Overview

overview

10

Static

static

3

14bd37f5d3...18.dll

windows7-x64

10

14bd37f5d3...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-07-2024 10:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14bd37f5d3223dc8f0020dbbadbb42b7_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    14bd37f5d3223dc8f0020dbbadbb42b7

  • SHA1

    5a2c292ed148afccce224275633d56e602cc458a

  • SHA256

    9da5bd994dc18b71c846a1f0b17dcd2c12e40210966e5d8ea4b7fa22b2da8cb1

  • SHA512

    b8d3dd1404cf153dc70ff13c4a308e288997991df2912e1261c69c006ab4d63143989922366d20eed846482de5d6a6209b6b3b2fe25e7ab3cdce85b48c406282

  • SSDEEP

    24576:CuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:K9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\14bd37f5d3223dc8f0020dbbadbb42b7_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1264
  • C:\Windows\system32\tabcal.exe
    C:\Windows\system32\tabcal.exe
    1⤵
      PID:3408
    • C:\Users\Admin\AppData\Local\GUXwv\tabcal.exe
      C:\Users\Admin\AppData\Local\GUXwv\tabcal.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2052
    • C:\Windows\system32\msdt.exe
      C:\Windows\system32\msdt.exe
      1⤵
        PID:1660
      • C:\Users\Admin\AppData\Local\wAxl9md\msdt.exe
        C:\Users\Admin\AppData\Local\wAxl9md\msdt.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1884
      • C:\Windows\system32\SystemPropertiesPerformance.exe
        C:\Windows\system32\SystemPropertiesPerformance.exe
        1⤵
          PID:2436
        • C:\Users\Admin\AppData\Local\oN72Ffsj\SystemPropertiesPerformance.exe
          C:\Users\Admin\AppData\Local\oN72Ffsj\SystemPropertiesPerformance.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1488

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\GUXwv\HID.DLL
          Filesize

          1.2MB

          MD5

          822c39bad244dac51a68745e0d084af2

          SHA1

          04e26d4470dfb85a2b44a613c4a5a7427ba99a2c

          SHA256

          66ddfb58f48fbd31f8b92b98f4a7dde6e08ed95ea36625511fca30eb03b53d03

          SHA512

          c2c62525cbe59f3844bd700c31cf1747e26065faebdddcb6f2d9da42e997fce295a5bee1023fff51e51c063ab9122f9309de80d8a11c03ce9945364adfa87086

          Download Submit

        • C:\Users\Admin\AppData\Local\GUXwv\tabcal.exe
          Filesize

          84KB

          MD5

          40f4014416ff0cbf92a9509f67a69754

          SHA1

          1798ff7324724a32c810e2075b11c09b41e4fede

          SHA256

          f31b4c751dbca276446119ba775787c3eb032da72eabcd40ad96a55826a3f33c

          SHA512

          646dfe4cfe90d068c3da4c35f7053bb0f57687875a0f3469c0683e707306e6a42b0baca3e944d78f9be5c564bb0600202c32c223a770f89d3e2b07a24673c259

          Download Submit

        • C:\Users\Admin\AppData\Local\oN72Ffsj\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          285589d8652ad73557c5cdf4fd8705a7

          SHA1

          9a8609291464bd8fe8914c67d828fa6533f744b7

          SHA256

          ffece3dbe86534cba97e56c97d5ebaef6b9eacb10a032814b53f85efa27d1cb6

          SHA512

          349ba59964ecf3bca510af8a665d4185c6f55ff07a81e58447f405ea889ddacca8bf580e8d1534a4e2e621ecc1024a72b81bbb5bacebee38ae436c0aafa1c5bb

          Download Submit

        • C:\Users\Admin\AppData\Local\oN72Ffsj\SystemPropertiesPerformance.exe
          Filesize

          82KB

          MD5

          e4fbf7cab8669c7c9cef92205d2f2ffc

          SHA1

          adbfa782b7998720fa85678cc85863b961975e28

          SHA256

          b266318d45a4245556a2e39b763f2f11eca780969105f6f103e53dd0a492bb30

          SHA512

          c5c62578d04133352d6cb7b018df96a7b55c18d6111ab8bf2bfe232a3315a63b07047fa5b0b88551d152085776c66169b47566242c8c4c5e0333c55adc64e1b6

          Download Submit

        • C:\Users\Admin\AppData\Local\wAxl9md\DUser.dll
          Filesize

          1.2MB

          MD5

          cf0f68e5a30cfd46efa451108677db1f

          SHA1

          48d0dc6962123bdb995d721957733aa560c08e4f

          SHA256

          d005b95c9fd7c5c1617b1c072a51b27e722a3228cc96dcdeda04a2a198d2a375

          SHA512

          a71416a61fc3272fbd60ad2a958c9b1ef75d06c03fe3dbe878ac3b7f5ff725100b878be56d3fe792116c4e4092a7ce2d630a4d4c05c30b3555a3f3a5d90b428e

          Download Submit

        • C:\Users\Admin\AppData\Local\wAxl9md\msdt.exe
          Filesize

          421KB

          MD5

          992c3f0cc8180f2f51156671e027ae75

          SHA1

          942ec8c2ccfcacd75a1cd86cbe8873aee5115e29

          SHA256

          6859d1b5d1beaa2985b298f3fcee67f0aac747687a9dec2b4376585e99e9756f

          SHA512

          1f1b8d39e29274cfc87a9ef1510adb9c530086a421c121523376731c8933c6e234e9146310d3767ce888a8dce7a5713221f4d25e5b7b6398d06ae2be2b99eadf

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Vavjtzlerlz.lnk
          Filesize

          1KB

          MD5

          9de76d0bfcb1bb4569dabe0decfd7344

          SHA1

          8b7cac0fd9bd2b7d0b91ac9cd8aa9c9942ce00cb

          SHA256

          300644c907d3e7fed4df2289a5af5c03fb526e30e286e4e2ddfcfe280ddc9ee3

          SHA512

          45de31539b955b9f96169565fbb898257881f66482d2e6e5e2740a9deec25812ee15d68af812ba570c21fc36ed33b4caed9a678e0abc14b3b414438107845179

          Download Submit

        • memory/1264-3-0x0000000002C50000-0x0000000002C57000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1264-39-0x00007FFACA390000-0x00007FFACA4C1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1264-1-0x00007FFACA390000-0x00007FFACA4C1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1488-82-0x000001AAFF250000-0x000001AAFF257000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1488-88-0x00007FFACA390000-0x00007FFACA4C2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1884-68-0x0000022CF6F90000-0x0000022CF6F97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1884-65-0x00007FFAC5C70000-0x00007FFAC5DA3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1884-71-0x00007FFAC5C70000-0x00007FFAC5DA3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2052-52-0x00007FFACA390000-0x00007FFACA4C2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2052-49-0x000001CFD7650000-0x000001CFD7657000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2052-46-0x00007FFACA390000-0x00007FFACA4C2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-33-0x0000000000DF0000-0x0000000000DF7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3568-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-6-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-32-0x00007FFAD4FCA000-0x00007FFAD4FCB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3568-34-0x00007FFAD5330000-0x00007FFAD5340000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3568-36-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-24-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3568-4-0x0000000002C70000-0x0000000002C71000-memory.dmp

          Filesize

          4KB

          Download