Overview

overview

10

Static

static

3

8f968de65b...18.dll

windows7-x64

10

8f968de65b...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12-08-2024 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f968de65b229b07429e091da4f33aa3_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    8f968de65b229b07429e091da4f33aa3

  • SHA1

    1be38b944d34c04a4a16a28634facd8cc3e2111f

  • SHA256

    3dff0c924f277d23a655e417ad8ac99c91a0acb1c8cd28ace46edc1811051696

  • SHA512

    4c22f146a252308da05553ceb86384437fe1836c3c86bd1c0f8bfc5c5bdf60ee8549cd831b9088a4a6e4aa382144766816b718acf5804f83a1130d274f46f1e5

  • SSDEEP

    24576:DuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9Ny:t9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8f968de65b229b07429e091da4f33aa3_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1484
  • C:\Windows\system32\FXSCOVER.exe
    C:\Windows\system32\FXSCOVER.exe
    1⤵
      PID:2604
    • C:\Users\Admin\AppData\Local\C9bYBG\FXSCOVER.exe
      C:\Users\Admin\AppData\Local\C9bYBG\FXSCOVER.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2804
    • C:\Windows\system32\msdt.exe
      C:\Windows\system32\msdt.exe
      1⤵
        PID:2116
      • C:\Users\Admin\AppData\Local\9xBMLq\msdt.exe
        C:\Users\Admin\AppData\Local\9xBMLq\msdt.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2296
      • C:\Windows\system32\spinstall.exe
        C:\Windows\system32\spinstall.exe
        1⤵
          PID:1108
        • C:\Users\Admin\AppData\Local\A6fGJzi\spinstall.exe
          C:\Users\Admin\AppData\Local\A6fGJzi\spinstall.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:604

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\9xBMLq\UxTheme.dll
          Filesize

          1.2MB

          MD5

          1a84b9afc80b7833401a934be42223dd

          SHA1

          9f8d671debe6d02874c6898d1c026ef8af0ab7c8

          SHA256

          de2dd7b1d691fc2fdd1a21df6a2c717e05698c64a07aec73133f99ff863030f7

          SHA512

          c448e65eecf665e9a6029663425e3c54a0be54f0fd3dc2451fa0af61f824ce310e3484d993c3deed8908408253aada8d17678569d5337bc4e2ef5f89f12d8311

          Download Submit

        • C:\Users\Admin\AppData\Local\A6fGJzi\WINBRAND.dll
          Filesize

          1.2MB

          MD5

          3fef6d9c33164bcba5f442bf19bfa013

          SHA1

          63a7877b3bd47b250e9fb2210ff8e3db7060cc76

          SHA256

          33065f4e49512d1c521c8d85c9c5aecb4b3509d9cf78e034c693c9088277da72

          SHA512

          0f2936e55112d6872b7a2d40b07d8b4997ffaf42245b3b5984e920c47ae79f5cdf99f4d9c2d3b2b33e53e290ae88e4811d8237b84896871e9a3357703cef2fc9

          Download Submit

        • C:\Users\Admin\AppData\Local\C9bYBG\MFC42u.dll
          Filesize

          1.2MB

          MD5

          3a8a82903c035a88ee1655017f0aa58a

          SHA1

          2ddd130f61b98f4c26682d4cdfef1b09874058b0

          SHA256

          cd38db28e8f3d00d6ea7fd5e722cf36a7c43377fb1c8e8e33d0f3220aacba5d6

          SHA512

          af58c7c00ab838b235bc6bf2bc349f914699b5530f25925e5145cf87a5dac0acb43c98b31fa6c1ec646726a5a2dfeddd5b742b488742989acfc1b21037d5574b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Filabyuswgwl.lnk
          Filesize

          1KB

          MD5

          433404a6b5952b9fc55db28e8ac04c5e

          SHA1

          9966d24501c400d58d7f58a5b6b4bedb8a59b6dc

          SHA256

          5e79ccdd1db0a2a1efa462d8b6fc823b6c55bbd2f4acf7deb5135c80394e2114

          SHA512

          667dc00f99d987a67d281e14da31884c5905aaf69c67921e325e1cd599197eceb723c8fd7b8ec1a649c4cfe81572591f0690a8887586292aa163002dbf33630a

          Download Submit

        • \Users\Admin\AppData\Local\9xBMLq\msdt.exe
          Filesize

          1.0MB

          MD5

          aecb7b09566b1f83f61d5a4b44ae9c7e

          SHA1

          3a4a2338c6b5ac833dc87497e04fe89c5481e289

          SHA256

          fbdbe7a2027cab237c4635ef71c1a93cf7afc4b79d56b63a119b7f8e3029ccf5

          SHA512

          6e14200262e0729ebcab2226c3eac729ab5af2a4c6f4f9c3e2950cc203387d9a0a447cf38665c724d4397353931fd10064dc067e043a3579538a6144e33e4746

          Download Submit

        • \Users\Admin\AppData\Local\A6fGJzi\spinstall.exe
          Filesize

          584KB

          MD5

          29c1d5b330b802efa1a8357373bc97fe

          SHA1

          90797aaa2c56fc2a667c74475996ea1841bc368f

          SHA256

          048bd22abf158346ab991a377cc6e9d2b20b4d73ccee7656c96a41f657e7be7f

          SHA512

          66f4f75a04340a1dd55dfdcc3ff1103ea34a55295f56c12e88d38d1a41e5be46b67c98bd66ac9f878ce79311773e374ed2bce4dd70e8bb5543e4ec1dd56625ee

          Download Submit

        • \Users\Admin\AppData\Local\C9bYBG\FXSCOVER.exe
          Filesize

          261KB

          MD5

          5e2c61be8e093dbfe7fc37585be42869

          SHA1

          ed46cda4ece3ef187b0cf29ca843a6c6735af6c0

          SHA256

          3d1719c1caa5d6b0358830a30713c43a9710fbf7bcedca20815be54d24aa9121

          SHA512

          90bf180c8f6e3d0286a19fcd4727f23925a39c90113db979e1b4bbf8f0491471ad26c877a6e2cf49638b14050d952a9ee02a3c1293129843ec6bba01bc325d0b

          Download Submit

        • memory/604-96-0x000007FEF6010000-0x000007FEF6147000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/604-93-0x0000000000370000-0x0000000000377000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1216-12-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-11-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-16-0x00000000024E0000-0x00000000024E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1216-15-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-14-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-17-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-25-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-26-0x00000000771E1000-0x00000000771E2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-27-0x0000000077370000-0x0000000077372000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1216-36-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-37-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-4-0x0000000076FD6000-0x0000000076FD7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-5-0x00000000024D0000-0x00000000024D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-13-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-7-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-8-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-10-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-64-0x0000000076FD6000-0x0000000076FD7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-9-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1484-0-0x000007FEF6910000-0x000007FEF6A46000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1484-45-0x000007FEF6910000-0x000007FEF6A46000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1484-3-0x00000000001C0000-0x00000000001C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2296-75-0x0000000000140000-0x0000000000147000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2296-72-0x000007FEF6010000-0x000007FEF6147000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2296-78-0x000007FEF6010000-0x000007FEF6147000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2804-59-0x000007FEF6910000-0x000007FEF6A4D000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2804-56-0x0000000000170000-0x0000000000177000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2804-53-0x000007FEF6910000-0x000007FEF6A4D000-memory.dmp

          Filesize

          1.2MB

          Download