Overview

overview

10

Static

static

3

7cb39a9582...18.dll

windows7-x64

10

7cb39a9582...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-07-2024 14:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7cb39a958205ae575a11bcfbecd2923b_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    7cb39a958205ae575a11bcfbecd2923b

  • SHA1

    c098dbee02a9f5b0185a097d2907d05611c06d5d

  • SHA256

    c239b07bc04c591ebb22d3ec9be5a81b73b5b36b80b867e49447284c180ad00d

  • SHA512

    6897ce3683f63a898fb5859a8641833cc0bf230275f1cf5d8d1741b483ef660ab5ba7c323fecd9c8f28abcf5d606c4098a2e12dc9779c0016bae9eee43e06f34

  • SSDEEP

    24576:5uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:r9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cb39a958205ae575a11bcfbecd2923b_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4028
  • C:\Windows\system32\BdeUISrv.exe
    C:\Windows\system32\BdeUISrv.exe
    1⤵
      PID:2508
    • C:\Users\Admin\AppData\Local\6mZGyw\BdeUISrv.exe
      C:\Users\Admin\AppData\Local\6mZGyw\BdeUISrv.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2756
    • C:\Windows\system32\Narrator.exe
      C:\Windows\system32\Narrator.exe
      1⤵
        PID:3796
      • C:\Users\Admin\AppData\Local\gTuNQYzr\Narrator.exe
        C:\Users\Admin\AppData\Local\gTuNQYzr\Narrator.exe
        1⤵
        • Executes dropped EXE
        PID:3848
      • C:\Windows\system32\ie4uinit.exe
        C:\Windows\system32\ie4uinit.exe
        1⤵
          PID:1552
        • C:\Users\Admin\AppData\Local\b5Acxn\ie4uinit.exe
          C:\Users\Admin\AppData\Local\b5Acxn\ie4uinit.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4112
        • C:\Windows\system32\CloudNotifications.exe
          C:\Windows\system32\CloudNotifications.exe
          1⤵
            PID:3312
          • C:\Users\Admin\AppData\Local\i0k\CloudNotifications.exe
            C:\Users\Admin\AppData\Local\i0k\CloudNotifications.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:3648

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\6mZGyw\BdeUISrv.exe
            Filesize

            54KB

            MD5

            8595075667ff2c9a9f9e2eebc62d8f53

            SHA1

            c48b54e571f05d4e21d015bb3926c2129f19191a

            SHA256

            20b05c77f898be08737082e969b39f54fa39753c8c0a06142eb7ad5e0764a2db

            SHA512

            080dbcdd9234c07efe6cea4919ffa305fdc381ccebed9d1020dd6551b54e20e52387e62a344502fa4a85249defd0f9b506528b8dd34675bc9f51f664b8fc4d88

            Download Submit

          • C:\Users\Admin\AppData\Local\6mZGyw\WTSAPI32.dll
            Filesize

            1.2MB

            MD5

            2c7feb994d0f788cf687e6f3982c204f

            SHA1

            247c688f18203d200a8bf14a73ff6af64c27fc37

            SHA256

            10bdf5d7bcb8e0b9c6f45039c4ffd6823db432b8f4a98e7b8e29ef8d80b998c6

            SHA512

            09aa4532409959fbc5891b407d172f3de6f1948adf64c66cbfcebc40914d9cf4033a80c681a88d8a5edccb13c5618ef2e17b48f521d50433091c78723bd9f58a

            Download Submit

          • C:\Users\Admin\AppData\Local\b5Acxn\VERSION.dll
            Filesize

            1.2MB

            MD5

            98f74ffe892fced3bcfa1a1d645164a9

            SHA1

            aa2f43fa6dfd7186b44f71ada3cee1cce0284cf5

            SHA256

            2ad01bf4d9f8f2c1beb68cc7c6629174872c12f54de57bb4d5a1f93106713ea6

            SHA512

            7a331b8055437ba4a65f416b8a2ca144b09b3ef3a680bdad94276d875d9a85b7aebf4fab38801a686369231deab8f394b1e11d996b6b16862a4ae1a21c0bcfab

