Overview

overview

10

Static

static

3

3419fa482b...18.dll

windows7-x64

10

3419fa482b...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    29-07-2024 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3419fa482b6568b8f57a109c37efbb6a_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    3419fa482b6568b8f57a109c37efbb6a

  • SHA1

    b7e9b700a063409acebaf68978058ccd1483a3b4

  • SHA256

    de941aa21b4dc90656dc241719d3ce01cf582dc24404c2abec1c390b6214186c

  • SHA512

    7d0fba934c86b69c988bf8ab8126099ec67d55d61135d96181695fa0d8d40fd048b587660fb45b1f6fe90819299b5e0a48d943f921eacdfa12637b2c44774c7c

  • SSDEEP

    24576:RuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:D9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3419fa482b6568b8f57a109c37efbb6a_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2404
  • C:\Windows\system32\FXSCOVER.exe
    C:\Windows\system32\FXSCOVER.exe
    1⤵
      PID:2904
    • C:\Users\Admin\AppData\Local\OMxWLT4\FXSCOVER.exe
      C:\Users\Admin\AppData\Local\OMxWLT4\FXSCOVER.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2896
    • C:\Windows\system32\sethc.exe
      C:\Windows\system32\sethc.exe
      1⤵
        PID:2664
      • C:\Users\Admin\AppData\Local\tpM\sethc.exe
        C:\Users\Admin\AppData\Local\tpM\sethc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1672
      • C:\Windows\system32\sigverif.exe
        C:\Windows\system32\sigverif.exe
        1⤵
          PID:1716
        • C:\Users\Admin\AppData\Local\IPjsmSRnH\sigverif.exe
          C:\Users\Admin\AppData\Local\IPjsmSRnH\sigverif.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2956

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\IPjsmSRnH\VERSION.dll
          Filesize

          1.2MB

          MD5

          1366c60bc4027e97f49e64c949a265ef

          SHA1

          7f657750129f66c2ad7bd8beab5ec3a9eb2623b1

          SHA256

          7e22cf358e3d239ae588f2e3b9dcdb565b054b9cac24fafb20b5dfaa6460446e

          SHA512

          2faf0064b845d47737ce4bb79bb9c710bfadafd7d6dd706f71cfbdde2437417954cd565fd4c950389e8c10c4fe1e21d89dd916f132b0678bd387af8704642116

          Download Submit

        • C:\Users\Admin\AppData\Local\IPjsmSRnH\sigverif.exe
          Filesize

          73KB

          MD5

          e8e95ae5534553fc055051cee99a7f55

          SHA1

          4e0f668849fd546edd083d5981ed685d02a68df4

          SHA256

          9e107fd99892d08b15c223ac17c49af75a4cbca41b5e939bb91c9dca9f0d0bec

          SHA512

          5d3c32d136a264b6d2cfba4602e4d8f75e55ba0e199e0e81d7a515c34d8b9237db29647c10ab79081173010ff8e2c6a59b652c0a9cfa796433aed2d200f02da6

          Download Submit

        • C:\Users\Admin\AppData\Local\OMxWLT4\MFC42u.dll
          Filesize

          1.2MB

          MD5

          fc570d76e4a051e3ca54ce40f35bdf6c

          SHA1

          4d69f16e122b92da892127edbc1702723fa3294e

          SHA256

          e5c5168d2d017d6a53467801bdefd9517503c77893b8a92aebf0746e359c58d7

          SHA512

          ddd20394add9c598dc0c74029610baf0a49c19ca8fbf169fea1880c096dae7cbb5fe822ef567f996094e5b09241be1a3e8a6c1923facdec25ebf8a3a0f9c3d7c

          Download Submit

        • C:\Users\Admin\AppData\Local\tpM\UxTheme.dll
          Filesize

          1.2MB

          MD5

          73d56b845bac3cc1878e25df4fdd9fb8

          SHA1

          b526e719983c070fbef2cc5c92d27c471b10476d

          SHA256

          5eb7b35546cd7eecad11ae2b79f7f5b31554c59f65b4cf53a932c867d45d85a4

          SHA512

          f5c780faa42318937e2f201a10fc24f7d48b528b9b650451834a0d74bafa89fd5a405e235835be9dcc92b7d99c6becbd9695733574fe9a7cac8970796c1d7571

          Download Submit

        • C:\Users\Admin\AppData\Local\tpM\sethc.exe
          Filesize

          272KB

          MD5

          3bcb70da9b5a2011e01e35ed29a3f3f3

          SHA1

          9daecb1ee5d7cbcf46ee154dd642fcd993723a9b

          SHA256

          dd94bf73f0e3652b76cfb774b419ceaa2082bc7f30cc34e28dfa51952fa9ccb5

          SHA512

          69d231132f488fd7033349f232db1207f88f1d5cb84f5422adf0dd5fb7b373dada8fdfac7760b8845e5aab00a7ae56f24d66bbb8aa70c3c8de6ec5c31982b4df

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Mityoyoyxpr.lnk
          Filesize

          1024B

          MD5

          7527b95411f4ffebfdb8e3c85105f1eb

          SHA1

          557af374617397fe8c056d0b92f41957315d8e9b

          SHA256

          7f15d7b0a70adf98560bd3ef14bf9e99e3301f6be1cc44fb358fefaee85bae04

          SHA512

          4a7a1909066978126ecc61cdc64da0b42c01ae17415d225759f8c13c5502b3eb54f8826f258b212e3c934f2d7cd6e9283f51fa28e52e3bc59d134e30da720c66

          Download Submit

        • \Users\Admin\AppData\Local\OMxWLT4\FXSCOVER.exe
          Filesize

          261KB

          MD5

          5e2c61be8e093dbfe7fc37585be42869

          SHA1

          ed46cda4ece3ef187b0cf29ca843a6c6735af6c0

          SHA256

          3d1719c1caa5d6b0358830a30713c43a9710fbf7bcedca20815be54d24aa9121

          SHA512

          90bf180c8f6e3d0286a19fcd4727f23925a39c90113db979e1b4bbf8f0491471ad26c877a6e2cf49638b14050d952a9ee02a3c1293129843ec6bba01bc325d0b

          Download Submit

        • memory/1124-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-4-0x0000000076F86000-0x0000000076F87000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1124-26-0x00000000025B0000-0x00000000025B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1124-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-31-0x0000000077320000-0x0000000077322000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1124-30-0x0000000077191000-0x0000000077192000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1124-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-5-0x0000000002D20000-0x0000000002D21000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1124-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-75-0x0000000076F86000-0x0000000076F87000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1124-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1124-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1672-72-0x000007FEF6A30000-0x000007FEF6B62000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1672-76-0x0000000000140000-0x0000000000147000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1672-79-0x000007FEF6A30000-0x000007FEF6B62000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2404-46-0x000007FEF6A30000-0x000007FEF6B61000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2404-3-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2404-0-0x000007FEF6A30000-0x000007FEF6B61000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2896-60-0x000007FEF7050000-0x000007FEF7188000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2896-55-0x000007FEF7050000-0x000007FEF7188000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2896-54-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2956-96-0x000007FEF6A30000-0x000007FEF6B62000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2956-97-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download