Overview

overview

10

Static

static

3

79fe22837f...18.dll

windows7-x64

10

79fe22837f...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-07-2024 20:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79fe22837f3351cc4c4734412120ec9c_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    79fe22837f3351cc4c4734412120ec9c

  • SHA1

    85bbcddc95e1a7bbb460f48b44990406d8ae7105

  • SHA256

    c28471b6d5b4dfb26f7cc16f94d090fee743872676ecf36458a0f86ffd1d0a14

  • SHA512

    cbf2ebf4248aa17ae04768c2b855a513ec07adac6c713ef9105a9ec0ef1b535258d08823e1e57ce4ebda7acca71e5ae23200e5b0a40779debffb9d796b1f45a8

  • SSDEEP

    24576:GuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:m9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\79fe22837f3351cc4c4734412120ec9c_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4488
  • C:\Windows\system32\CloudNotifications.exe
    C:\Windows\system32\CloudNotifications.exe
    1⤵
      PID:1548
    • C:\Users\Admin\AppData\Local\lP9EE9Ott\CloudNotifications.exe
      C:\Users\Admin\AppData\Local\lP9EE9Ott\CloudNotifications.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:232
    • C:\Windows\system32\MusNotificationUx.exe
      C:\Windows\system32\MusNotificationUx.exe
      1⤵
        PID:2440
      • C:\Users\Admin\AppData\Local\ZuL\MusNotificationUx.exe
        C:\Users\Admin\AppData\Local\ZuL\MusNotificationUx.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2688
      • C:\Windows\system32\wscript.exe
        C:\Windows\system32\wscript.exe
        1⤵
          PID:1136
        • C:\Users\Admin\AppData\Local\qP75WjmLJ\wscript.exe
          C:\Users\Admin\AppData\Local\qP75WjmLJ\wscript.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1892

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\ZuL\MusNotificationUx.exe
          Filesize

          615KB

          MD5

          869a214114a81712199f3de5d69d9aad

          SHA1

          be973e4188eff0d53fdf0e9360106e8ad946d89f

          SHA256

          405c2df9a36d7cfb5c8382c96f04792eb88c11a6cfa36b1d2ec3e0bec8d17361

          SHA512

          befcdeb8de6e68b9ee0bacd4cbc80f7393a0213d4039b239c98585e0cd5db1755c75559a62372374cbfb7132b6a7973ea9e6a31952e0e0ba007079c56e6d9012

          Download Submit

        • C:\Users\Admin\AppData\Local\ZuL\XmlLite.dll
          Filesize

          1.2MB

          MD5

          cd1ced7c5bc80672835516b64516aa2a

          SHA1

          f8e41b3a2e52291b885eb4cd7662da4448aba8c1

          SHA256

          db87a86579b7d47970c5948d09b995b64834a0bca7eeebea3a9803c263c1b3e5

          SHA512

          5709f657d5ecfa2ab8a54c6cd5a78dce54e9c75bcc473b5f5540d98fe47677e4fadd9e41f3d676ea06675f3c72b92a58819194e7ebf38b50cfb993f3adec3319

          Download Submit

        • C:\Users\Admin\AppData\Local\lP9EE9Ott\CloudNotifications.exe
          Filesize

          59KB

          MD5

          b50dca49bc77046b6f480db6444c3d06

          SHA1

          cc9b38240b0335b1763badcceac37aa9ce547f9e

          SHA256

          96e7e1a3f0f4f6fc6bda3527ab8a739d6dfcab8e534aa7a02b023daebb3c0775

          SHA512

          2a0504ca336e86b92b2f5eff1c458ebd9df36c496331a7247ef0bb8b82eabd86ade7559ddb47ca4169e8365a97e80e5f1d3c1fc330364dea2450608bd692b1d3

          Download Submit

        • C:\Users\Admin\AppData\Local\lP9EE9Ott\UxTheme.dll
          Filesize

          1.2MB

          MD5

          b091db7c06b6d442b6d01568761ddeeb

          SHA1

          cd3c4304973b07b5a200d3a26bdc8c3eed3f7462

          SHA256

          9c189c62cf52d9ae459e0bb20409359b754a1e7d8980e91d6a0b2274ff945636

          SHA512

          b3ec13fcd4dc721b8d0ed2e3d70a3a5380ac012bce2c012b79b03ba7aba334ebf5d6eceb80190f84919b45df91c1f7943a4c24adc2c83ff324bccb3c1368b4a1

          Download Submit

        • C:\Users\Admin\AppData\Local\qP75WjmLJ\VERSION.dll
          Filesize

          1.2MB

          MD5

          cebe1fe110e3c862306ffd1a880f5cf7

          SHA1

          403da9ff824be3b27cf50397e03b3c7da8e39866

          SHA256

          3a80baa8ade9894b1dc7757d1f1f2ab6f0ec9699082ac36924a0a2d6c5878f11

          SHA512

          f16b30ad9e1547465612116b2b37dd3ff4616a664445b4bcc9476b9095e9eb26a476841e592be878713ee6b9f3e610afa0ea6cac94594470e577233a1337137c

          Download Submit

        • C:\Users\Admin\AppData\Local\qP75WjmLJ\wscript.exe
          Filesize

          166KB

          MD5

          a47cbe969ea935bdd3ab568bb126bc80

          SHA1

          15f2facfd05daf46d2c63912916bf2887cebd98a

          SHA256

          34008e2057df8842df210246995385a0441dc1e081d60ad15bd481e062e7f100

          SHA512

          f5c81e6dc4d916944304fc85136e1ff6dee29a21e50a54fe6280a475343eccbfe094171d62475db5f38e07898c061126158c34d48b9d8f4f57f76d49e564e3fc

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rnqxvswjyjuqjvh.lnk
          Filesize

          1KB

          MD5

          16351263a4fb005cf17186fe6cae70c7

          SHA1

          23cdc9b7ce3990efab895f534c1f623423cb6cb7

          SHA256

          9cf78ac7cb6a4ea3655f9bc0b11d965fcf4101082f0932d5fda8c86ff05a34c8

          SHA512

          88dc73a2ce9b2451cb6344e653f9924110e62512f4c564eec2213f59d90ebeb887351778aaa0c17de703b61c86081ac4fc10f70895e18ad685b25c18a96440ff

          Download Submit

        • memory/232-49-0x000001518F840000-0x000001518F847000-memory.dmp

          Filesize

          28KB

          Download

        • memory/232-46-0x00007FFCBFA10000-0x00007FFCBFB42000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/232-52-0x00007FFCBFA10000-0x00007FFCBFB42000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1892-83-0x000002123CD20000-0x000002123CD27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1892-86-0x00007FFCBFA10000-0x00007FFCBFB42000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2688-66-0x000001F32B610000-0x000001F32B617000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2688-63-0x00007FFCBF770000-0x00007FFCBF8A2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2688-69-0x00007FFCBF770000-0x00007FFCBF8A2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-28-0x00007FFCCC0FA000-0x00007FFCCC0FB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3556-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-36-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-4-0x00000000027F0000-0x00000000027F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3556-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-6-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-29-0x0000000000B00000-0x0000000000B07000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3556-30-0x00007FFCCE030000-0x00007FFCCE040000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3556-24-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3556-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4488-0-0x0000016D7D1B0000-0x0000016D7D1B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4488-39-0x00007FFCBFA10000-0x00007FFCBFB41000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4488-2-0x00007FFCBFA10000-0x00007FFCBFB41000-memory.dmp

          Filesize

          1.2MB

          Download