Overview

overview

10

Static

static

3

09e345e038...18.dll

windows7-x64

10

09e345e038...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-07-2024 04:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09e345e03852dce614f9eca73b61b1a1_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    09e345e03852dce614f9eca73b61b1a1

  • SHA1

    2aa0419cefd28af7e97a89d912ba3c4375897881

  • SHA256

    394fcd54556c7c74118515fe23a2b666ea648ad9ee152a82fa8eefa200ccf4a6

  • SHA512

    65b8f72e0d80f61882a384d50d4ce7698c5a04d39986449c6b064bbd06baa68a370211a1ca1c2aff235c8597cfbcd9a6b6b011e7833806d48616e30b3a7d1ecc

  • SSDEEP

    24576:LuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:V9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\09e345e03852dce614f9eca73b61b1a1_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4796
  • C:\Windows\system32\Utilman.exe
    C:\Windows\system32\Utilman.exe
    1⤵
      PID:4080
    • C:\Users\Admin\AppData\Local\P5IO9\Utilman.exe
      C:\Users\Admin\AppData\Local\P5IO9\Utilman.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4600
    • C:\Windows\system32\PasswordOnWakeSettingFlyout.exe
      C:\Windows\system32\PasswordOnWakeSettingFlyout.exe
      1⤵
        PID:3756
      • C:\Users\Admin\AppData\Local\4jWT\PasswordOnWakeSettingFlyout.exe
        C:\Users\Admin\AppData\Local\4jWT\PasswordOnWakeSettingFlyout.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1016
      • C:\Windows\system32\consent.exe
        C:\Windows\system32\consent.exe
        1⤵
          PID:2704
        • C:\Users\Admin\AppData\Local\K23v\consent.exe
          C:\Users\Admin\AppData\Local\K23v\consent.exe
          1⤵
          • Executes dropped EXE
          PID:3952
        • C:\Windows\system32\sdclt.exe
          C:\Windows\system32\sdclt.exe
          1⤵
            PID:3464
          • C:\Users\Admin\AppData\Local\l0u3m0xFU\sdclt.exe
            C:\Users\Admin\AppData\Local\l0u3m0xFU\sdclt.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:3228

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\4jWT\PasswordOnWakeSettingFlyout.exe
            Filesize

            44KB

            MD5

            591a98c65f624c52882c2b238d6cd4c4

            SHA1

            c960d08c19d777069cf265dcc281807fbd8502d7

            SHA256

            5e6ed524c955fb1ea3e24f132987143da3ec81db5041a0edcfa7bf3ac790eb06

            SHA512

            1999f23c90d85857461f8ddc5342470296f6939a654ac015780c2977f293c1f799fc992462f3d4d9181c97ab960db3291b85ea7c0537edcb57755706b20b6074

            Download Submit

          • C:\Users\Admin\AppData\Local\4jWT\UxTheme.dll
            Filesize

            1.2MB

            MD5

            7f674b1a8d325e2376d7ef833bea2a27

            SHA1

            3c065915a4f28ef155dbb25ac46faaa5efd0e698

            SHA256

            bc96897f8dd8729e13bb650878c215a35ea6fc09609749b7241390cc3d73cf1f

            SHA512

            0fa201937dee38b1956d46ce2b29b7108edc88a392e6534d22405f91ef9210bebf2f26835077c34a71c8a37aafc23499f66354936a0d618ef2d1a016e82b7d83

            Download Submit

          • C:\Users\Admin\AppData\Local\K23v\consent.exe
            Filesize

            162KB

            MD5

            6646631ce4ad7128762352da81f3b030

            SHA1

            1095bd4b63360fc2968d75622aa745e5523428ab

            SHA256

            56b2d516376328129132b815e22379ae8e7176825f059c9374a33cc844482e64

            SHA512

            1c00ed5d8568f6ebd119524b61573cfe71ca828bd8fbdd150158ec8b5db65fa066908d120d201fce6222707bcb78e0c1151b82fdc1dccf3ada867cb810feb6da

