Overview

overview

10

Static

static

3

7800b9d0be...18.dll

windows7-x64

10

7800b9d0be...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    30-07-2024 15:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7800b9d0be9bce9e13706e9a738321cc_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    7800b9d0be9bce9e13706e9a738321cc

  • SHA1

    6e4efb0b9602f6400ae735dc734f94faeeaede35

  • SHA256

    d2f5888941801c183beb9683356f780eaf0b66a94b595a8db0a52b32db5034d1

  • SHA512

    dbb62a792651abc3f2a5d2a689f52c58eebdd7c6f448d2f10579f961f6691ef3e37079afe81dd52580cbd2aa2bb02228a06240d8aca4e83667c66c1e6007c68a

  • SSDEEP

    24576:HuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NXwF:p9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7800b9d0be9bce9e13706e9a738321cc_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2076
  • C:\Windows\system32\BitLockerWizard.exe
    C:\Windows\system32\BitLockerWizard.exe
    1⤵
      PID:2912
    • C:\Users\Admin\AppData\Local\e0bbIfNJI\BitLockerWizard.exe
      C:\Users\Admin\AppData\Local\e0bbIfNJI\BitLockerWizard.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2632
    • C:\Windows\system32\tabcal.exe
      C:\Windows\system32\tabcal.exe
      1⤵
        PID:2728
      • C:\Users\Admin\AppData\Local\Aoa\tabcal.exe
        C:\Users\Admin\AppData\Local\Aoa\tabcal.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2340
      • C:\Windows\system32\mblctr.exe
        C:\Windows\system32\mblctr.exe
        1⤵
          PID:1076
        • C:\Users\Admin\AppData\Local\wjSI8UxS\mblctr.exe
          C:\Users\Admin\AppData\Local\wjSI8UxS\mblctr.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:564

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Aoa\HID.DLL
          Filesize

          1.2MB

          MD5

          a278386034909e40696de209b501ad5b

          SHA1

          d256913c61be2fab904df019743bf8583d9400a0

          SHA256

          78b9264eab781cc168283d0be6f8565e7b26948013b8a80573e51d3108da9ee1

          SHA512

          de9ca2d0b9c829e880886822111c17184252208b58cfbc1f740e932184d0b49334ba5fda080d8cc581edb53e900e97594912b63a75d65c01f2efbb5a94a443f9

          Download Submit

        • C:\Users\Admin\AppData\Local\Aoa\tabcal.exe
          Filesize

          77KB

          MD5

          98e7911befe83f76777317ce6905666d

          SHA1

          2780088dffe1dd1356c5dd5112a9f04afee3ee8d

          SHA256

          3fe8b63367b4298e70d46e87ce04cc7af5f30dfdb86b79eae41d0731d9415ea1

          SHA512

          fc0226381d9a6984cccac8282697c78966524e1359f7f6044559b8223e773d3c108dda08a2dd283aa171dca3390801f2c92a5d1dbb978dd7f92a67bd8877b8b6

          Download Submit

        • C:\Users\Admin\AppData\Local\e0bbIfNJI\FVEWIZ.dll
          Filesize

          1.2MB

          MD5

          04f376a457edcd4613dd583f1c9fd682

          SHA1

          c8c24774d5fa7afdd3ac137649cb39fa8043cc26

          SHA256

          645bda6c20afe326bcd6d296716cef4231278fcd3c98499c7a993acde438fc5f

          SHA512

          fdb988e60f85557b4d8b02a8644613e3497cf843caea040cfa23bf267ad0ffbd8c318a8d5d4a2436666da92d941d149ba71dfc4ee1be8968d089f282c6a8fca3

          Download Submit

        • C:\Users\Admin\AppData\Local\wjSI8UxS\UxTheme.dll
          Filesize

          1.2MB

          MD5

          05efe31080b58c879f08a6033dd9c0b0

          SHA1

          074bd2bfa07bd241568dade3a47574b978c891e7

          SHA256

          79e6048676eab60bd9eaeb2fb0c83ad80f80c2a77ecca91d27d1474d5b6eff5d

          SHA512

          b3a8d8dc6959a056285686f6c663bd2ce896ff6e3aa18411a8ead52e6a4a50c025989b77e2496257349cb9ddd65c05db25c5252a5d3651d8161d52bfaf1747e8

          Download Submit

        • C:\Users\Admin\AppData\Local\wjSI8UxS\mblctr.exe
          Filesize

          935KB

          MD5

          fa4c36b574bf387d9582ed2c54a347a8

          SHA1

          149077715ee56c668567e3a9cb9842284f4fe678

          SHA256

          b71cdf708d4a4f045f784de5e5458ebf9a4fa2b188c3f7422e2fbfe19310be3f

          SHA512

          1f04ce0440eec7477153ebc2ce56eaabcbbac58d9d703c03337f030e160d22cd635ae201752bc2962643c75bbf2036afdd69d97e8cbc81260fd0e2f55946bb55

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Filabyuswgwl.lnk
          Filesize

          988B

          MD5

          bc9e3f9158a4da81c13bfd2bdff03973

          SHA1

          3c3564d971599ac5d73737d15fc0b870c622660d

          SHA256

          ab321459a2694db1029d7e2bd402a411a4933e1762aa735ee93917794299e232

          SHA512

          8c9d7ab2caa922455187a6cd935ce71f7f28cf8744f53c3d3e6008df8d16aa69ba8ffe72435bb91d038c57e334b716b0a89ce7d33e36bb9dce5168f300b0fbee

          Download Submit

        • \Users\Admin\AppData\Local\e0bbIfNJI\BitLockerWizard.exe
          Filesize

          98KB

          MD5

          08a761595ad21d152db2417d6fdb239a

          SHA1

          d84c1bc2e8c9afce9fb79916df9bca169f93a936

          SHA256

          ec0b9e5f29a43f9db44fa76b85701058f26776ab974044c1d4741591b74d0620

          SHA512

          8b07828e9c0edf09277f89294b8e1a54816f6f3d1fe132b3eb70370b81feb82d056ec31566793bd6f451725f79c3b4aeedb15a83216115e00943e0c19cab37c9

          Download Submit

        • memory/564-96-0x000007FEF5F30000-0x000007FEF6067000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/564-93-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1192-14-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-11-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-12-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-15-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-29-0x0000000077020000-0x0000000077022000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1192-28-0x0000000076E91000-0x0000000076E92000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-24-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-16-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-25-0x0000000002DF0000-0x0000000002DF7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1192-38-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-37-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-4-0x0000000076D86000-0x0000000076D87000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-5-0x0000000002E10000-0x0000000002E11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-13-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-10-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-9-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-74-0x0000000076D86000-0x0000000076D87000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-7-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1192-8-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2076-0-0x00000000002C0000-0x00000000002C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2076-45-0x000007FEF6530000-0x000007FEF6666000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2076-2-0x000007FEF6530000-0x000007FEF6666000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2340-71-0x000007FEF5F30000-0x000007FEF6067000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2340-78-0x000007FEF5F30000-0x000007FEF6067000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2340-75-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2632-59-0x000007FEF6530000-0x000007FEF6667000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2632-56-0x00000000000A0000-0x00000000000A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2632-53-0x000007FEF6530000-0x000007FEF6667000-memory.dmp

          Filesize

          1.2MB

          Download