Overview

overview

10

Static

static

3

97da975cf8...18.dll

windows7-x64

10

97da975cf8...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97da975cf879ff9210ee322317dc6f66_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    97da975cf879ff9210ee322317dc6f66

  • SHA1

    6c77c4d5ad998f662900f663f4087ddc7179730a

  • SHA256

    9fd6fe428a4723bc8b7e93fdec36e2740ec2973c80ac7e4b4ef29ac12f3fe1f1

  • SHA512

    3f9a7edf37144094c5bf0ef12e4a00a53a8cca689c4da886a15870c1fd6572c98cfea5a99c22fff4788620acae9cabe604de2d7d2ae6c7dc1f3fbbc7015bdd07

  • SSDEEP

    24576:uuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9Nf:O9cKrUqZWLAcUX

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\97da975cf879ff9210ee322317dc6f66_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3036
  • C:\Windows\system32\WFS.exe
    C:\Windows\system32\WFS.exe
    1⤵
      PID:2312
    • C:\Users\Admin\AppData\Local\UMRIPcg\WFS.exe
      C:\Users\Admin\AppData\Local\UMRIPcg\WFS.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:5080
    • C:\Windows\system32\DevicePairingWizard.exe
      C:\Windows\system32\DevicePairingWizard.exe
      1⤵
        PID:3904
      • C:\Users\Admin\AppData\Local\xxe094rx\DevicePairingWizard.exe
        C:\Users\Admin\AppData\Local\xxe094rx\DevicePairingWizard.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4652
      • C:\Windows\system32\Taskmgr.exe
        C:\Windows\system32\Taskmgr.exe
        1⤵
          PID:4356
        • C:\Users\Admin\AppData\Local\LTGbthNi\Taskmgr.exe
          C:\Users\Admin\AppData\Local\LTGbthNi\Taskmgr.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4136

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\LTGbthNi\Taskmgr.exe
          Filesize

          1.2MB

          MD5

          58d5bc7895f7f32ee308e34f06f25dd5

          SHA1

          7a7f5e991ddeaf73e15a0fdcb5c999c0248a2fa4

          SHA256

          4e305198f15bafd5728b5fb8e7ff48d9f312399c744ecfea0ecac79d93c5e478

          SHA512

          872c84c92b0e4050ae4a4137330ec3cda30008fd15d6413bf7a913c03a021ad41b6131e5a7356b374ced98d37ae207147ebefd93893560dc15c3e9875f93f7a9

          Download Submit

        • C:\Users\Admin\AppData\Local\LTGbthNi\credui.dll
          Filesize

          1.2MB

          MD5

          010420657802f21b8bea180cebb97da5

          SHA1

          5f318b8b384264776b1f0dfb242170af52944df0

          SHA256

          1cbef9a015a15f8c086ce9afbb83a8380af90814e6c632e1e686afd66d39b372

          SHA512

          b17896a7b70fdf5fedf291c409d1f4c3ef6daf6c80a35b3da853828a92751cddb49ca9edcab3a4541a19a6d7635bda493217b7921d359ac313e679dbc8ad2bbf

          Download Submit

        • C:\Users\Admin\AppData\Local\UMRIPcg\UxTheme.dll
          Filesize

          1.2MB

          MD5

          e0094ace04af3cca3d3b1b12c897b08c

          SHA1

          adb34875bc51701c8b28cdb58c8d2c7397a002d6

          SHA256

          4754f46ddaede68c5efc04e674f4528e5b927a599b462a63a2d176e651f8e991

          SHA512

          2f10d29790037883080406ff0806d155adfbbdd0e8e0abad4b18ebbed81426eeb40959ed9641e190603f6a2d9a904e604dc84c92af2b1d27832c205e62e556e7

          Download Submit

        • C:\Users\Admin\AppData\Local\UMRIPcg\WFS.exe
          Filesize

          944KB

          MD5

          3cbc8d0f65e3db6c76c119ed7c2ffd85

          SHA1

          e74f794d86196e3bbb852522479946cceeed7e01

          SHA256

          e23e4182efe7ed61aaf369696e1ce304c3818df33d1663872b6d3c75499d81f4

          SHA512

          26ae5845a804b9eb752078f1ffa80a476648a8a9508b4f7ba56c94acd4198f3ba59c77add4feb7e0420070222af56521ca5f6334f466d5db272c816930513f0a

          Download Submit

        • C:\Users\Admin\AppData\Local\xxe094rx\DevicePairingWizard.exe
          Filesize

          93KB

          MD5

          d0e40a5a0c7dad2d6e5040d7fbc37533

          SHA1

          b0eabbd37a97a1abcd90bd56394f5c45585699eb

          SHA256

          2adaf3a5d3fde149626e3fef0e943c7029a135c04688acf357b2d8d04c81981b

          SHA512

          1191c2efcadd53b74d085612025c44b6cd54dd69493632950e30ada650d5ed79e3468c138f389cd3bc21ea103059a63eb38d9d919a62d932a38830c93f57731f

          Download Submit

        • C:\Users\Admin\AppData\Local\xxe094rx\MFC42u.dll
          Filesize

          1.2MB

          MD5

          7942b19d797da1fe15c9938d03c7d636

          SHA1

          0a2173b4aed763d74246c7d3f3a239b357eaabf4

          SHA256

          03de610a30dac718eff8c5e0d5b97d5a0e9cab618096b7acc48475693cbf359b

          SHA512

          4f3b7686a56faf4b0255c9f88c87f97735547185982b77374f2ff54dc1fc8aad7d838f9201c318591d5bf016d32b40eed2ee330497fcb1fd3aa446d1f01e45c1

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yfsfrqrlkk.lnk
          Filesize

          1KB

          MD5

          be0af02a3c41942510f029efbc8b3eb8

          SHA1

          94b684974ce945671b72226388442791981cbda6

          SHA256

          bc42e81a659501de3b864afb5fba30a8e147ade550986e11ba7e7a7016830e41

          SHA512

          397823b1026803c953dd9f377cee50b24117873f10c692437e83e53bc029552dc123fcdd83e934fb1367d30b5ed9a5a513e5d5afd2ffa921a2b03d7b4a1f5cb8

          Download Submit

        • memory/3036-0-0x00007FFF9A6D0000-0x00007FFF9A801000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3036-3-0x000002027C890000-0x000002027C897000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3036-39-0x00007FFF9A6D0000-0x00007FFF9A801000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-28-0x00007FFFA8A7A000-0x00007FFFA8A7B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3476-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-29-0x0000000002640000-0x0000000002647000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3476-30-0x00007FFFA9550000-0x00007FFFA9560000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3476-4-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3476-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-6-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-36-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3476-24-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4136-80-0x00007FFF8A850000-0x00007FFF8A982000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4136-85-0x00007FFF8A850000-0x00007FFF8A982000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4652-69-0x00007FFF8BBE0000-0x00007FFF8BD18000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4652-63-0x00007FFF8BBE0000-0x00007FFF8BD18000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4652-66-0x000001C3F4020000-0x000001C3F4027000-memory.dmp

          Filesize

          28KB

          Download

        • memory/5080-52-0x00007FFF8BBE0000-0x00007FFF8BD12000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/5080-49-0x0000026C31910000-0x0000026C31917000-memory.dmp

          Filesize

          28KB

          Download

        • memory/5080-46-0x00007FFF8BBE0000-0x00007FFF8BD12000-memory.dmp

          Filesize

          1.2MB

          Download