Overview

overview

10

Static

static

3

72fb9a4545...18.dll

windows7-x64

10

72fb9a4545...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240729-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240729-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-07-2024 14:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72fb9a4545e473d7d94fe766e6654729_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    72fb9a4545e473d7d94fe766e6654729

  • SHA1

    eaffdc1dc71421e6f523456e2ecf7fd0ae60b2f2

  • SHA256

    9098e782f34228349487ef9250a37c00874cb70ef152d48ac89125ad23c899fc

  • SHA512

    740ab9c74701d3c280354c596e458fa05e795527c9bf522f87949abf13602db822e485f639c89d0a9996bfcb5782aa30040afcd75a9ac51c64ad2b2c349802c9

  • SSDEEP

    24576:juYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:N9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\72fb9a4545e473d7d94fe766e6654729_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3400
  • C:\Windows\system32\wlrmdr.exe
    C:\Windows\system32\wlrmdr.exe
    1⤵
      PID:4272
    • C:\Users\Admin\AppData\Local\jBL\wlrmdr.exe
      C:\Users\Admin\AppData\Local\jBL\wlrmdr.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2648
    • C:\Windows\system32\cmstp.exe
      C:\Windows\system32\cmstp.exe
      1⤵
        PID:2004
      • C:\Users\Admin\AppData\Local\EiNqRsW\cmstp.exe
        C:\Users\Admin\AppData\Local\EiNqRsW\cmstp.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:5112
      • C:\Windows\system32\unregmp2.exe
        C:\Windows\system32\unregmp2.exe
        1⤵
          PID:704
        • C:\Users\Admin\AppData\Local\e704j1c4\unregmp2.exe
          C:\Users\Admin\AppData\Local\e704j1c4\unregmp2.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:824

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\EiNqRsW\VERSION.dll
          Filesize

          1.2MB

          MD5

          ebea95355453b0302f9661280e106a7e

          SHA1

          7ac502d5e42d050d994cecc0a8b3bdbf2fcebf24

          SHA256

          8317abbdbd1321f804cdb630606a6c9d154b36101a062d1afaa2a998034ec63b

          SHA512

          0ce294fd4c367811a00367fb2eaee67c6cec23492ba28821e40d450e8ae99d8bb93358e67f94d80605c829eb8af057d5f6009b5e3622cb5493372cad725d079e

          Download Submit

        • C:\Users\Admin\AppData\Local\EiNqRsW\cmstp.exe
          Filesize

          96KB

          MD5

          4cc43fe4d397ff79fa69f397e016df52

          SHA1

          8fd6cf81ad40c9b123cd75611860a8b95c72869c

          SHA256

          f2d3905ee38b2b5c0b724d582f14eb1db7621ffb8f3826df686a20784341614c

          SHA512

          851ef9fa5a03ec8b9fea0094c6e4bfa0b9e71cee3412ee86b2dfc34682aa5fb6455fefe7fc0092b711956d7c880cf8a5761b63ee990aa8e72f3473086ac0f157

          Download Submit

        • C:\Users\Admin\AppData\Local\e704j1c4\VERSION.dll
          Filesize

          1.2MB

          MD5

          36c9894d3782d8bada7ab64322897155

          SHA1

          babf35126e5073c81dbf65aa9ca7496040cd328d

          SHA256

          d50f1e809db0dd87f0fa7ebb9c9ef6c8ec08d53dac58c031b10dab52b0b92b93

          SHA512

          87971e759e1dfa2c26b21e10368c72dec07369157792b96feaa97c57349fb13462b5f5503cff0f74bbaff598bcd947046d5f9605537ab94690d00977b6de6c22

          Download Submit

        • C:\Users\Admin\AppData\Local\e704j1c4\unregmp2.exe
          Filesize

          259KB

          MD5

          a6fc8ce566dec7c5873cb9d02d7b874e

          SHA1

          a30040967f75df85a1e3927bdce159b102011a61

          SHA256

          21f41fea24dddc8a32f902af7b0387a53a745013429d8fd3f5fa6916eadc839d

          SHA512

          f83e17dd305eb1bc24cca1f197e2440f9b501eafb9c9d44ede7c88b1520030a87d059bdcb8eadeac1eaedabcbc4fe50206821965d73f0f6671e27edd55c01cbc

          Download Submit

        • C:\Users\Admin\AppData\Local\jBL\DUI70.dll
          Filesize

          1.4MB

          MD5

          e32471d4b4e5b74ed176f30fd2916d7f

          SHA1

          8fdacdc47841b73e53047534b7b8e2117090cd37

          SHA256

          fc8c25316cbbc9789f74ea3b864c647f4fcb374861fe6ab0d566edc0465d6c93

          SHA512

          8ea92f0dbd1771b17cf86a01e604ca365578dad008892a434c1c8f9258e0e623b8fb7007bbb333eb4b98817f7c8b1584dd2abc58025b9f3fe1d10818be2a0d07

          Download Submit

        • C:\Users\Admin\AppData\Local\jBL\wlrmdr.exe
          Filesize

          66KB

          MD5

          ef9bba7a637a11b224a90bf90a8943ac

          SHA1

          4747ec6efd2d41e049159249c2d888189bb33d1d

          SHA256

          2fda95aafb2e9284c730bf912b93f60a75b151941adc14445ed1e056140325b1

          SHA512

          4c1fdb8e4bf25546a2a33c95268593746f5ae2666ce36c6d9ba5833357f13720c4722231224e82308af8c156485a2c86ffd97e3093717a28d1300d3787ef1831

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Tuujykmh.lnk
          Filesize

          1KB

          MD5

          f7e574394676108d293018758a4af8c1

          SHA1

          dadb768f2b94e5f1e3ed2a8340b095d4f123fb35

          SHA256

          c10314d52e58b689c78a007848ef1fb24c7590aaf9d639eb558f87748328ad1a

          SHA512

          33a5bd05dc68a6785b8857d607dbd4ede492e01ba02976fce0b4e5508b6154d40b9f123c32995ea0aa477ec07b8bdf75ba93a7c1fe261469e3ef6a6d100796fa

          Download Submit

        • memory/824-85-0x00007FFC3F7C0000-0x00007FFC3F8F2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/824-82-0x000001F7D5570000-0x000001F7D5577000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2648-51-0x00007FFC3F780000-0x00007FFC3F8F7000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2648-45-0x00007FFC3F780000-0x00007FFC3F8F7000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2648-48-0x0000018045EF0000-0x0000018045EF7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3392-29-0x0000000000670000-0x0000000000677000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3392-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-4-0x0000000002110000-0x0000000002111000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3392-23-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-28-0x00007FFC4CE8A000-0x00007FFC4CE8B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3392-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-31-0x00007FFC4E190000-0x00007FFC4E1A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3392-35-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-6-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3392-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3400-0-0x000001D857EF0000-0x000001D857EF7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3400-38-0x00007FFC30BD0000-0x00007FFC30D01000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3400-2-0x00007FFC30BD0000-0x00007FFC30D01000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/5112-68-0x00007FFC3F7C0000-0x00007FFC3F8F2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/5112-65-0x000001B700F90000-0x000001B700F97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/5112-62-0x00007FFC3F7C0000-0x00007FFC3F8F2000-memory.dmp

          Filesize

          1.2MB

          Download