Overview

overview

10

Static

static

3

09561f9e04...18.dll

windows7-x64

10

09561f9e04...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28-07-2024 04:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09561f9e04ac7d209eb43c6d248addec_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    09561f9e04ac7d209eb43c6d248addec

  • SHA1

    cf5149895cda3ad80bd3a57c409a45fa05a54b5f

  • SHA256

    a5b762e5be06060f6bb4be114b38c437bd6bb6715fcbdea55fd0288a4be08cf1

  • SHA512

    ef319881934c57469966ff7a25e09ef32da13a4d385def0d4a12fbcd946d69876fe1f3c8daa2e4c96b4c6eb23ba38bd53377c551c7e5cb3f95111a56340a0051

  • SSDEEP

    24576:luYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NEpt:f9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\09561f9e04ac7d209eb43c6d248addec_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3024
  • C:\Windows\system32\msdt.exe
    C:\Windows\system32\msdt.exe
    1⤵
      PID:2608
    • C:\Users\Admin\AppData\Local\DItvj\msdt.exe
      C:\Users\Admin\AppData\Local\DItvj\msdt.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2652
    • C:\Windows\system32\wscript.exe
      C:\Windows\system32\wscript.exe
      1⤵
        PID:2064
      • C:\Users\Admin\AppData\Local\LXrL\wscript.exe
        C:\Users\Admin\AppData\Local\LXrL\wscript.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1624
      • C:\Windows\system32\slui.exe
        C:\Windows\system32\slui.exe
        1⤵
          PID:2856
        • C:\Users\Admin\AppData\Local\Cvch\slui.exe
          C:\Users\Admin\AppData\Local\Cvch\slui.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2828

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Cvch\slc.dll
          Filesize

          1.2MB

          MD5

          629bb4bcde73b874940c9a7e75fa00fe

          SHA1

          17363e45fd5547eb6a1458b85c86972218a2212d

          SHA256

          61a21d6a129e2d4eae3b534f69803e796fe575f978a49dc991475b623a5c6c02

          SHA512

          48a89f6f7ae6a0f40bc88223ec06a97b476d38fd25be36b4f3bfd2789679cd9c3ec13c2ce63e98d8dac70c0dbbe91b65ed50c0edc3a796e702a9c924173100bc

          Download Submit

        • C:\Users\Admin\AppData\Local\Cvch\slui.exe
          Filesize

          341KB

          MD5

          c5ce5ce799387e82b7698a0ee5544a6d

          SHA1

          ed37fdb169bb539271c117d3e8a5f14fd8df1c0d

          SHA256

          34aa7ca0ea833263a6883827e161a5c218576c5ad97e0ce386fad4250676b42c

          SHA512

          79453b45e1f38d164ee3dbc232f774ff121d4394c22783140f5c8c722f184a69f499f2fb9621bdb28f565065b791883526e1a1d4abef9df82289613c2ce97a5c

          Download Submit

        • C:\Users\Admin\AppData\Local\DItvj\DUser.dll
          Filesize

          1.2MB

          MD5

          89c2963db80fe6475fc03ea2fde87670

          SHA1

          15745cb25ac69af340a5393bb337632716a04f1c

          SHA256

          55b71c238f4bed1e908fd9ab4cac14b71aa0dabbba7c2158635f27bdf44b36e1

          SHA512

          e2e28a400500f101ebf167e679dc280d38d9250f33f8afebc0d8a89f742313532a92797ca45572c5a9eef319a75e5c56908faeb80035e1707271364f1a072752

          Download Submit

        • C:\Users\Admin\AppData\Local\LXrL\VERSION.dll
          Filesize

          1.2MB

          MD5

          d19e42ac5af1a801bacbaec8c0784eda

          SHA1

          c871ee80b8f21215300e173fb5436957c13573b2

          SHA256

          9c2013df428b585f1ecbf878d229a0565ef05a3508a907f141f5ef6fbbbc5db4

          SHA512

          f0f0f98b65528a92ebb9490b491f0274a955f7387e9799ac6cc340cc2e8f1434a3eedd99765242134bc14646543ee2bbb44afeecccd208f29fc593f7b63438eb

          Download Submit

        • C:\Users\Admin\AppData\Local\LXrL\wscript.exe
          Filesize

          165KB

          MD5

          8886e0697b0a93c521f99099ef643450

          SHA1

          851bd390bf559e702b8323062dbeb251d9f2f6f7

          SHA256

          d73f7ee4e6e992a618d02580bdbf4fd6ba7c683d110928001092f4073341e95f

          SHA512

          fc4a176f49a69c5600c427af72d3d274cfeacef48612b18cda966c3b4dda0b9d59c0fe8114d5ed8e0fec780744346e2cd503d1fd15c0c908908d067214b9d837

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Filabyuswgwl.lnk
          Filesize

          1KB

          MD5

          14c343fb6fe952e9feee4800d123b30c

          SHA1

          419de9cbc04c42ec611a54eb51c9084bb6672225

          SHA256

          e50a742049069a36de96c614b9950fab33e991f75178cde5231e6dba77d739de

          SHA512

          10f0efbafd27b50d63543fecc607a0865f3002ee5985adff0f4f6f136e5184f3e28459cd341312bc2afc69e8d983955228c129e40b0f7ae89150eb8894c874c2

          Download Submit

        • \Users\Admin\AppData\Local\DItvj\msdt.exe
          Filesize

          1.0MB

          MD5

          aecb7b09566b1f83f61d5a4b44ae9c7e

          SHA1

          3a4a2338c6b5ac833dc87497e04fe89c5481e289

          SHA256

          fbdbe7a2027cab237c4635ef71c1a93cf7afc4b79d56b63a119b7f8e3029ccf5

          SHA512

          6e14200262e0729ebcab2226c3eac729ab5af2a4c6f4f9c3e2950cc203387d9a0a447cf38665c724d4397353931fd10064dc067e043a3579538a6144e33e4746

          Download Submit

        • memory/1192-26-0x00000000779D1000-0x00000000779D2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-5-0x00000000024C0000-0x00000000024C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-4-0x00000000777C6000-0x00000000777C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-25-0x00000000024A0000-0x00000000024A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1192-16-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-38-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-36-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-24-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-27-0x0000000077B60000-0x0000000077B62000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1192-77-0x00000000777C6000-0x00000000777C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1624-74-0x000007FEF6A70000-0x000007FEF6BA1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1624-78-0x0000000000200000-0x0000000000207000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1624-81-0x000007FEF6A70000-0x000007FEF6BA1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2652-59-0x000007FEF7100000-0x000007FEF7231000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2652-54-0x000007FEF7100000-0x000007FEF7231000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2652-53-0x0000000001AD0000-0x0000000001AD7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2828-96-0x00000000002A0000-0x00000000002A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2828-99-0x000007FEF6A70000-0x000007FEF6BA1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3024-45-0x000007FEF6A80000-0x000007FEF6BB0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3024-1-0x000007FEF6A80000-0x000007FEF6BB0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3024-3-0x00000000003A0000-0x00000000003A7000-memory.dmp

          Filesize

          28KB

          Download