Overview

overview

10

Static

static

3

305ed1795e...18.dll

windows7-x64

10

305ed1795e...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    29-07-2024 01:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    305ed1795e2e32ab6474f11e8a2b90da_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    305ed1795e2e32ab6474f11e8a2b90da

  • SHA1

    36691323644bafb435d160a6d91caabba435a6de

  • SHA256

    f2ddef77e116e27aaf7edd19d8e311c890be77abd321a104a19bb4beb6a760d5

  • SHA512

    eab5c510385fef3fc598f15b65c6b91e966ba1590de17c839e4a5a9816526463f91501a5006209e781e15befd240ff7cdb53e57103dabd319483598926f85500

  • SSDEEP

    24576:yuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:a9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\305ed1795e2e32ab6474f11e8a2b90da_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2464
  • C:\Windows\system32\javaws.exe
    C:\Windows\system32\javaws.exe
    1⤵
      PID:2876
    • C:\Users\Admin\AppData\Local\6yOo\javaws.exe
      C:\Users\Admin\AppData\Local\6yOo\javaws.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2972
    • C:\Windows\system32\tabcal.exe
      C:\Windows\system32\tabcal.exe
      1⤵
        PID:2716
      • C:\Users\Admin\AppData\Local\bnqkT\tabcal.exe
        C:\Users\Admin\AppData\Local\bnqkT\tabcal.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1376
      • C:\Windows\system32\dwm.exe
        C:\Windows\system32\dwm.exe
        1⤵
          PID:2996
        • C:\Users\Admin\AppData\Local\X21rF\dwm.exe
          C:\Users\Admin\AppData\Local\X21rF\dwm.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1628

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\6yOo\VERSION.dll
          Filesize

          1.2MB

          MD5

          63e6b688d403d11efce3cd05fcd0719b

          SHA1

          5b0e6540bd6ebca0419a2fda0ffc76b208846ef0

          SHA256

          11520bf9adb74b82a415ad31ef0267a0b5b242881cf81aa247d26bd185414872

          SHA512

          ff19fe813dc0503f4f45945d65f97a89faa2ae6f702e39a6f2aa2f80604f7c0f069fe34825e322683fc9a15bc26e9b07a076662227e578a01f4afd9fa1f0c450

          Download Submit

        • C:\Users\Admin\AppData\Local\6yOo\javaws.exe
          Filesize

          312KB

          MD5

          f94bc1a70c942621c4279236df284e04

          SHA1

          8f46d89c7db415a7f48ccd638963028f63df4e4f

          SHA256

          be9f8986a6c86d9f77978105d48b59eebfec3b9732dbf19e0f3d48bf7f20120c

          SHA512

          60edf20ca3cae9802263446af266568d0b5e0692eddcfcfc3b2f9a39327b3184613ca994460b919d17a6edc5936b4da16d9033f5138bcfd9bc0f09d88c8dcd52

          Download Submit

        • C:\Users\Admin\AppData\Local\X21rF\UxTheme.dll
          Filesize

          1.2MB

          MD5

          20891eb0aa0f891a0fe88fb6ebaee555

          SHA1

          2cffb7f1c72cd80c856d35b6f09c9bf003645450

          SHA256

          8e4e69400fc226c90d67e15a16a88a9fc0470aea974a2a6a9a0c7e7c6e40b656

          SHA512

          21b00f1aa26aa0bef0d0a6396b4b41f9c1a3c0eaeccd5a39a90786994ff3ff9eb6b7554381a959c4f766971c1b13b8687c7cb1ad2129ebf5ab1155603277d8a9

          Download Submit

        • C:\Users\Admin\AppData\Local\X21rF\dwm.exe
          Filesize

          117KB

          MD5

          f162d5f5e845b9dc352dd1bad8cef1bc

          SHA1

          35bc294b7e1f062ef5cb5fa1bd3fc942a3e37ae2

          SHA256

          8a7b7528db30ab123b060d8e41954d95913c07bb40cdae32e97f9edb0baf79c7

          SHA512

          7077e800453a4564a24af022636a2f6547bdae2c9c6f4ed080d0c98415ecc4fbf538109cbebd456e321b9b74a00613d647b63998e31925fbd841fc9d4613e851

          Download Submit

        • C:\Users\Admin\AppData\Local\bnqkT\HID.DLL
          Filesize

          1.2MB

          MD5

          cdc1ae5eff46bbda45b706553ecbdc76

          SHA1

          9c0d2c71801d2746608cab02b0b3b23479a744c0

          SHA256

          bb91e090a7e74d2e44f1b12cabce3caafda7599e3542b8ad43cc45b2d382058d

          SHA512

          877fc1b24b8a138571df400f7dd86a926cbe16fa94636e629ff500278235a7dbdf65dd46ea6a85f9f7dc9efc873edb6f04477ccecb0f4673c71aa059db2b70e0

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dzyzbjcaevupvd.lnk
          Filesize

          988B

          MD5

          833c6887239f5b5d373104fdb5d814d2

          SHA1

          5ec83418c44482aea0823f75934b243373b851c7

          SHA256

          7f48185da6527ac68f0f0b58e72f713599c919d0e225ddefbe7a9f0720449620

          SHA512

          60bc34b0c4a52bf5eebd6a9f6a6bb7079da065ea24a6dbe02d8d4fcaa7bb34970f44c0a412f11b10469a9d598c5e7ed248d053c83d99d762b26e9f231d1e5f30

          Download Submit

        • \Users\Admin\AppData\Local\bnqkT\tabcal.exe
          Filesize

          77KB

          MD5

          98e7911befe83f76777317ce6905666d

          SHA1

          2780088dffe1dd1356c5dd5112a9f04afee3ee8d

          SHA256

          3fe8b63367b4298e70d46e87ce04cc7af5f30dfdb86b79eae41d0731d9415ea1

          SHA512

          fc0226381d9a6984cccac8282697c78966524e1359f7f6044559b8223e773d3c108dda08a2dd283aa171dca3390801f2c92a5d1dbb978dd7f92a67bd8877b8b6

          Download Submit

        • memory/1200-29-0x00000000773B1000-0x00000000773B2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-4-0x00000000772A6000-0x00000000772A7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-26-0x00000000020D0000-0x00000000020D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1200-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-5-0x00000000025B0000-0x00000000025B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-30-0x0000000077540000-0x0000000077542000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-77-0x00000000772A6000-0x00000000772A7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1376-72-0x000007FEF6200000-0x000007FEF6332000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1376-78-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1376-79-0x000007FEF6200000-0x000007FEF6332000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1628-96-0x0000000001D80000-0x0000000001D87000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1628-95-0x000007FEF6200000-0x000007FEF6332000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2464-46-0x000007FEF6200000-0x000007FEF6331000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2464-0-0x00000000003A0000-0x00000000003A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2464-1-0x000007FEF6200000-0x000007FEF6331000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2972-60-0x000007FEF6AE0000-0x000007FEF6C12000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2972-57-0x00000000003F0000-0x00000000003F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2972-54-0x000007FEF6AE0000-0x000007FEF6C12000-memory.dmp

          Filesize

          1.2MB

          Download