Overview

overview

10

Static

static

3

24532b6718...18.dll

windows7-x64

10

24532b6718...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-07-2024 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24532b6718d3665f61db9982be0fa5a6_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    24532b6718d3665f61db9982be0fa5a6

  • SHA1

    de1d4721719be5814041d99a4559fdcb5296c985

  • SHA256

    fc52e505c69f58c26100ca9bb35c3f39bc35dd9864d7f8dd5ebd119e730b51e5

  • SHA512

    e73462d6a299bc8bb208e704136061424aeff0f73e3d067ab37d08b2eb84a4a18de9baa937cfb7f22a3aec27fb1f91ba0af779c01beb9157c9dcecc8a0461d5d

  • SSDEEP

    24576:suYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:E9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\24532b6718d3665f61db9982be0fa5a6_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1584
  • C:\Windows\system32\msdt.exe
    C:\Windows\system32\msdt.exe
    1⤵
      PID:2700
    • C:\Users\Admin\AppData\Local\QSYHS6\msdt.exe
      C:\Users\Admin\AppData\Local\QSYHS6\msdt.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1144
    • C:\Windows\system32\sigverif.exe
      C:\Windows\system32\sigverif.exe
      1⤵
        PID:2472
      • C:\Users\Admin\AppData\Local\cSy20f\sigverif.exe
        C:\Users\Admin\AppData\Local\cSy20f\sigverif.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2536
      • C:\Windows\system32\SystemPropertiesPerformance.exe
        C:\Windows\system32\SystemPropertiesPerformance.exe
        1⤵
          PID:904
        • C:\Users\Admin\AppData\Local\eZtzYTl5\SystemPropertiesPerformance.exe
          C:\Users\Admin\AppData\Local\eZtzYTl5\SystemPropertiesPerformance.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4348

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\QSYHS6\DUI70.dll
          Filesize

          1.4MB

          MD5

          622b7ed367a509a5d5c91ff1301e3b52

          SHA1

          53a36995557efbccf702c6770460f93709833f25

          SHA256

          eb394b4c5d10b0547539c97fba87635dbd49853d2c361630af04d4cf0d505058

          SHA512

          fae7bc082bded602a0c0518cdb4c7196c4f35084c7814f4dd152883266778c34e0f8bc4108a46c1af54407206b63f326072fc767b60b5ffe587a1944e2eb70f5

          Download Submit

        • C:\Users\Admin\AppData\Local\QSYHS6\msdt.exe
          Filesize

          421KB

          MD5

          992c3f0cc8180f2f51156671e027ae75

          SHA1

          942ec8c2ccfcacd75a1cd86cbe8873aee5115e29

          SHA256

          6859d1b5d1beaa2985b298f3fcee67f0aac747687a9dec2b4376585e99e9756f

          SHA512

          1f1b8d39e29274cfc87a9ef1510adb9c530086a421c121523376731c8933c6e234e9146310d3767ce888a8dce7a5713221f4d25e5b7b6398d06ae2be2b99eadf

          Download Submit

        • C:\Users\Admin\AppData\Local\cSy20f\VERSION.dll
          Filesize

          1.2MB

          MD5

          b0fc9ae4ef3084119ae269bc8d0a346c

          SHA1

          6c72826d073cfc13dc9d658c0f4bf4cac401662a

          SHA256

          0818f3f4cf46d8603b09a1092fc54c27fdfafd7e4bc7734676865fa17cf72e4b

          SHA512

          7d35394f8137ac63cc24f790ee1983b352417d8e42f6c3fcb73845e5f25d19cacc5a531d7caaac5dbda1e19016713166f5b1de4462a43ae36455970eb4386437

          Download Submit

        • C:\Users\Admin\AppData\Local\cSy20f\sigverif.exe
          Filesize

          77KB

          MD5

          2151a535274b53ba8a728e542cbc07a8

          SHA1

          a2304c0f2616a7d12298540dce459dd9ccf07443

          SHA256

          064de47877b00dc35886e829a697e4adb3d3cfdf294ddba13b6009a0f415b1bd

          SHA512

          e6fd520ee1bd80a5fe8a7c2ae6446dcaabd4e335a602c36356f85305abef751b7dffa7eaac1ec13c105ccd8c3e9070bd32ed4b14bc8a9e52dc5f47b936d69a9f

          Download Submit

        • C:\Users\Admin\AppData\Local\eZtzYTl5\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          c934d9a8d074467969d08fe8b66a8b2a

          SHA1

          d42d21c8e481d3a4a08db2b25b6448dbaf82a36a

          SHA256

          26cceefb11c0d62235a133da96035019ca3a11815c8d7242c6f7c33aeb6138a3

          SHA512

          f5d34f5842003e7655b5ccb9152f474c0549e64d525877c039410432ea9e42c4a6ba8bbcff84f865fe53c915bbc8f24a1dc7f33e1a8ef778ef1d7c2ae219d73e

          Download Submit

        • C:\Users\Admin\AppData\Local\eZtzYTl5\SystemPropertiesPerformance.exe
          Filesize

          82KB

          MD5

          e4fbf7cab8669c7c9cef92205d2f2ffc

          SHA1

          adbfa782b7998720fa85678cc85863b961975e28

          SHA256

          b266318d45a4245556a2e39b763f2f11eca780969105f6f103e53dd0a492bb30

          SHA512

          c5c62578d04133352d6cb7b018df96a7b55c18d6111ab8bf2bfe232a3315a63b07047fa5b0b88551d152085776c66169b47566242c8c4c5e0333c55adc64e1b6

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xbmwoevbyfzl.lnk
          Filesize

          1KB

          MD5

          e50bbd7303d59c3c044696563b295d0c

          SHA1

          a9d4e5b76c9f3aa1076b0db212fcc2040698281b

          SHA256

          c85e9eb38ebec9db520099e962ba8e17040ce83728dcf75f5af53f6e874142b5

          SHA512

          931838a4aeb30415c04648ba3c01a106454b6b83b701edb435e95d7d909a13539281c45adff19b16a6d732281c1633b23bee5ff1dbed4d71873caff4ec3df47e

          Download Submit

        • memory/1144-49-0x000001BF01B90000-0x000001BF01B97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1144-52-0x00007FF907BC0000-0x00007FF907D37000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1144-46-0x00007FF907BC0000-0x00007FF907D37000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1584-0-0x00007FF908230000-0x00007FF908361000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1584-39-0x00007FF908230000-0x00007FF908361000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1584-3-0x000001EC6AD40000-0x000001EC6AD47000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2536-63-0x00007FF908230000-0x00007FF908362000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2536-66-0x000002D1CC320000-0x000002D1CC327000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2536-67-0x00007FF908230000-0x00007FF908362000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-33-0x00007FF915A5A000-0x00007FF915A5B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3532-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-36-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-34-0x0000000001360000-0x0000000001367000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3532-35-0x00007FF916310000-0x00007FF916320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3532-24-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-6-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3532-4-0x00000000031B0000-0x00000000031B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4348-86-0x00007FF908230000-0x00007FF908362000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4348-83-0x0000021080B30000-0x0000021080B37000-memory.dmp

          Filesize

          28KB

          Download