Overview

overview

10

Static

static

3

15410936b4...18.dll

windows7-x64

10

15410936b4...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28-07-2024 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15410936b47cef7dec131527c79b6f17_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    15410936b47cef7dec131527c79b6f17

  • SHA1

    34f01700b66c8e13d358c5ef4d93a3b15a7a0cb1

  • SHA256

    5267301c0c47dcaaa430b438ee7498235950f67cbcb1042dc0a69a9912a736ee

  • SHA512

    13116d07c0e0aacff8ac9358b1e634f81ae0b8101c49b25f2a66b2cac4b672eb0c8d5238ca7d8df50fc159d839dd33f16e7887fc1f6b0fef6f02365f2a20bf3e

  • SSDEEP

    24576:muYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:G9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\15410936b47cef7dec131527c79b6f17_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2112
  • C:\Windows\system32\isoburn.exe
    C:\Windows\system32\isoburn.exe
    1⤵
      PID:2924
    • C:\Users\Admin\AppData\Local\1Jyg6bwN\isoburn.exe
      C:\Users\Admin\AppData\Local\1Jyg6bwN\isoburn.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2768
    • C:\Windows\system32\raserver.exe
      C:\Windows\system32\raserver.exe
      1⤵
        PID:2308
      • C:\Users\Admin\AppData\Local\x82iW2rl\raserver.exe
        C:\Users\Admin\AppData\Local\x82iW2rl\raserver.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1752
      • C:\Windows\system32\rdpclip.exe
        C:\Windows\system32\rdpclip.exe
        1⤵
          PID:2704
        • C:\Users\Admin\AppData\Local\i1cf5I\rdpclip.exe
          C:\Users\Admin\AppData\Local\i1cf5I\rdpclip.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2948

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\1Jyg6bwN\UxTheme.dll
          Filesize

          1.2MB

          MD5

          ecad7e776faa522be7c6e446e08e14e0

          SHA1

          af8d568e36e0fb738bf437b8316b4d842d0b09f4

          SHA256

          224aaf4b70b690268a7e4b218eb531c8524517fc9f0961c585d23567abbe73ba

          SHA512

          a8a70124549f8bdc8bb8db4a2e9f36f47235e19ea0723d9ae2faee07882e653e5f02509e3377fb02fd67780b255dfc844b22c6f38d1e92f4e98ae7fdd13a6de5

          Download Submit

        • C:\Users\Admin\AppData\Local\1Jyg6bwN\isoburn.exe
          Filesize

          89KB

          MD5

          f8051f06e1c4aa3f2efe4402af5919b1

          SHA1

          bbcf3711501dfb22b04b1a6f356d95a6d5998790

          SHA256

          50dcb4be409f50d26c0fc32dd9cdbf96bff4e19bf624221cb566ebeb3e09ce1a

          SHA512

          5f664d937abe4426ee7e0d8491a395f9ef4ffe7a51dba05b54b7ba27e80c9be37833400911c5878d3dec659f4fa1579ec8ba4cfc485fb2ce24dd37c321006daa

          Download Submit

        • C:\Users\Admin\AppData\Local\i1cf5I\WINSTA.dll
          Filesize

          1.2MB

          MD5

          f2d654f74a8341361c74109bfcfc35e2

          SHA1

          eda74d158a9d93b485af153a469bf768ce8d19bd

          SHA256

          06a6d977096d94e8cdb9d74a52dbbe4d1e344c269bc4a566dc04db244970bf31

          SHA512

          70418a6957a9f7bafd55889f1f4ddb9b7ddf2e720e38064712958b85b3a3ceae1f6a119f7ecfff862810d47af0aab6f6bfc534dda2bc30b0ab857f6f3a42b148

          Download Submit

        • C:\Users\Admin\AppData\Local\i1cf5I\rdpclip.exe
          Filesize

          206KB

          MD5

          25d284eb2f12254c001afe9a82575a81

          SHA1

          cf131801fdd5ec92278f9e0ae62050e31c6670a5

          SHA256

          837e0d864c474956c0d9d4e7ae5f884007f19b7f420db9afcf0d266aefa6608b

          SHA512

          7b4f208fa1681a0a139577ebc974e7acfc85e3c906a674e111223783460585eb989cb6b38f215d79f89e747a0e9224d90e1aa43e091d2042edb8bac7b27b968b

          Download Submit

        • C:\Users\Admin\AppData\Local\x82iW2rl\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          97b8039357aff4d62376312ba45aceab

          SHA1

          7e28bbb8d56cdb82c60c34648e59c4f9f86c26a7

          SHA256

          cdc3a684f646d516ab9ccc922f9d6365241a90cfef97f0934fed3f74e33469b0

          SHA512

          0b26e0af3407bd9287f554bb3d73e540ea693f0f587ec52da8193b266b9b67c3669d5586d902f9478c90a415469a5816fe61426e3bfb8eb047dd76c92c62a9d5

          Download Submit

        • C:\Users\Admin\AppData\Local\x82iW2rl\raserver.exe
          Filesize

          123KB

          MD5

          cd0bc0b6b8d219808aea3ecd4e889b19

          SHA1

          9f8f4071ce2484008e36fdfd963378f4ebad703f

          SHA256

          16abc530c0367df1ad631f09e14c565cf99561949aa14acc533cd54bf8a5e22c

          SHA512

          84291ea3fafb38ef96817d5fe4a972475ef8ea24a4353568029e892fa8e15cf8e8f6ef4ff567813cd3b38092f0db4577d9dccb22be755eebdd4f77e623dc80ac

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dzyzbjcaevupvd.lnk
          Filesize

          1KB

          MD5

          f20b27fb133d54bfea9e766ce6e25d82

          SHA1

          e3035626775029e933b3e403b832b9503bba69d1

          SHA256

          8a2ad7886b41d57f354e352fbc49fb92c83f62bab0de5c4ad08e3816907c39fe

          SHA512

          fe060f7d0c38d8ed4bc47a32ee4b3f40c87ea5f5cbdc20a2bd7bbb6cb1aa9d910476f2dc3be78727c689fbca42ab99f1ffb43424f2354a83054b67d630862b2a

          Download Submit

        • memory/1212-31-0x0000000077890000-0x0000000077892000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1212-24-0x00000000025E0000-0x00000000025E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1212-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-26-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-27-0x0000000077701000-0x0000000077702000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-4-0x00000000774F6000-0x00000000774F7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-5-0x0000000002E00000-0x0000000002E01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-65-0x00000000774F6000-0x00000000774F7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1752-73-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1752-74-0x000007FEF65A0000-0x000007FEF66D2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1752-79-0x000007FEF65A0000-0x000007FEF66D2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2112-46-0x000007FEF65A0000-0x000007FEF66D1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2112-0-0x000007FEF65A0000-0x000007FEF66D1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2112-3-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2768-60-0x000007FEF6E10000-0x000007FEF6F42000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2768-57-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2768-54-0x000007FEF6E10000-0x000007FEF6F42000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2948-91-0x000007FEF65A0000-0x000007FEF66D3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2948-97-0x000007FEF65A0000-0x000007FEF66D3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2948-94-0x00000000000A0000-0x00000000000A7000-memory.dmp

          Filesize

          28KB

          Download