Overview

overview

10

Static

static

3

07a9c9069f...18.dll

windows7-x64

10

07a9c9069f...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28-07-2024 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07a9c9069fed354bde90b7a3483fe350_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    07a9c9069fed354bde90b7a3483fe350

  • SHA1

    859af6f560ebc2bf44d5c61c517dfa89141c924b

  • SHA256

    7e33cdea0bbc985977bc213b140f31ca542a35ed3d3b2f7d69bf52d691776039

  • SHA512

    5cb95b1b195b0594f34c1736036498457ad1eb2ee772d415dc14461ed92c0dfb801e012da9a4f758085e5cdbe1cc8c89f20aa6ed4c5147b3fd2384de013be885

  • SSDEEP

    24576:muYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:G9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\07a9c9069fed354bde90b7a3483fe350_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2256
  • C:\Windows\system32\RDVGHelper.exe
    C:\Windows\system32\RDVGHelper.exe
    1⤵
      PID:2132
    • C:\Users\Admin\AppData\Local\jPrnwnpMr\RDVGHelper.exe
      C:\Users\Admin\AppData\Local\jPrnwnpMr\RDVGHelper.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2916
    • C:\Windows\system32\rdpclip.exe
      C:\Windows\system32\rdpclip.exe
      1⤵
        PID:700
      • C:\Users\Admin\AppData\Local\UWKCdY1\rdpclip.exe
        C:\Users\Admin\AppData\Local\UWKCdY1\rdpclip.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2264
      • C:\Windows\system32\dialer.exe
        C:\Windows\system32\dialer.exe
        1⤵
          PID:832
        • C:\Users\Admin\AppData\Local\gbllp\dialer.exe
          C:\Users\Admin\AppData\Local\gbllp\dialer.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1708

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\UWKCdY1\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          646eba96beb928fa9fcf0a4a09f6e5e5

          SHA1

          f273426823e7220194bacee6055a37fe9ac112ab

          SHA256

          1b06c44bdcbb8023c562eedc7bda0ab3d75cf01bed53a20eb8dc08105c05b65d

          SHA512

          9ed6d115034845c79228b46e9fbbd174e80c0468e59e0877e3331b56b234462ca574d76ded9f3a5bfe7dccd17fdb8daefd8260ec123840fcf819409b1f0ff99a

          Download Submit

        • C:\Users\Admin\AppData\Local\gbllp\TAPI32.dll
          Filesize

          1.2MB

          MD5

          8ba209d62cc5ceb6e6a4ccb9369ebb09

          SHA1

          55e8f8497bac787da09a62b017dbea2ff5472bbc

          SHA256

          6615227fa783acd1ad3c7e6137da09fb7a0cfaaf6c6fbbafa70a159a46ee6acd

          SHA512

          b92e75740eeb9b2a3eabfeec1acbe9e3f7d3b3b86f4b81c5817d2cd3fccf1a6322b78fd8e3b8fa8854c7e0fdd3be99403de10c9a4ecabd3ebf63f6a3c196404e

          Download Submit

        • C:\Users\Admin\AppData\Local\jPrnwnpMr\dwmapi.dll
          Filesize

          1.2MB

          MD5

          27093b62cb6041c77bf11303464033df

          SHA1

          82406bda2e513cd84f848409e59d5728acbf6679

          SHA256

          9ce7d101b44878fa61c22e380db001aac8beff5845d8a3bfeed8cfc347cd636d

          SHA512

          be0476cf668069713581dc90c8548c4e91428cbf99ecceb2ec35cd0b303c419b69182113cf783655dba3006ab82d1ffb67a7e5b408f16eda2e7279860f1a74c0

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rinzzkcfiw.lnk
          Filesize

          1KB

          MD5

          53d22ba798fe7bdb99d22bde7df74e6f

          SHA1

          86f07e3e7628494769ee0d88febe26d64d690725

          SHA256

          66eaf6084537619e8d8f5b7578d2eda6abca626b669358d16b1da3c33d61733a

          SHA512

          8bd723813cfe5a2622d5b747f839996012933b2f76a488c38caed22f3a3517425db59ac9445734601aec0601185921eb1400193a4db2ca1039adff974d30f815

          Download Submit

        • \Users\Admin\AppData\Local\UWKCdY1\rdpclip.exe
          Filesize

          206KB

          MD5

          25d284eb2f12254c001afe9a82575a81

          SHA1

          cf131801fdd5ec92278f9e0ae62050e31c6670a5

          SHA256

          837e0d864c474956c0d9d4e7ae5f884007f19b7f420db9afcf0d266aefa6608b

          SHA512

          7b4f208fa1681a0a139577ebc974e7acfc85e3c906a674e111223783460585eb989cb6b38f215d79f89e747a0e9224d90e1aa43e091d2042edb8bac7b27b968b

          Download Submit

        • \Users\Admin\AppData\Local\gbllp\dialer.exe
          Filesize

          34KB

          MD5

          46523e17ee0f6837746924eda7e9bac9

          SHA1

          d6b2a9cc6bd3588fa9804ada5197afda6a9e034b

          SHA256

          23d8a6a1d847a324c556c30e10c8f63c2004aeb42ac3f5a5ca362077f1517382

          SHA512

          c7117c3778650864e685bd89df599d7cdd9319d757344ddc7cfd9403d6673964127f6ff0c5ac48455fd3097af31a6ff09173f85dfa7be2d25f395cdf3692bb9a

          Download Submit

        • \Users\Admin\AppData\Local\jPrnwnpMr\RDVGHelper.exe
          Filesize

          93KB

          MD5

          53fda4af81e7c4895357a50e848b7cfe

          SHA1

          01fb2d0210f1c47aaf684e31a9fb78f89bba9c0f

          SHA256

          62ab8c2c5b5bd84fd07e96b6a3b87a4ea56946107ed9b7f8076580ae1fefd038

          SHA512

          dbbda90a57d27160c5a3a5e4e94cfc43b1663fcbfe424fdec851e52356f61492bdcf677c46be8aa4e8ccc8be7c389b6aa7bbbce8447e1fae32f03e5e409f4051

          Download Submit

        • memory/1392-29-0x0000000076D41000-0x0000000076D42000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1392-26-0x0000000002260000-0x0000000002267000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1392-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-30-0x0000000076ED0000-0x0000000076ED2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1392-4-0x0000000076C36000-0x0000000076C37000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1392-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-5-0x0000000002A20000-0x0000000002A21000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1392-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1392-65-0x0000000076C36000-0x0000000076C37000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1708-91-0x000007FEF7120000-0x000007FEF7253000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1708-96-0x000007FEF7120000-0x000007FEF7253000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2256-46-0x000007FEF7120000-0x000007FEF7251000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2256-3-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2256-0-0x000007FEF7120000-0x000007FEF7251000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2264-73-0x0000000000080000-0x0000000000087000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2264-74-0x000007FEF7120000-0x000007FEF7252000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2264-79-0x000007FEF7120000-0x000007FEF7252000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2916-60-0x000007FEFA980000-0x000007FEFAAB2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2916-54-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2916-55-0x000007FEFA980000-0x000007FEFAAB2000-memory.dmp

          Filesize

          1.2MB

          Download