            Download Submit

          • C:\Users\Admin\AppData\Local\P5IO9\DUI70.dll
            Filesize

            1.4MB

            MD5

            38ff8d26142827a1a3dcad18ea46c82e

            SHA1

            946c757cd8c370506ac8624e2e6fc239666e4c16

            SHA256

            1a6a9fc9e4216eb43453512ea07251e259ea5a2ea768be398b2a6304f7d439bc

            SHA512

            31cbd6fb86f7ea6cdd0d7d89850b34146b9dc86caa97185ba1c81e6607424cf6be81e2b5654cfdddd8ec49760e1d01a6a62cc72112ad8a56cc8ba1b8f213e3ab

            Download Submit

          • C:\Users\Admin\AppData\Local\P5IO9\Utilman.exe
            Filesize

            123KB

            MD5

            a117edc0e74ab4770acf7f7e86e573f7

            SHA1

            5ceffb1a5e05e52aafcbc2d44e1e8445440706f3

            SHA256

            b5bc4fce58403ea554691db678e6c8c448310fe59990990f0e37cd4357567d37

            SHA512

            72883f794ff585fe7e86e818d4d8c54fa9781cab6c3fac6f6956f58a016a91f676e70d14691cbe054ae7b7469c6b4783152fbb694e92b940d9e3595fe3f41d97

            Download Submit

          • C:\Users\Admin\AppData\Local\l0u3m0xFU\sdclt.exe
            Filesize

            1.2MB

            MD5

            e09d48f225e7abcab14ebd3b8a9668ec

            SHA1

            1c5b9322b51c09a407d182df481609f7cb8c425d

            SHA256

            efd238ea79b93d07852d39052f1411618c36e7597e8af0966c4a3223f0021dc3

            SHA512

            384d606b90c4803e5144b4de24edc537cb22dd59336a18a58d229500ed36aec92c8467cae6d3f326647bd044d8074931da553c7809727fb70227e99c257df0b4

            Download Submit

          • C:\Users\Admin\AppData\Local\l0u3m0xFU\wer.dll
            Filesize

            1.2MB

            MD5

            e1be98e43e1b6fcb86b6d75adc8b11e2

            SHA1

            4140051f6a74268809795be3d796fcb5f385a6fa

            SHA256

            da2b60db53b8812161cd9cf438469fafa3c9db348dba14d20e5244ea74e7a450

            SHA512

            7128c97d8caed9e6e1b8ec276b17f00db319127b1fb5f0a808e15231f4d2e5f7ed6fd52e9c738af8d5f553a72e373830e03abfb9808d96ea140b676ebdedf013

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Swgfzbi.lnk
            Filesize

            1KB

            MD5

            5db39f3f73e3ada433c7b22e6ff982b5

            SHA1

            2cd5d7782e61982d79df81fb65f61397d5e12709

            SHA256

            9497eb456d50d449b17681c55e5aa613afe9f759d002c6517a9c94f19b4ac324

            SHA512

            85557d3593c89cd754c1d221e8920cfecaa320e1191ddf20a98d7c0b375a78f7aae082b374ad2e6270d5974ee90c72d98c1faa30cf9c7188c3f21712ad86a02b

            Download Submit

          • memory/1016-62-0x00007FFC162C0000-0x00007FFC163F1000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1016-68-0x00007FFC162C0000-0x00007FFC163F1000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1016-65-0x000001DD19A20000-0x000001DD19A27000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3228-87-0x00007FFC162C0000-0x00007FFC163F2000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3228-92-0x00007FFC162C0000-0x00007FFC163F2000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-32-0x00007FFC2452A000-0x00007FFC2452B000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3548-12-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-8-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-7-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-36-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-4-0x0000000002060000-0x0000000002061000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3548-10-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-11-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-6-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-13-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-23-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-9-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-14-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-15-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3548-34-0x00007FFC24630000-0x00007FFC24640000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3548-33-0x0000000001E80000-0x0000000001E87000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4600-51-0x00007FFC16280000-0x00007FFC163F6000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/4600-45-0x00007FFC16280000-0x00007FFC163F6000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/4600-48-0x0000025F18CE0000-0x0000025F18CE7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4796-0-0x000002446CD90000-0x000002446CD97000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4796-38-0x00007FFC162D0000-0x00007FFC16400000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4796-1-0x00007FFC162D0000-0x00007FFC16400000-memory.dmp

            Filesize

            1.2MB

            Download