Overview

overview

10

Static

static

3

919faabaf4...18.dll

windows7-x64

10

919faabaf4...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    13-08-2024 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    919faabaf40217b576a1f93cab032587_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    919faabaf40217b576a1f93cab032587

  • SHA1

    846b9da7874bf67d4ac2c506113852d2d65b363d

  • SHA256

    c1c7e9180c08d543ddb651df2858b8d84fe6964012ba3cba206d3d025db49e36

  • SHA512

    724addbbc986ecb110c698cdd916c8ef00d6e28d509533d10793c21476fa39c0e371ca7032a9a0cf4a5bdc80728e1221377c84b09d7a577551dadeda30b409b5

  • SSDEEP

    24576:KuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:S9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\919faabaf40217b576a1f93cab032587_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1476
  • C:\Windows\system32\BdeUISrv.exe
    C:\Windows\system32\BdeUISrv.exe
    1⤵
      PID:2608
    • C:\Users\Admin\AppData\Local\YM25\BdeUISrv.exe
      C:\Users\Admin\AppData\Local\YM25\BdeUISrv.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2624
    • C:\Windows\system32\spinstall.exe
      C:\Windows\system32\spinstall.exe
      1⤵
        PID:1912
      • C:\Users\Admin\AppData\Local\DaE\spinstall.exe
        C:\Users\Admin\AppData\Local\DaE\spinstall.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2476
      • C:\Windows\system32\winlogon.exe
        C:\Windows\system32\winlogon.exe
        1⤵
          PID:2424
        • C:\Users\Admin\AppData\Local\PAQWPgYVZ\winlogon.exe
          C:\Users\Admin\AppData\Local\PAQWPgYVZ\winlogon.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1924

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\DaE\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          79ba7e5a8b04d22f856ace0a27ede877

          SHA1

          51f761c582586aebc2776b23f3e6a0cabd8f81ce

          SHA256

          21c49b16a62b45f6e068c8a72e72231cfea93a320b9708b2b63d2c23cec525bb

          SHA512

          8b39eeb53c6ab312fe8c35da039075e6e80ffc8d0c68cd2407cf4c259b4350dec871f0a52341ea24740247e7fdfb7496f196e3646b0f054dd40b7771e6fe21f6

          Download Submit

        • C:\Users\Admin\AppData\Local\PAQWPgYVZ\WINSTA.dll
          Filesize

          1.2MB

          MD5

          e88bb8dd806319ff85b279534505674c

          SHA1

          0ba7033e0e47f211b7fd112d6905deeccd0586e4

          SHA256

          6dd334f998e8d3c1656c7c24eb24eef5032784ccf8ed062a02cfb7fabcb4a433

          SHA512

          ef3b35e265a0c1801c3590e662f8d4f4f204744e226e3a99c4963868e00ec730cc38de3b79ba3b3fbfb8093d689e452fd333b60a61734e0b510f138221b3c88b

          Download Submit

        • C:\Users\Admin\AppData\Local\YM25\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          10bc298b7fa3654d5d52170a2e44c4e7

          SHA1

          d92dbf10200aa81661c462646794dc32040c7c0e

          SHA256

          ea89bf0cfb88a68620c38f77c3629a314447cb4fe69ea59df020027e0f0680ec

          SHA512

          6c29a2c7d51acb780e6062d04c4898d29d9896ec4e3bfb37221c30cfb47e26b0a6f3a7567245cc5688fb233c241f833b79992af67301d9aa28138a1cf555b9ea

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ewnqrlgibmqii.lnk
          Filesize

          1KB

          MD5

          a05db5898bf9125efd7df00508e52905

          SHA1

          3e0459b86f1335e25f294204991f4405258dbe26

          SHA256

          e68330a55ccc216519499fb63c235d22f4b0ce8edf01d979155af4d441e04670

          SHA512

          81bd97a26eec8b9f424cb24463ef5b9916b7d5a74edb79fe8eb5fa9e2ec8ef30e09f18704c8f0c7465c1dcf9e7a188e2fd158682a3ae053bf6541243c144f056

          Download Submit

        • \Users\Admin\AppData\Local\DaE\spinstall.exe
          Filesize

          584KB

          MD5

          29c1d5b330b802efa1a8357373bc97fe

          SHA1

          90797aaa2c56fc2a667c74475996ea1841bc368f

          SHA256

          048bd22abf158346ab991a377cc6e9d2b20b4d73ccee7656c96a41f657e7be7f

          SHA512

          66f4f75a04340a1dd55dfdcc3ff1103ea34a55295f56c12e88d38d1a41e5be46b67c98bd66ac9f878ce79311773e374ed2bce4dd70e8bb5543e4ec1dd56625ee

          Download Submit

        • \Users\Admin\AppData\Local\PAQWPgYVZ\winlogon.exe
          Filesize

          381KB

          MD5

          1151b1baa6f350b1db6598e0fea7c457

          SHA1

          434856b834baf163c5ea4d26434eeae775a507fb

          SHA256

          b1506e0a7e826eff0f5252ef5026070c46e2235438403a9a24d73ee69c0b8a49

          SHA512

          df728d06238da1dece96f8b8d67a2423ed4dcb344b42d5958768d23bd570a79e7189e7c5ba783c1628fe8ddd1deaebeacb1b471c59c8a7c9beb21b4f1eb9edab

          Download Submit

        • \Users\Admin\AppData\Local\YM25\BdeUISrv.exe
          Filesize

          47KB

          MD5

          1da6b19be5d4949c868a264bc5e74206

          SHA1

          d5ee86ba03a03ef8c93d93accafe40461084c839

          SHA256

          00330a0e0eb1dbb6ee84997963f8e15c7c15c1df787f1c7f109609d7b31bd35c

          SHA512

          9cee858c55eb0852e5bad53a675a094ae591b46b07afe9fb4224cac32e0be577fe36c1ed3e9f6bda4d4eb0c924a773d00e3181cd97f07e24c6c68c70f2b002c6

          Download Submit

        • memory/1200-27-0x0000000077940000-0x0000000077942000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-25-0x0000000002A30000-0x0000000002A37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1200-4-0x00000000775A6000-0x00000000775A7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-26-0x00000000777B1000-0x00000000777B2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-24-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-37-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-36-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-5-0x0000000002D50000-0x0000000002D51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-16-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-74-0x00000000775A6000-0x00000000775A7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1476-45-0x000007FEF7B40000-0x000007FEF7C70000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1476-3-0x0000000000140000-0x0000000000147000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1476-0-0x000007FEF7B40000-0x000007FEF7C70000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1924-90-0x000007FEF7A60000-0x000007FEF7B92000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1924-93-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1924-96-0x000007FEF7A60000-0x000007FEF7B92000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2476-71-0x000007FEF7A60000-0x000007FEF7B91000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2476-75-0x0000000000270000-0x0000000000277000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2476-78-0x000007FEF7A60000-0x000007FEF7B91000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2624-59-0x000007FEF7B90000-0x000007FEF7CC1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2624-54-0x000007FEF7B90000-0x000007FEF7CC1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2624-53-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download