Overview

overview

10

Static

static

3

74cac0f859...18.dll

windows7-x64

10

74cac0f859...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    30-07-2024 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74cac0f8595da4ae3dbbc1e923c8ce02_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    74cac0f8595da4ae3dbbc1e923c8ce02

  • SHA1

    9d6e13762082cbee6a60eb76e4d5bbf48e5743f6

  • SHA256

    5532880b11bd9338a1512bd6dc6b81a629d4022c15930ef5646f854b8599a9ad

  • SHA512

    2166d74cef05f332ff43a4dc0dea9c2280405a4454e2c2a9ad4a7193cb1481c8beaa40e7c81b2b06b6af96d4cbd52f49d741911ff00c08d3108c5869a0c30346

  • SSDEEP

    24576:JuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NR:b9cKrUqZWLAcUJ

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\74cac0f8595da4ae3dbbc1e923c8ce02_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2412
  • C:\Windows\system32\Dxpserver.exe
    C:\Windows\system32\Dxpserver.exe
    1⤵
      PID:3004
    • C:\Users\Admin\AppData\Local\zHNPQy\Dxpserver.exe
      C:\Users\Admin\AppData\Local\zHNPQy\Dxpserver.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2884
    • C:\Windows\system32\eudcedit.exe
      C:\Windows\system32\eudcedit.exe
      1⤵
        PID:2668
      • C:\Users\Admin\AppData\Local\6RW\eudcedit.exe
        C:\Users\Admin\AppData\Local\6RW\eudcedit.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2300
      • C:\Windows\system32\mspaint.exe
        C:\Windows\system32\mspaint.exe
        1⤵
          PID:1104
        • C:\Users\Admin\AppData\Local\81MwsinR7\mspaint.exe
          C:\Users\Admin\AppData\Local\81MwsinR7\mspaint.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:580

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\6RW\eudcedit.exe
          Filesize

          351KB

          MD5

          35e397d6ca8407b86d8a7972f0c90711

          SHA1

          6b39830003906ef82442522d22b80460c03f6082

          SHA256

          1f64118bdc3515e8e9fce6ad182f6d0c8a6528d638fedb4901a6152cde4c7cde

          SHA512

          71b0c4ac120e5841308b0c19718bdc28366b0d79c8177091328ef5421392b9ee5e4758816ffb8c0977f178e1b33ed064f64781eaf7d6952878dc8aea402f035e

          Download Submit

        • C:\Users\Admin\AppData\Local\81MwsinR7\MFC42u.dll
          Filesize

          1.2MB

          MD5

          a1520cb59fab21e6b59ab700e32f978c

          SHA1

          09d500e0b17a309dfcc72c298d2479b46d8ea327

          SHA256

          4eeb09b035ddb8247c0f970bcf32cd6093e1ea5b12defbf23a83a819748c3efd

          SHA512

          b83d47566c69ec4763a5961a0192e8c423e0504a2b71db5d5bf555cd934f426a4e8759d5fc575543d3a1281719ee998ab4fe91b8d9a7e95c416d07c019386cf1

          Download Submit

        • C:\Users\Admin\AppData\Local\81MwsinR7\mspaint.exe
          Filesize

          6.4MB

          MD5

          458f4590f80563eb2a0a72709bfc2bd9

          SHA1

          3f97dc3bd1467c710c6a8d26b97bb6cf47deb4c6

          SHA256

          ff923c051ae380bf30d749ebe9cf310ccab6572d84eb81b76fb1012bcbdf557f

          SHA512

          e34500658dbe105a704fff6988b75d13aa9931adfd585b8ce1f023c61abd573d58067ee1f43e80076729ba99c9a00c17eb8cfcfac9c3d271d76bd251ccab1681

          Download Submit

        • C:\Users\Admin\AppData\Local\zHNPQy\Dxpserver.exe
          Filesize

          259KB

          MD5

          4d38389fb92e43c77a524fd96dbafd21

          SHA1

          08014e52f6894cad4f1d1e6fc1a703732e9acd19

          SHA256

          070bc95c486c15d2edc3548ba416dc9565ead401cb03a0472f719fb55ac94e73

          SHA512

          02d8d130cff2b8de15139d309e1cd74a2148bb786fd749e5f22775d45e193b0f75adf40274375cabce33576480ff20456f25172d29a034cd134b8084d40a67ba

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dwxzrb.lnk
          Filesize

          892B

          MD5

          f1d7f6fdfb2fe9e2f08ad1583ded3b29

          SHA1

          35225c82e06906b34377786e7a094998f3f89181

          SHA256

          e99c5987d1abb9342c268f208f1db9a2eb3e9abf38fcd483a9064c78b1677843

          SHA512

          2699d4b5c7190de95df913f93a90802fdd8bd9eaf08d56bb89c71a8cbee7998ad2b1ed960e66bd3aa187e7d0c667ff683a9e01bbccfc97c00fdc7e7864ab399c

          Download Submit

        • \Users\Admin\AppData\Local\6RW\MFC42u.dll
          Filesize

          1.2MB

          MD5

          eade623b69fee3f34101839673d8d487

          SHA1

          95aa122c996caba37ba1a66fea12693ba0c6693e

          SHA256

          cff0da0ae5e67112a91a34b8f0ec1617db9dee69b3d1d752c61ebe2187e1d48a

          SHA512

          9d526ab7c9c1c39ce764482b2ac823d40e6775a45e738635db0300990ff5f6a9643d54f58bd6b526ca799a29b266e8dec087aaf45634fc5e0a80a951f606ab89

          Download Submit

        • \Users\Admin\AppData\Local\zHNPQy\dwmapi.dll
          Filesize

          1.2MB

          MD5

          65a0e8954c61cb7c162599b702431f45

          SHA1

          f4e55da137081ac0fb19a27a8c1beff03a869b0b

          SHA256

          9ee376c18c78e79e157de20b6863bef30b78191a696bab477bfd4c2aa92cbd41

          SHA512

          82859f6b049b615a82430f86243df04043b6ae164cfd24eac9ddc9e0cd500cab3d4cabd072fc5de314c006b2b0023f80b4ea2f08b38cb785cc46634d256a155f

          Download Submit

        • memory/580-88-0x000007FEF5CC0000-0x000007FEF5DF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-30-0x0000000077030000-0x0000000077032000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1240-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-4-0x0000000076D96000-0x0000000076D97000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1240-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-34-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-33-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-5-0x00000000025A0000-0x00000000025A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1240-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-26-0x0000000002580000-0x0000000002587000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1240-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1240-29-0x0000000076EA1000-0x0000000076EA2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2300-72-0x000007FEF5CC0000-0x000007FEF5DF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2300-68-0x000007FEF5CC0000-0x000007FEF5DF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2412-42-0x000007FEF5CC0000-0x000007FEF5DF1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2412-0-0x000007FEF5CC0000-0x000007FEF5DF1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2412-3-0x00000000002A0000-0x00000000002A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2884-53-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2884-55-0x000007FEF65D0000-0x000007FEF6702000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2884-50-0x000007FEF65D0000-0x000007FEF6702000-memory.dmp

          Filesize

          1.2MB

          Download