Overview

overview

10

Static

static

3

82ad4f64c8...18.dll

windows7-x64

10

82ad4f64c8...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-08-2024 02:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82ad4f64c89c3bbbd8cd8e53607071ea_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    82ad4f64c89c3bbbd8cd8e53607071ea

  • SHA1

    c93046e3777bdce827ecc58e9de0420ddc1cd5a1

  • SHA256

    a594d78a5f1c9a6ca8d3b108513c84fcf4d12819dee46890074d5b0688120ac1

  • SHA512

    aed739f5ebac5f5a5c34632e451d0a0c650227650361fe052dcdd7ee76466ad96c3df3eaeac66ddb98a09c7cf9a3ff717897b5e0ff6d8dfd03b86992bc29236d

  • SSDEEP

    24576:muYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:G9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\82ad4f64c89c3bbbd8cd8e53607071ea_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:212
  • C:\Windows\system32\rdpinput.exe
    C:\Windows\system32\rdpinput.exe
    1⤵
      PID:1648
    • C:\Users\Admin\AppData\Local\jUZQ8E2\rdpinput.exe
      C:\Users\Admin\AppData\Local\jUZQ8E2\rdpinput.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1044
    • C:\Windows\system32\wlrmdr.exe
      C:\Windows\system32\wlrmdr.exe
      1⤵
        PID:3516
      • C:\Users\Admin\AppData\Local\FBLN39GJ\wlrmdr.exe
        C:\Users\Admin\AppData\Local\FBLN39GJ\wlrmdr.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1624
      • C:\Windows\system32\recdisc.exe
        C:\Windows\system32\recdisc.exe
        1⤵
          PID:468
        • C:\Users\Admin\AppData\Local\h7RH0Gwo\recdisc.exe
          C:\Users\Admin\AppData\Local\h7RH0Gwo\recdisc.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1808

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\FBLN39GJ\DUI70.dll
          Filesize

          1.4MB

          MD5

          7bb275a24d98e4002b4155c8977193d6

          SHA1

          4233a650d5d6ae1122f6b4c6949a345947aa99e3

          SHA256

          a8697471ce4ed9ddf0a40fff1ad32d87eca475786b93b3925ff64ac98559f0ad

          SHA512

          759b1f8291985e734ecc822605cd7141a6d238e6a553986abb1368cdc9d520f2195f41b0e753e72bbd24ea9af537a736fa80b33f6dd052a953d7c6b6f9be445c

          Download Submit

        • C:\Users\Admin\AppData\Local\FBLN39GJ\wlrmdr.exe
          Filesize

          66KB

          MD5

          ef9bba7a637a11b224a90bf90a8943ac

          SHA1

          4747ec6efd2d41e049159249c2d888189bb33d1d

          SHA256

          2fda95aafb2e9284c730bf912b93f60a75b151941adc14445ed1e056140325b1

          SHA512

          4c1fdb8e4bf25546a2a33c95268593746f5ae2666ce36c6d9ba5833357f13720c4722231224e82308af8c156485a2c86ffd97e3093717a28d1300d3787ef1831

          Download Submit

        • C:\Users\Admin\AppData\Local\h7RH0Gwo\ReAgent.dll
          Filesize

          1.2MB

          MD5

          5cf34a8e86e4c56bf053c4c98eede0ff

          SHA1

          39fb843699f59e88bada9b316d117328f808c0d6

          SHA256

          abb6b7c71389d1dc558da184c98ed658e7a33630082dfebc3987b20451035da5

          SHA512

          ad41d565c8be5a198983edaf241f3e5e1b16273d8c3c2358e57b34c3d610bcf5f5432a9108961f683dff52db3c995bcd4f238a20b8d003d2ab714578359dd361

          Download Submit

        • C:\Users\Admin\AppData\Local\h7RH0Gwo\recdisc.exe
          Filesize

          193KB

          MD5

          18afee6824c84bf5115bada75ff0a3e7

          SHA1

          d10f287a7176f57b3b2b315a5310d25b449795aa

          SHA256

          0787b37cf197595b8149ffe3784f9c59eacde3616011f185513ff5c075a5ac4e

          SHA512

          517356165b401dbebf15437d3b17746aef5a6a4cc62a0afe45966abc92b4cf377eee4514a36ee28b1e88e55a22a2f8a6c997df45971e7f354b66ac7d9e141845

          Download Submit

        • C:\Users\Admin\AppData\Local\jUZQ8E2\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          2f098700b9f3075c0805959648a6d06a

          SHA1

          da21cb446ce77536103c7b024d4c5d5ded7bd5ad

          SHA256

          bf31cc9a318bd3a382a601f5daacca2dd076b55e958c49dc3f2d9a7bed772c07

          SHA512

          abb702947d94f1fba180838b0968a22fcfd6789f1736e0bc4e103ecff87e3827a62b0a3b04f4d3460fc03fc321408a85be9857939976f296b679a8d0ebafe43d

          Download Submit

        • C:\Users\Admin\AppData\Local\jUZQ8E2\rdpinput.exe
          Filesize

          180KB

          MD5

          bd99eeca92869f9a3084d689f335c734

          SHA1

          a2839f6038ea50a4456cd5c2a3ea003e7b77688c

          SHA256

          39bfb2214efeed47f4f5e50e6dff05541e29caeb27966520bdadd52c3d5e7143

          SHA512

          355433c3bbbaa3bcb849633d45713d8a7ac6f87a025732fbe83e259ec3a0cb4eabb18239df26609453f9fc6764c7276c5d0472f11cf12d15ef806aa7594d090e

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ojzvdc.lnk
          Filesize

          1KB

          MD5

          9a0f60f0cb85525e6e9a7de39b21f012

          SHA1

          481ef175da9d3d3fa5358e2a77216031b7084010

          SHA256

          7bdde39507b52ff1ec4eb86256a453a3b506503fc732d7c43d67407322095d9b

          SHA512

          bff4b1cd9aa2764413b7703b5154d312d03f7539025185705e8fede0cd7dfdab1c440e915f2a4f6edd0ba47e39ba8fbf12febd30f96678555dd065adaccfd29f

          Download Submit

        • memory/212-1-0x00007FFC65D90000-0x00007FFC65EC1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/212-39-0x00007FFC65D90000-0x00007FFC65EC1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/212-3-0x0000016F4FEE0000-0x0000016F4FEE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1044-52-0x00007FFC65D90000-0x00007FFC65EC2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1044-46-0x00007FFC65D90000-0x00007FFC65EC2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1044-49-0x0000020424730000-0x0000020424737000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1624-64-0x00007FFC657F0000-0x00007FFC65967000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1624-63-0x00000204C1180000-0x00000204C1187000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1624-69-0x00007FFC657F0000-0x00007FFC65967000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1808-83-0x000001F07A710000-0x000001F07A717000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1808-86-0x00007FFC65D90000-0x00007FFC65EC2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-37-0x0000000000C00000-0x0000000000C07000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3544-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-33-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-35-0x00007FFC7378A000-0x00007FFC7378B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3544-38-0x00007FFC743F0000-0x00007FFC74400000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3544-24-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-6-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3544-4-0x0000000000F30000-0x0000000000F31000-memory.dmp

          Filesize

          4KB

          Download