            Download Submit

          • C:\Users\Admin\AppData\Local\b5Acxn\ie4uinit.exe
            Filesize

            262KB

            MD5

            a2f0104edd80ca2c24c24356d5eacc4f

            SHA1

            8269b9fd9231f04ed47419bd565c69dc677fab56

            SHA256

            5d85c4d62cc26996826b9d96a9153f7e05a2260342bd913b3730610a1809203c

            SHA512

            e7bb87f9f6c82cb945b95f62695be98b3fa827a24fa8c4187fe836d4e7d3e7ae3b95101edd3c41d65f6cb684910f5954a67307d450072acd8d475212db094390

            Download Submit

          • C:\Users\Admin\AppData\Local\gTuNQYzr\Narrator.exe
            Filesize

            521KB

            MD5

            d92defaa4d346278480d2780325d8d18

            SHA1

            6494d55b2e5064ffe8add579edfcd13c3e69fffe

            SHA256

            69b8c93d9b262b36e2bdc223cc0d6e312cc471b49d7cc36befbba1f863a05d83

            SHA512

            b82c0fbc07361e4ad6e4ab171e55e1e41e9312ba995dce90696ca90f734f5d1ea11371ca046e8680ea566a1c2e0643ab86f1f6dcf6cbd05aed8448425a2830b5

            Download Submit

          • C:\Users\Admin\AppData\Local\i0k\CloudNotifications.exe
            Filesize

            59KB

            MD5

            b50dca49bc77046b6f480db6444c3d06

            SHA1

            cc9b38240b0335b1763badcceac37aa9ce547f9e

            SHA256

            96e7e1a3f0f4f6fc6bda3527ab8a739d6dfcab8e534aa7a02b023daebb3c0775

            SHA512

            2a0504ca336e86b92b2f5eff1c458ebd9df36c496331a7247ef0bb8b82eabd86ade7559ddb47ca4169e8365a97e80e5f1d3c1fc330364dea2450608bd692b1d3

            Download Submit

          • C:\Users\Admin\AppData\Local\i0k\UxTheme.dll
            Filesize

            1.2MB

            MD5

            6176ad0422b098c49aa58c0598dff0a2

            SHA1

            876b8a8123a7244f159e6d5276e93fefcb101b1b

            SHA256

            a129036b6d7b7df2cb80ce01a8cb266f6c0e87b6ffd067f935f9f4de5e78c688

            SHA512

            5c15a77218254ff8c9fa2da83e7034700137b171d15407cd7fab7b128b5d45d161a8250b50c58c37f6b5a8117a3ac4f13dac8e8bfdcac24ff156e03dba4ca8e2

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Vavjtzlerlz.lnk
            Filesize

            1KB

            MD5

            dfa1b84904951238514543cf8f17ac80

            SHA1

            c05a6df0aa8db12fc4250ae8302fa8dd0de00015

            SHA256

            2d95ecbfe08dcc4724e0fa27ff8ff84e1cbb66babc18d42f999f107345b034b0

            SHA512

            0890805cb946ad1979f5842f0114754c28fb967a53050b2e212f6167b993a00c8d4db054733bb1126ff1f2ec1065dea7ce912257d9b00e4bbfdbab9f117d4be5

            Download Submit

          • memory/2756-51-0x00007FF9D4B50000-0x00007FF9D4C82000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2756-48-0x000001D00DEE0000-0x000001D00DEE7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2756-45-0x00007FF9D4B50000-0x00007FF9D4C82000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-33-0x0000000000D00000-0x0000000000D07000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3448-15-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-10-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-9-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-8-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-7-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-6-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-4-0x0000000002C70000-0x0000000002C71000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3448-13-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-11-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-32-0x00007FF9E1B6A000-0x00007FF9E1B6B000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3448-14-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-34-0x00007FF9E3490000-0x00007FF9E34A0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3448-35-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-23-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-12-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3648-93-0x00007FF9D4B50000-0x00007FF9D4C82000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4028-0-0x00007FF9D4B50000-0x00007FF9D4C81000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4028-38-0x00007FF9D4B50000-0x00007FF9D4C81000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4028-3-0x0000025D372F0000-0x0000025D372F7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4112-77-0x00007FF9D4B50000-0x00007FF9D4C82000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4112-74-0x000001D1D29F0000-0x000001D1D29F7000-memory.dmp

            Filesize

            28KB

            Download