Overview

overview

10

Static

static

3

13e1a42e69...18.dll

windows7-x64

10

13e1a42e69...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-07-2024 10:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13e1a42e69f65bb0ba2b34cf2af03ccc_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    13e1a42e69f65bb0ba2b34cf2af03ccc

  • SHA1

    5c28617b1b763dbf9d0de3c0c5c009b719c6e022

  • SHA256

    ff606bc5ec4c065454914bdb2ea526a8f2dfa2ff635b18124799922cd8f4395d

  • SHA512

    54e2a898132028d76ebd6ad31f85b455a42f15a7ba495add6511266f31ad522806fcc828639b12e3b0dc1a511f917adbddabf675a13cbd9e533312926274c9b4

  • SSDEEP

    24576:buYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:F9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\13e1a42e69f65bb0ba2b34cf2af03ccc_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4788
  • C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\sppsvc.exe
    1⤵
      PID:4796
    • C:\Users\Admin\AppData\Local\OoqkGsHxF\sppsvc.exe
      C:\Users\Admin\AppData\Local\OoqkGsHxF\sppsvc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1928
    • C:\Windows\system32\GamePanel.exe
      C:\Windows\system32\GamePanel.exe
      1⤵
        PID:1920
      • C:\Users\Admin\AppData\Local\SvQT6E\GamePanel.exe
        C:\Users\Admin\AppData\Local\SvQT6E\GamePanel.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1956
      • C:\Windows\system32\CustomShellHost.exe
        C:\Windows\system32\CustomShellHost.exe
        1⤵
          PID:2396
        • C:\Users\Admin\AppData\Local\4MzJD\CustomShellHost.exe
          C:\Users\Admin\AppData\Local\4MzJD\CustomShellHost.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1716

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\4MzJD\CustomShellHost.exe
          Filesize

          835KB

          MD5

          70400e78b71bc8efdd063570428ae531

          SHA1

          cd86ecd008914fdd0389ac2dc00fe92d87746096

          SHA256

          91333f3282a2420359ae9d3adf537688741d21e964f021e2b152ab293447f289

          SHA512

          53005dda237fb23af79f54779c74a09835ad4cad3ca7b9dcec80e3793a60dd262f45b910bef96ab9c8e69d0c6990fea6ca5fee85d7f8425db523ae658372959e

          Download Submit

        • C:\Users\Admin\AppData\Local\4MzJD\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          10b43c2aedd38a2a9addcf191c85558a

          SHA1

          81c60d74d2d5b6222b80cab3cd019525c8da9281

          SHA256

          d66f4c17a5ccc539fc4026aaf28694afe6d4b2830e1736d7304b14455f03c4ca

          SHA512

          4651c8c408158da16fc1dd0b74424f10f61da0d761ee4d412ce3904dd76a20848811c6a30475a2faea137ff2243606ffa0677c1f9aebb34510f4eeac5edff977

          Download Submit

        • C:\Users\Admin\AppData\Local\OoqkGsHxF\XmlLite.dll
          Filesize

          1.2MB

          MD5

          03ac6807e886dfd2f6656b455eb5a88e

          SHA1

          08e17e360d14653e47db77e80a5960a888524252

          SHA256

          bca9aa102f03f52dd89f3ef71ea7b4b0569d66cde24090afeacd5038a984024a

          SHA512

          065d8b87136898810e9a23f961ed268d2b9e49f88ad3bdb0c33cf4b458a134649135290324f35dc24541b2c6630f96dcec3101f2f34e698188ee03aeed430dd3

          Download Submit

        • C:\Users\Admin\AppData\Local\OoqkGsHxF\sppsvc.exe
          Filesize

          4.4MB

          MD5

          ec6cef0a81f167668e18fa32f1606fce

          SHA1

          6d56837a388ae5573a38a439cee16e6dde5b4de8

          SHA256

          82c59a2f606ebf1a8a0de16be150600ac63ad8351c6bf3952c27a70257cb70f8

          SHA512

          f40b37675329ca7875d958b4b0019082548a563ada217c7431c2ca5c7f93957b242f095f7f04bcdd6240b97ea99e89bfe3a003f97c43366d00a93768fef7b4c5

          Download Submit

        • C:\Users\Admin\AppData\Local\SvQT6E\GamePanel.exe
          Filesize

          1.2MB

          MD5

          266f6a62c16f6a889218800762b137be

          SHA1

          31b9bd85a37bf0cbb38a1c30147b83671458fa72

          SHA256

          71f8f11f26f3a7c1498373f20f0f4cc960513d0383fe24906eeb1bc9678beecd

          SHA512

          b21d9b0656ab6bd3b158922722a332f07096ddd4215c802776c5807c9cf6ece40082dd986ea6867bdc8d22878ce035a5c8dfcc26cfae94aeee059701b6bf1e68

          Download Submit

        • C:\Users\Admin\AppData\Local\SvQT6E\dxgi.dll
          Filesize

          1.2MB

          MD5

          ed9f90204a57a0618e805a041dd910ff

          SHA1

          ea6baf5fe4ed6ab51848fa3354516bc2f11f1b69

          SHA256

          3fb8f6dd3850c9a1b3228f147d23dc442e3b5c7ebdbdd15bcf51ebd19110b51a

          SHA512

          656fce7564e135c27f26750a7e815522a745f9738fda757527002cad825a62aada3377f01789d12b2f3805286b589b7114eebc7c9fa4f6f412b00c6e23463769

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Arrotspbllekcvw.lnk
          Filesize

          1KB

          MD5

          40c35ac555bb2e5baf3f4d05c80133a3

          SHA1

          750f2e7f84645b069ca86689f5fcd3a402c3c26f

          SHA256

          b11706c91446479c74f829a0d889f6a136daf1f8d96ca71a740f6a0ce403d7f8

          SHA512

          4993876c2ca74dc240734a1e5e8ed674705a659366d2298b3aeec502e3bbb0a3782a06ed28ee9c2b8e7f81d9ae23c54fbb012d7daed4c4f44a3a66217e929eab

          Download Submit

        • memory/1716-85-0x00007FFB7B7E0000-0x00007FFB7B911000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1928-51-0x00007FFB7B7E0000-0x00007FFB7B911000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1928-45-0x00007FFB7B7E0000-0x00007FFB7B911000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1928-48-0x0000027291470000-0x0000027291477000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1956-66-0x0000013742E90000-0x0000013742E97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1956-69-0x00007FFB7B7E0000-0x00007FFB7B911000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-33-0x0000000000720000-0x0000000000727000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3488-34-0x00007FFB8A150000-0x00007FFB8A160000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3488-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-6-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-4-0x0000000002460000-0x0000000002461000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3488-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-32-0x00007FFB884EA000-0x00007FFB884EB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3488-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-35-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-23-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3488-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4788-0-0x00007FFB7BE70000-0x00007FFB7BFA0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4788-38-0x00007FFB7BE70000-0x00007FFB7BFA0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4788-3-0x000002C873C50000-0x000002C873C57000-memory.dmp

          Filesize

          28KB

          Download