Overview

overview

10

Static

static

3

799a60a131...18.dll

windows7-x64

10

799a60a131...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-07-2024 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    799a60a13199faa45a6c016aa9721706_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    799a60a13199faa45a6c016aa9721706

  • SHA1

    c572d26d09ad7f652f1327e3a3c2caa8358ee55b

  • SHA256

    7c708981d426ade7e53c8627a4ae6994591f2ea2787291535cf782aefbd588cc

  • SHA512

    c8a70ac097d28c18cfb1b0176d8c45323cd0752f7d9076196bf62b123fbff62896aba4052d687dab27e4aaf8d4fe7d9487b05bbf308e385adfab2533186c3356

  • SSDEEP

    24576:iuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:q9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\799a60a13199faa45a6c016aa9721706_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3184
  • C:\Windows\system32\OptionalFeatures.exe
    C:\Windows\system32\OptionalFeatures.exe
    1⤵
      PID:5044
    • C:\Users\Admin\AppData\Local\iMm0\OptionalFeatures.exe
      C:\Users\Admin\AppData\Local\iMm0\OptionalFeatures.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3548
    • C:\Windows\system32\LicensingUI.exe
      C:\Windows\system32\LicensingUI.exe
      1⤵
        PID:4268
      • C:\Users\Admin\AppData\Local\mI6P\LicensingUI.exe
        C:\Users\Admin\AppData\Local\mI6P\LicensingUI.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3652
      • C:\Windows\system32\SysResetErr.exe
        C:\Windows\system32\SysResetErr.exe
        1⤵
          PID:1472
        • C:\Users\Admin\AppData\Local\mmWVQrBl\SysResetErr.exe
          C:\Users\Admin\AppData\Local\mmWVQrBl\SysResetErr.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4752

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\iMm0\OptionalFeatures.exe
          Filesize

          110KB

          MD5

          d6cd8bef71458804dbc33b88ace56372

          SHA1

          a18b58445be2492c5d37abad69b5aa0d29416a60

          SHA256

          fa2e741416994f2c1bf9ef7a16b9c4dbf20c84267e3da91ae6f1ad75ee9f49b8

          SHA512

          1bed8af2cf99a7f3bb36a34f4a71c34787904bd072ecdc731fb7498290dcf4024b956fb8b6912ad050b74aa861f0b0349081b77088f72732bda5075413b1f83d

          Download Submit

        • C:\Users\Admin\AppData\Local\iMm0\appwiz.cpl
          Filesize

          1.2MB

          MD5

          50f84c31425bbe9f0d9ed1d9e42c8c35

          SHA1

          b98daa35b1d8b46663a1e6bf80728b7ae2f304f1

          SHA256

          24d28680163117a3705671dcad5a24130669c5ab122fe887b0c1f17cf787f514

          SHA512

          87cbb33e7c97021b05088ccda341c79afbeefca79b2f5f3e26c876f8998628fe7b454fcb53356ae618193d0769b08bc262c77ca580b22879be1f54a72e19d7fa

          Download Submit

        • C:\Users\Admin\AppData\Local\mI6P\DUI70.dll
          Filesize

          1.4MB

          MD5

          e81412d615e4695e9fae4ef910197856

          SHA1

          a10f3d96104aa5e2798e1bf9face9f4d5d9a4852

          SHA256

          568b03707b8facaadc54cc2eddccc1e1ce308f7e594f69bc3530ab0c198a31c0

          SHA512

          8ab3997cd3e545697a81fa4f8687417d8330c35da786e7d45dcaee5a9bf918d7c62405df67f2edce16461520f9814e232cee8fd810173b7213ba656878b963c8

          Download Submit

        • C:\Users\Admin\AppData\Local\mI6P\LicensingUI.exe
          Filesize

          142KB

          MD5

          8b4abc637473c79a003d30bb9c7a05e5

          SHA1

          d1cab953c16d4fdec2b53262f56ac14a914558ca

          SHA256

          0e9eb89aa0df9bb84a8f11b0bb3e9d89905355de34c91508968b4cb78bc3f6c5

          SHA512

          5a40c846c5b3a53ae09114709239d8238c322a7d3758b20ed3fc8e097fc1409f62b4990557c1192e894eabfa89741a9d88bd5175850d039b97dfdf380d1c6eeb

          Download Submit

        • C:\Users\Admin\AppData\Local\mmWVQrBl\DUI70.dll
          Filesize

          1.4MB

          MD5

          2b3e9dd99598c926c713dde38e665903

          SHA1

          85d4486cec2c003b53370e64f3a1862e40d09680

          SHA256

          a95152d93dfa30ea3b13128d92e7a7993eaa74e22a1269d3d7bb498bb03d3874

          SHA512

          231b78a5b0f71fb37437753bafb843f49c5be4610064c824c9945bded759e614a68f8d72248e9c18c1fcbe63a4386ee1cd5a35f997ac98aa9289782ed4f798d2

          Download Submit

        • C:\Users\Admin\AppData\Local\mmWVQrBl\SysResetErr.exe
          Filesize

          41KB

          MD5

          090c6f458d61b7ddbdcfa54e761b8b57

          SHA1

          c5a93e9d6eca4c3842156cc0262933b334113864

          SHA256

          a324e3ba7309164f215645a6db3e74ed35c7034cc07a011ebed2fa60fda4d9cd

          SHA512

          c9ef79397f3a843dcf2bcb5f761d90a4bdadb08e2ca85a35d8668cb13c308b275ed6aa2c8b9194a1f29964e0754ad05e89589025a0b670656386a8d448a1f542

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rzzww.lnk
          Filesize

          1013B

          MD5

          7d8e1fc1c8fa81cf5ef96659cadb22b8

          SHA1

          75a00574049f87f1a6663645e232bc884920c7c2

          SHA256

          fa4d8ce553939fa3d189dff768c0cc2a300a04d0e7423d989bf512745f259943

          SHA512

          9f90bbe72888f2a3f4f0d8f92c86f386cd7f5f00b18a0cb288a7b0cb262f852328c3b60608dff16644dd5c4a3868d50df353d3cc4c632ec7a3e840e508068823

          Download Submit

        • memory/3184-0-0x000002B1DEE40000-0x000002B1DEE47000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3184-1-0x00007FF857EE0000-0x00007FF858011000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3184-39-0x00007FF857EE0000-0x00007FF858011000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-32-0x00007FF86033A000-0x00007FF86033B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3508-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-24-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-6-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-33-0x0000000000EE0000-0x0000000000EE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3508-34-0x00007FF862270000-0x00007FF862280000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3508-4-0x00000000028D0000-0x00000000028D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3508-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-36-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3508-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3548-47-0x00007FF857EE0000-0x00007FF858012000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3548-52-0x00007FF857EE0000-0x00007FF858012000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3548-46-0x0000022391CB0000-0x0000022391CB7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3652-63-0x00007FF853770000-0x00007FF8538E7000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3652-69-0x00007FF853770000-0x00007FF8538E7000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3652-66-0x0000023FAB600000-0x0000023FAB607000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4752-80-0x0000020FCDF40000-0x0000020FCDF47000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4752-86-0x00007FF853770000-0x00007FF8538E7000-memory.dmp

          Filesize

          1.5MB

          Download