Overview

overview

10

Static

static

3

16cc32046e...18.dll

windows7-x64

10

16cc32046e...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    28-07-2024 11:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16cc32046e3f43e3f81212459202d425_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    16cc32046e3f43e3f81212459202d425

  • SHA1

    bc204f585686521d375206fe3e5a2102386b8373

  • SHA256

    2bfc8831b8af3293c743d4ee34b980c80195ce55d33ae89fbc3dabdaf73deef5

  • SHA512

    2288176da59029620b0ab7afb03cd977595d70028d8f704c4ce7ee0593862607ff1fb4c12e4fff079d8e827e1859104ebc4363edfd55d697231722163dcc6aed

  • SSDEEP

    24576:MuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:k9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\16cc32046e3f43e3f81212459202d425_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2500
  • C:\Windows\system32\Netplwiz.exe
    C:\Windows\system32\Netplwiz.exe
    1⤵
      PID:2728
    • C:\Users\Admin\AppData\Local\om7JUBodd\Netplwiz.exe
      C:\Users\Admin\AppData\Local\om7JUBodd\Netplwiz.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2924
    • C:\Windows\system32\sdclt.exe
      C:\Windows\system32\sdclt.exe
      1⤵
        PID:2616
      • C:\Users\Admin\AppData\Local\xQ47v\sdclt.exe
        C:\Users\Admin\AppData\Local\xQ47v\sdclt.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2568
      • C:\Windows\system32\SystemPropertiesAdvanced.exe
        C:\Windows\system32\SystemPropertiesAdvanced.exe
        1⤵
          PID:2060
        • C:\Users\Admin\AppData\Local\ssF\SystemPropertiesAdvanced.exe
          C:\Users\Admin\AppData\Local\ssF\SystemPropertiesAdvanced.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:332

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\om7JUBodd\NETPLWIZ.dll
          Filesize

          1.2MB

          MD5

          d450a62060b1d2c342229e7c8dfeba57

          SHA1

          3bcba82b199ee7896b9d8ad46e220c3b00a59c63

          SHA256

          9fd688d5ca082f09403288ad9b537fca2d90f809f74ea747b3f3ed2f8b5dd521

          SHA512

          97c7d6dff74b01aa0739e349550be5a1ac2feaf22fc8f5a2ff70ae7dde329058f015250fc684ef03b7c212d4db9356caf56110ba86d748aab502e0e24e9bc165

          Download Submit

        • C:\Users\Admin\AppData\Local\ssF\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          d921a7867e0408318e5d3885290e7e1c

          SHA1

          0f5feb39130070113a1fc9a5e3fe478ef34a3256

          SHA256

          ee5d81262ed3dd2c46f5a7e8652d3d425d2d1d0c8078713eff6bf85726d675b5

          SHA512

          6e2a524e1821b8eef1dfe1f0e1c833f00e320260338c5393c858eccde4947217ea873860ba3818dd82a9f9894464105f902090fd658b36dc44f08299458f61bc

          Download Submit

        • C:\Users\Admin\AppData\Local\xQ47v\wer.dll
          Filesize

          1.2MB

          MD5

          eaadb2f4b7a640c1ac5e9268f182fb84

          SHA1

          ee288f85554c56ed2043fe9e188f2c297e281063

          SHA256

          a676fa65f77476ed9e9b996aa410cfb625e23fea978f8fb8940995110676abd1

          SHA512

          3e79a4a444a5dc35ada52b50c6ba13d7a5b958e60c545f28102a12cf1fd858fea44ae11fc222f1e361bf328ee156f34dd784f9350fcc25b0a3203d228893e019

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Mityoyoyxpr.lnk
          Filesize

          1KB

          MD5

          27a2e2121bf1882478a57a289d89dbb6

          SHA1

          01148d2a4d46782ca7881f914de8b44e625dd808

          SHA256

          14f5408e5dbc6dffdc13673fd42b918ea480be6c15677aa80143888c2fc1e07a

          SHA512

          718a536dade64a3834c70d2b31899bbd0d63969f5a4a1027d91a37871f77fbddb195da9df360fc480ae7bf6e976cf47fcad12b9e6085454f1eec8c49bb46c752

          Download Submit

        • \Users\Admin\AppData\Local\om7JUBodd\Netplwiz.exe
          Filesize

          26KB

          MD5

          e43ec3c800d4c0716613392e81fba1d9

          SHA1

          37de6a235e978ecf3bb0fc2c864016c5b0134348

          SHA256

          636606415a85a16a7e6c5c8fcbdf35494991bce1c37dfc19c75ecb7ce12dc65c

          SHA512

          176c6d8b87bc5a9ca06698e2542ff34d474bcbbf21278390127981366eda89769bd9dd712f3b34f4dd8332a0b40ee0e609276400f16b51999471c8ff24522a08

          Download Submit

        • \Users\Admin\AppData\Local\ssF\SystemPropertiesAdvanced.exe
          Filesize

          80KB

          MD5

          25dc1e599591871c074a68708206e734

          SHA1

          27a9dffa92d979d39c07d889fada536c062dac77

          SHA256

          a13b2ba5892c11c731869410b1e3dd2f250d70ff9efd513a9f260ab506dd42ef

          SHA512

          f7da9ce4c3e8aea9095fcc977084c042f85df48fca0b58fb136dfd835ce69b5b1e68f3c11eeb14c617ffcec7011ffc7e5d5a948f49dde653a2348b28e10adb72

          Download Submit

        • \Users\Admin\AppData\Local\xQ47v\sdclt.exe
          Filesize

          1.2MB

          MD5

          cdebd55ffbda3889aa2a8ce52b9dc097

          SHA1

          4b3cbfff5e57fa0cb058e93e445e3851063646cf

          SHA256

          61bd24487c389fc2b939ce000721677cc173bde0edcafccff81069bbd9987bfd

          SHA512

          2af69742e90d3478ae0a770b2630bfdc469077311c1f755f941825399b9a411e3d8d124126f59b01049456cddc01b237a3114847f1fe53f9e7d1a97e4ba36f13

          Download Submit

        • memory/332-92-0x000007FEF6A00000-0x000007FEF6B32000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-33-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-30-0x0000000077AA0000-0x0000000077AA2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-29-0x0000000077911000-0x0000000077912000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-26-0x0000000002D10000-0x0000000002D17000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1204-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-34-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-4-0x0000000077806000-0x0000000077807000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-5-0x0000000002D30000-0x0000000002D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-68-0x0000000077806000-0x0000000077807000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2500-0-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2500-42-0x000007FEF6A00000-0x000007FEF6B31000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2500-1-0x000007FEF6A00000-0x000007FEF6B31000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2568-69-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2568-70-0x000007FEF6A00000-0x000007FEF6B32000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2568-75-0x000007FEF6A00000-0x000007FEF6B32000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2924-54-0x000007FEF7020000-0x000007FEF7152000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2924-50-0x000007FEF7020000-0x000007FEF7152000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2924-53-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download