Overview

overview

10

Static

static

3

18428c3efa...18.dll

windows7-x64

10

18428c3efa...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    28-07-2024 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18428c3efa7b13c4e78a7b5b69b70830_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    18428c3efa7b13c4e78a7b5b69b70830

  • SHA1

    64b59747173c0dabc247a8889ed21c841b903797

  • SHA256

    34bfc57caf700a8b85a5cd1afb2b3de03dcbc2b416d0789c265ea5715d7ac05e

  • SHA512

    6b42aef60d6522c051690e9d332c9719217df03cc2b4068b83fe7cd0e2cafe878f6f389e72e57559007c3d04487628a9adbbde36ad2aa230578cad4ebf221f64

  • SSDEEP

    24576:euYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:e9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\18428c3efa7b13c4e78a7b5b69b70830_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3044
  • C:\Windows\system32\sdclt.exe
    C:\Windows\system32\sdclt.exe
    1⤵
      PID:2588
    • C:\Users\Admin\AppData\Local\hnhitc\sdclt.exe
      C:\Users\Admin\AppData\Local\hnhitc\sdclt.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2900
    • C:\Windows\system32\msinfo32.exe
      C:\Windows\system32\msinfo32.exe
      1⤵
        PID:2720
      • C:\Users\Admin\AppData\Local\hcKuFXHp\msinfo32.exe
        C:\Users\Admin\AppData\Local\hcKuFXHp\msinfo32.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:560
      • C:\Windows\system32\winlogon.exe
        C:\Windows\system32\winlogon.exe
        1⤵
          PID:2620
        • C:\Users\Admin\AppData\Local\6Ok8teRK\winlogon.exe
          C:\Users\Admin\AppData\Local\6Ok8teRK\winlogon.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2836

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\hcKuFXHp\MFC42u.dll
          Filesize

          1.2MB

          MD5

          070ce19a17d10b6b70b367ae2ae3981d

          SHA1

          d39abb55097fc7f3256db874a200683f5db73dce

          SHA256

          4caa45f91b399e916c41249993b70c76bed353b225ff9f10b9cee1a1d651a877

          SHA512

          96bb2643baa6d9f7b0552eb00e623fb3caa1c523b6ba321e7b0545d3388800a138816eda3aed8a3df1b99b49475fa3497a1ef6856b6bffcf1c64976a02174cfa

          Download Submit

        • C:\Users\Admin\AppData\Local\hnhitc\Secur32.dll
          Filesize

          1.2MB

          MD5

          e1503075705008766243e79142d7c150

          SHA1

          f0d1d01951cb200ea210a78b390a1f9840db0121

          SHA256

          ae99fc3292f6c588f1e7c1f932e36f402bcb0293676861ceab49e7575bc6d25c

          SHA512

          a2f515180945948d88790a23c160d3fa40adbee670343f5b00076475735e4bf8d2470ea71613c89b7a0914a7b583b8aa438b680c2b1ea0a58c8ad35a85b9f899

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Mityoyoyxpr.lnk
          Filesize

          1KB

          MD5

          408bcb979b487194945daa802dd9e0d5

          SHA1

          4fa75ba3d03052488e49f69729734eb8e74bc7f8

          SHA256

          6b22f4123096e82cfbb9051c65e57d7476ca7d5e4c34ce8870fe4c47b535b719

          SHA512

          cc6e76497a0f53f18d60b5707a42529e4695d28d30da4a946d0c0fcca7b6ef4e1f6d0582798a9d9acc3afbf07c60678b37579403dfa87c45e43a701bc8d60ff2

          Download Submit

        • \Users\Admin\AppData\Local\6Ok8teRK\WINSTA.dll
          Filesize

          1.2MB

          MD5

          ac3f37e9834efa5aa50ac45408ad45d4

          SHA1

          97bb20de36e255bf5dbe7ce6f3cf247edb108be8

          SHA256

          37da26c683db1e0fe6c0d97232b2c5ac10d15d09641bcbe130b425a2e1092ba7

          SHA512

          eb9046404f4663929d1d3592bda175308e789a234ef290426eb63110a86e75542f8c49eb21e1d10aff41bb3444fbb09f8181bdc3c168c2a5d3c256166be845e9

          Download Submit

        • \Users\Admin\AppData\Local\6Ok8teRK\winlogon.exe
          Filesize

          381KB

          MD5

          1151b1baa6f350b1db6598e0fea7c457

          SHA1

          434856b834baf163c5ea4d26434eeae775a507fb

          SHA256

          b1506e0a7e826eff0f5252ef5026070c46e2235438403a9a24d73ee69c0b8a49

          SHA512

          df728d06238da1dece96f8b8d67a2423ed4dcb344b42d5958768d23bd570a79e7189e7c5ba783c1628fe8ddd1deaebeacb1b471c59c8a7c9beb21b4f1eb9edab

          Download Submit

        • \Users\Admin\AppData\Local\hcKuFXHp\msinfo32.exe
          Filesize

          370KB

          MD5

          d291620d4c51c5f5ffa62ccdc52c5c13

          SHA1

          2081c97f15b1c2a2eadce366baf3c510da553cc7

          SHA256

          76e959dd7db31726c040d46cfa86b681479967aea36db5f625e80bd36422e8ae

          SHA512

          75f9bcce4c596dae1f4d78e13d9d53b0c31988d2170c3d9f5db352b8c8a1c8ca58f4a002b30a4b328b8f4769008b750b8a1c9fda44a582e11c3adc38345c334b

          Download Submit

        • \Users\Admin\AppData\Local\hnhitc\sdclt.exe
          Filesize

          1.2MB

          MD5

          cdebd55ffbda3889aa2a8ce52b9dc097

          SHA1

          4b3cbfff5e57fa0cb058e93e445e3851063646cf

          SHA256

          61bd24487c389fc2b939ce000721677cc173bde0edcafccff81069bbd9987bfd

          SHA512

          2af69742e90d3478ae0a770b2630bfdc469077311c1f755f941825399b9a411e3d8d124126f59b01049456cddc01b237a3114847f1fe53f9e7d1a97e4ba36f13

          Download Submit

        • memory/560-79-0x000007FEF6A70000-0x000007FEF6BA8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/560-76-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/560-73-0x000007FEF6A70000-0x000007FEF6BA8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-28-0x0000000077B10000-0x0000000077B12000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1184-4-0x0000000077776000-0x0000000077777000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-27-0x0000000077981000-0x0000000077982000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-5-0x0000000002D50000-0x0000000002D51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-65-0x0000000077776000-0x0000000077777000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-26-0x0000000002D30000-0x0000000002D37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1184-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2836-91-0x000007FEF6A70000-0x000007FEF6BA3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2836-94-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2836-97-0x000007FEF6A70000-0x000007FEF6BA3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2900-55-0x000007FEF6FE0000-0x000007FEF7112000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2900-60-0x000007FEF6FE0000-0x000007FEF7112000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2900-54-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3044-46-0x000007FEF6A70000-0x000007FEF6BA1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3044-3-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3044-0-0x000007FEF6A70000-0x000007FEF6BA1000-memory.dmp

          Filesize

          1.2MB

          Download