1⤵
        PID:2692
      • C:\Users\Admin\AppData\Local\rsuVZO\ddodiag.exe
        C:\Users\Admin\AppData\Local\rsuVZO\ddodiag.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2104
      • C:\Windows\system32\RDVGHelper.exe
        C:\Windows\system32\RDVGHelper.exe
        1⤵
          PID:2820
        • C:\Users\Admin\AppData\Local\kWFW\RDVGHelper.exe
          C:\Users\Admin\AppData\Local\kWFW\RDVGHelper.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2936

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Q8IwYWlb\MFC42u.dll
          Filesize

          1.2MB

          MD5

          252edba070754930bab03f3d52be8e99

          SHA1

          1bab0af5bd791564f4745edc08375a64471b8c7a

          SHA256

          d77a9340a7f9c4ef5f7c38653f19a497f54e4eb47d78638062adbff8e7ece29c

          SHA512

          fcbdb639adc73ce4baf306ac2c2377a38337782237e5c289603c6dc19cb698799035efe44e28b3084b86407b9a6aac6049aab995c88f4d0537697fdb9aa008b0

          Download Submit

        • C:\Users\Admin\AppData\Local\kWFW\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          82071f6e0361fe3c8fec4429bf817441

          SHA1

          5533b003fa402c82b8f6f950c372de3a6a54526a

          SHA256

          6975542af935b1ca94e86094642264dc1c5bb631eb2369ebf88e57557a8332eb

          SHA512

          ab3d15e22ae42468ad678a7bac1665b0e0efd8f01ec8a2e8d6838001a9484d0d22bed0a181376e05a2a347b126ceda8f96a026eb49fc134f7299a0013fb579a0

          Download Submit

        • C:\Users\Admin\AppData\Local\rsuVZO\XmlLite.dll
          Filesize

          1.2MB

          MD5

          baad782146048e6a6938527bcc3933b0

          SHA1

          6fcd5ae25553fc9272cacc266899b3ea89c320ee

          SHA256

          3e587375f8a883ea88878e986cc4ed143f89775ecc969342ffe1459eda89ffa2

          SHA512

          2a385910c61a57317a23c9bbf920b36ddd793542f85e6d485888f4ac76cdb469f2470a7fddadada13938aa46a4fc5f3a5e82761f69f214e7d64cc2afeb6a82c5

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ngqpewzrrtyksiv.lnk
          Filesize

          1KB

          MD5

          022f1546dd9d16e5a2b752114d37b463

          SHA1

          5f9e9752759786077d4b24178a62d9a3753fb4cb

          SHA256

          0ff3ebab0b8def8500de4032f42b6918776ae8848b1981dd67bc56ce0491bdd9

          SHA512

          e4fe3c075cd3bdb832291cdf9fffc7e17cbd021945d8b6abe53a57725d3adcbb97da9088601e84caafdae092760079af9b71f859bfc8e6e6595ad3c2d52c791c

          Download Submit

        • \Users\Admin\AppData\Local\Q8IwYWlb\msconfig.exe
          Filesize

          293KB

          MD5

          e19d102baf266f34592f7c742fbfa886

          SHA1

          c9c9c45b7e97bb7a180064d0a1962429f015686d

          SHA256

          f3c8bb430f9c33e6caf06aaebde17b7fddcc55e8bb36cec2b9379038f1fca0b1

          SHA512

          1b9f1880dd3c26ae790b8eead641e73264f90dc7aa2645acc530aad20ad9d247db613e1725282c85bca98c4428ac255752a4f5c9b2a97f90908b7fe4167bb283

          Download Submit

        • \Users\Admin\AppData\Local\kWFW\RDVGHelper.exe
          Filesize

          93KB

          MD5

          53fda4af81e7c4895357a50e848b7cfe

          SHA1

          01fb2d0210f1c47aaf684e31a9fb78f89bba9c0f

          SHA256

          62ab8c2c5b5bd84fd07e96b6a3b87a4ea56946107ed9b7f8076580ae1fefd038

          SHA512

          dbbda90a57d27160c5a3a5e4e94cfc43b1663fcbfe424fdec851e52356f61492bdcf677c46be8aa4e8ccc8be7c389b6aa7bbbce8447e1fae32f03e5e409f4051

          Download Submit

        • \Users\Admin\AppData\Local\rsuVZO\ddodiag.exe
          Filesize

          42KB

          MD5

          509f9513ca16ba2f2047f5227a05d1a8

          SHA1

          fe8d63259cb9afa17da7b7b8ede4e75081071b1a

          SHA256

          ddf48c333e45c56c9e3f16e492c023bf138629f4c093b8aaab8ea60310c8c96e

          SHA512

          ad3168767e5eba575ae766e1e2923b1db4571bbeb302d7c58e8023612e33913dcd9e5f4a4c1bc7b1556442a0807117066f17c62b38fe2ae0dfaa3817b7318862

          Download Submit

        • memory/696-42-0x000007FEF5B20000-0x000007FEF5C51000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/696-0-0x000007FEF5B20000-0x000007FEF5C51000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/696-3-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1200-29-0x0000000076EF1000-0x0000000076EF2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-34-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-33-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-26-0x0000000002B00000-0x0000000002B07000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1200-30-0x0000000077080000-0x0000000077082000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-4-0x0000000076CE6000-0x0000000076CE7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-5-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-18-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-71-0x0000000076CE6000-0x0000000076CE7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2104-75-0x000007FEF5B20000-0x000007FEF5C52000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2104-72-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2104-68-0x000007FEF5B20000-0x000007FEF5C52000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2152-56-0x000007FEF6620000-0x000007FEF6758000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2152-51-0x000007FEF6620000-0x000007FEF6758000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2152-50-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2936-92-0x000007FEF5B20000-0x000007FEF5C52000-memory.dmp

          Filesize

          1.2MB

          Download