Overview

overview

10

Static

static

3

7051b4e076...18.dll

windows7-x64

10

7051b4e076...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    30-07-2024 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7051b4e07604f97d31c07ff0f83c9620_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    7051b4e07604f97d31c07ff0f83c9620

  • SHA1

    9585328616c046d78fd9a9cd61c98ca4504ada1a

  • SHA256

    7da26cae9e489fcf070ff979bb244ed218c0b0fb16b33f36a0079c8b394ae41e

  • SHA512

    9665b1fab2412dec8035e0c89a9395b5bb46534a7a0b4317e06046c35a5cf26a1cd14ac0df62355d875be2a3ce8a956fddcda21fa01e32175da2af62639da6b6

  • SSDEEP

    24576:nuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9Nnpt:J9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7051b4e07604f97d31c07ff0f83c9620_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2400
  • C:\Windows\system32\EhStorAuthn.exe
    C:\Windows\system32\EhStorAuthn.exe
    1⤵
      PID:2620
    • C:\Users\Admin\AppData\Local\mgur34Wt\EhStorAuthn.exe
      C:\Users\Admin\AppData\Local\mgur34Wt\EhStorAuthn.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2636
    • C:\Windows\system32\ddodiag.exe
      C:\Windows\system32\ddodiag.exe
      1⤵
        PID:2516
      • C:\Users\Admin\AppData\Local\HaP\ddodiag.exe
        C:\Users\Admin\AppData\Local\HaP\ddodiag.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2544
      • C:\Windows\system32\wisptis.exe
        C:\Windows\system32\wisptis.exe
        1⤵
          PID:3056
        • C:\Users\Admin\AppData\Local\smSc3\wisptis.exe
          C:\Users\Admin\AppData\Local\smSc3\wisptis.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2924

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\HaP\XmlLite.dll
          Filesize

          1.2MB

          MD5

          5cf9f571f0acfe60de722638155f7355

          SHA1

          52fd5b3578e97aa64bfb93c107c4efa2d9d80e38

          SHA256

          c3d6caf2b310e40b52208448768d3fca8c5736c17e69168d41ff3a5a15628023

          SHA512

          201cd39e9992d3b27b184f3ffb625edae61381d5bb5cc0d5188bb635d3ad04dc04a1829f06e7dc31dfc2b2f3b662b1385c68a049f5c62836ef5a58250ff8ba48

          Download Submit

        • C:\Users\Admin\AppData\Local\mgur34Wt\UxTheme.dll
          Filesize

          1.2MB

          MD5

          c33bbec24773a91a4f2d40be7a7fef43

          SHA1

          9e9528ab45451954d05d21f24701a8cd079169ed

          SHA256

          7015594ba19d36354bb0adacf2b4417aa83f82174bd090dc58230878781249e9

          SHA512

          c4f626348e1443ab07c719db18885b713b10b73def2fd42da5ad9ed11912c4f458a59719266138e88c117063c6031d90013ca9cc9530842b1756014d131ed750

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dzyzbjcaevupvd.lnk
          Filesize

          1KB

          MD5

          1fe27350e7bea2a44994eb47273f5d1c

          SHA1

          a28efd426c4599f8ac2308ecb67cf8c4a7c634dc

          SHA256

          4da718caaf9e4b7215788893024c903873274bc21ab4ed7ddde096eb259e1495

          SHA512

          522d55a819dffd05fbeae2b5cdef7c1e9161f3fd95cb85ae679d5a078c50987361ba94f479aae6821a31eeabbbd41f0f0e41baeb3015227c3eb92da7b9efea4b

          Download Submit

        • \Users\Admin\AppData\Local\HaP\ddodiag.exe
          Filesize

          42KB

          MD5

          509f9513ca16ba2f2047f5227a05d1a8

          SHA1

          fe8d63259cb9afa17da7b7b8ede4e75081071b1a

          SHA256

          ddf48c333e45c56c9e3f16e492c023bf138629f4c093b8aaab8ea60310c8c96e

          SHA512

          ad3168767e5eba575ae766e1e2923b1db4571bbeb302d7c58e8023612e33913dcd9e5f4a4c1bc7b1556442a0807117066f17c62b38fe2ae0dfaa3817b7318862

          Download Submit

        • \Users\Admin\AppData\Local\mgur34Wt\EhStorAuthn.exe
          Filesize

          137KB

          MD5

          3abe95d92c80dc79707d8e168d79a994

          SHA1

          64b10c17f602d3f21c84954541e7092bc55bb5ab

          SHA256

          2159d9d5c9355521de859d1c40907fcdfef19f8cf68eda7485b89e9aa119e3ad

          SHA512

          70fee5e87121229bba5c5e5aaa9f028ac0546dc9d38b7a00a81b882c8f8ce4abfdc364a598976b1463cca05e9400db715f8a4478ec61b03a693bbeee18c6ae5c

          Download Submit

        • \Users\Admin\AppData\Local\smSc3\OLEACC.dll
          Filesize

          1.2MB

          MD5

          9890e6f481ec597ea08b67b3d2c9ab2c

          SHA1

          eaeb2708352f4c60d8c6e5de17a4b3a7a52ebc47

          SHA256

          de6093659c532c55a5a9f27931f5a7a36a5eba0a0733b8ace98aef576007fbb3

          SHA512

          04beac84c8436d32d007bcd536e4df1cd505ad2ebfdf672ed8702cc4f4ff1f9a32af12dfc6ce08322894926a342cc38f3cec69c2c713ab8a77326544d85ecdf3

          Download Submit

        • \Users\Admin\AppData\Local\smSc3\wisptis.exe
          Filesize

          396KB

          MD5

          02e20372d9d6d28e37ba9704edc90b67

          SHA1

          d7d18ba0df95c3507bf20be8d72e25c5d11ab40c

          SHA256

          3338129ddf6fb53d6e743c10bc39ec372d9b2c39c607cbe8a71cff929f854144

          SHA512

          bcad8894614dcfc1429be04829c217e7c8ac3c40ea3927073de3421d96d9815739ee1b84f0200eb18b3b8406b972bd934204b7b31638c9fe7c297fb201ed4200

          Download Submit

        • memory/1116-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-16-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-4-0x0000000076EC6000-0x0000000076EC7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1116-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-27-0x0000000077160000-0x0000000077162000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1116-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-26-0x0000000076FD1000-0x0000000076FD2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1116-32-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-25-0x0000000002DD0000-0x0000000002DD7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1116-24-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-33-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-5-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1116-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-60-0x0000000076EC6000-0x0000000076EC7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2400-41-0x000007FEF6390000-0x000007FEF64C0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2400-0-0x000007FEF6390000-0x000007FEF64C0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2400-3-0x0000000000220000-0x0000000000227000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2544-68-0x000007FEF6380000-0x000007FEF64B1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2544-71-0x0000000000170000-0x0000000000177000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2544-74-0x000007FEF6380000-0x000007FEF64B1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2636-55-0x000007FEF6E90000-0x000007FEF6FC1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2636-50-0x000007FEF6E90000-0x000007FEF6FC1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2636-49-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2924-90-0x00000000001B0000-0x00000000001B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2924-87-0x000007FEF6180000-0x000007FEF62B1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2924-91-0x000007FEF6180000-0x000007FEF62B1000-memory.dmp

          Filesize

          1.2MB

          Download