Overview

overview

10

Static

static

3

6ce1bc42db...18.dll

windows7-x64

10

6ce1bc42db...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-07-2024 01:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ce1bc42dba1e06a071f724f691f5696_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    6ce1bc42dba1e06a071f724f691f5696

  • SHA1

    af88a5c242b101fb94bcda6f8e65ae1a159a65be

  • SHA256

    a1b778d340f60f244bc8030323206caef7b22f10df2861b1f330900c6decbdb9

  • SHA512

    67c8d1bc9c61f2d0def951e8e4e60f36a796f80b772353bb5e077f403e618a83abaa80ec7679e961bd767b435254140c9433eeb744169e898da5b2b563d982b6

  • SSDEEP

    24576:iuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:q9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ce1bc42dba1e06a071f724f691f5696_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3584
  • C:\Windows\system32\SystemPropertiesComputerName.exe
    C:\Windows\system32\SystemPropertiesComputerName.exe
    1⤵
      PID:4372
    • C:\Users\Admin\AppData\Local\0Oeewd\SystemPropertiesComputerName.exe
      C:\Users\Admin\AppData\Local\0Oeewd\SystemPropertiesComputerName.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4604
    • C:\Windows\system32\lpksetup.exe
      C:\Windows\system32\lpksetup.exe
      1⤵
        PID:4608
      • C:\Users\Admin\AppData\Local\4IQ\lpksetup.exe
        C:\Users\Admin\AppData\Local\4IQ\lpksetup.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4616
      • C:\Windows\system32\BitLockerWizard.exe
        C:\Windows\system32\BitLockerWizard.exe
        1⤵
          PID:4476
        • C:\Users\Admin\AppData\Local\5vR\BitLockerWizard.exe
          C:\Users\Admin\AppData\Local\5vR\BitLockerWizard.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1644

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\0Oeewd\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          6b07a7af28e32797df164058c49ab5b0

          SHA1

          6e031b26976e1476475edbf41220ff4df17aa12f

          SHA256

          e9190e6a3908f319f990f005129314ec57b3b01aa842afa749e66e8335024e30

          SHA512

          39846b4530a73291da299700d24cc97b2fe1d7707af4886c1006783cdcb69d59e24a45bd53b7ce78ee17c558f66eee9c9732a9df684a66407dbdb038e9978316

          Download Submit

        • C:\Users\Admin\AppData\Local\0Oeewd\SystemPropertiesComputerName.exe
          Filesize

          82KB

          MD5

          6711765f323289f5008a6a2a04b6f264

          SHA1

          d8116fdf73608b4b254ad83c74f2232584d24144

          SHA256

          bd3a97327326e2245938ec6099f20059b446ff0fe1c10b9317d15d1a1dd5331e

          SHA512

          438abd282d9d1c0e7e5db2ce027ff9522c3980278b32b2eae09c595884a8dcbfd5178bc5926b1d15f03174303382e13f5d5ecab9a5d8e31fc07ef39e66c012e8

          Download Submit

        • C:\Users\Admin\AppData\Local\4IQ\dpx.dll
          Filesize

          1.2MB

          MD5

          161b121b2601f87eb8b937979bc74009

          SHA1

          4315ad94a0f84fa16859bcbf7a0f1236cb21bef6

          SHA256

          f010310bc11430e40af38a4ed045d446e15ea3298bc2415cae0a498bbf977e0d

          SHA512

          c3f8e8989d6f7dda7ebb8ef7cf9aa0db8a1a6c4e0397403a0bd3abcf905ce354919d609d10bace8cd8cf181ee4eeab61e4bacfb610e5a7f2824e9d2dd6125d69

          Download Submit

        • C:\Users\Admin\AppData\Local\4IQ\lpksetup.exe
          Filesize

          728KB

          MD5

          c75516a32e0aea02a184074d55d1a997

          SHA1

          f9396946c078f8b0f28e3a6e21a97eeece31d13f

          SHA256

          cb3cbeaaff7c07b044f70177e2899a87e80840d177238eb7dd25b8d9e20bef22

          SHA512

          92994fdb75b15742e33e6d7a499664b722e45b9c160d8cc42d30bc727044063d589f45853692b5b754df6ff0fd21294dc32fed985b153f93f4bcf9f8c89a5bcc

          Download Submit

        • C:\Users\Admin\AppData\Local\5vR\BitLockerWizard.exe
          Filesize

          100KB

          MD5

          6d30c96f29f64b34bc98e4c81d9b0ee8

          SHA1

          4a3adc355f02b9c69bdbe391bfb01469dee15cf0

          SHA256

          7758227642702e645af5e84d1c0e5690e07687c8209072a2c5f79379299edf74

          SHA512

          25471b0ac7156d9ee9d12181020039bf551ba3efe252b656030c12d93b8db2648a18bdf762740f2a5cd8e43640e4bd4e8742310dea15823fc76b9e1c126876b8

          Download Submit

        • C:\Users\Admin\AppData\Local\5vR\FVEWIZ.dll
          Filesize

          1.2MB

          MD5

          d8d94d99a8d6b830b7c5096ea556b079

          SHA1

          7bf238954a89e947e22e282b3af404bb7024a7b5

          SHA256

          1ce77663e85604cf4caafd8b0103cc2accca7163d97418ac31425336164eb37a

          SHA512

          aa28f272ef65f04a31a379e50970ee5a6f21349542274dc9afb8bac061a556905cf624477f147fee6f08e99fb41e0809f83734cfc38debfbd98be86556d647eb

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Igacdkfje.lnk
          Filesize

          1KB

          MD5

          1f2f5abe6dc2dcb9a9917dbeeb2ebb0c

          SHA1

          66602bfcff2a4daadc647b57bb71b3e1bbcf99d6

          SHA256

          11547325df92773d97121d3659bf8811eac597fa41861d52f950fc331dfddf23

          SHA512

          51900ef2436414ad44c32b63a350d07e8d00f85b246b066e9c5adf45658a544172e8ef5e03471aa3cf7c6d95456af1fbaa63d1b16c31b85ce3198b7ffc03c7ad

          Download Submit

        • memory/1644-86-0x00007FFDB5D20000-0x00007FFDB5E53000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1644-83-0x00000246E1A80000-0x00000246E1A87000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3432-8-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-24-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-13-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-12-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-11-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-10-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-9-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-14-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-7-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-30-0x00007FFDC53B0000-0x00007FFDC53C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3432-6-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-15-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-28-0x00007FFDC36CA000-0x00007FFDC36CB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3432-16-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-36-0x0000000140000000-0x0000000140132000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-5-0x00000000057F0000-0x00000000057F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3432-29-0x00000000057D0000-0x00000000057D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3584-0-0x000002A136A10000-0x000002A136A17000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3584-39-0x00007FFDB6280000-0x00007FFDB63B2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3584-1-0x00007FFDB6280000-0x00007FFDB63B2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4604-46-0x000002B146060000-0x000002B146067000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4604-52-0x00007FFDB5D20000-0x00007FFDB5E53000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4604-47-0x00007FFDB5D20000-0x00007FFDB5E53000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4616-69-0x00007FFDB5D20000-0x00007FFDB5E53000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4616-66-0x0000023C57F80000-0x0000023C57F87000-memory.dmp

          Filesize

          28KB

          Download