Overview

overview

10

Static

static

3

9a653a6ca8...18.dll

windows7-x64

10

9a653a6ca8...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15-08-2024 14:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a653a6ca8bca2e4465c01ec60656a48_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    9a653a6ca8bca2e4465c01ec60656a48

  • SHA1

    224dbe5f344ec040c808667827eed50a30c7d8e7

  • SHA256

    591c1e2c680af88e04a68e5401b6f40fc86835c6a3753068994822f8af071a06

  • SHA512

    512fb0907bb2d248626ceb54371cd57230793748bcec48c4935c12ab47568f2eac4b63f6c702a602b2425b02fcc76584bd8a5980c5660ee47b81223071341b77

  • SSDEEP

    24576:ruYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9Ncpt:19cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a653a6ca8bca2e4465c01ec60656a48_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2292
  • C:\Windows\system32\OptionalFeatures.exe
    C:\Windows\system32\OptionalFeatures.exe
    1⤵
      PID:2632
    • C:\Users\Admin\AppData\Local\H6m\OptionalFeatures.exe
      C:\Users\Admin\AppData\Local\H6m\OptionalFeatures.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2636
    • C:\Windows\system32\dpapimig.exe
      C:\Windows\system32\dpapimig.exe
      1⤵
        PID:2456
      • C:\Users\Admin\AppData\Local\BOxot\dpapimig.exe
        C:\Users\Admin\AppData\Local\BOxot\dpapimig.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2492
      • C:\Windows\system32\dvdupgrd.exe
        C:\Windows\system32\dvdupgrd.exe
        1⤵
          PID:2956
        • C:\Users\Admin\AppData\Local\0mClVvB\dvdupgrd.exe
          C:\Users\Admin\AppData\Local\0mClVvB\dvdupgrd.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1844

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\0mClVvB\VERSION.dll
          Filesize

          1.2MB

          MD5

          885790bd0dfa834d1f542efff27b7016

          SHA1

          582ed11d8a359a19d93a1a34ddc242de7dbc8e33

          SHA256

          9cc3021909f674d6b576b7465617b5df61544a88766b96ba3317633d304bd034

          SHA512

          3f51da9a5f1eaeda10bf1d4ca6ac2e132967e417b3c53afd83e3fb7bfb45ee8420cdd625e9d900627515c72ec4a496644dd33729ab1935b4bdad6a74125cc7d7

          Download Submit

        • C:\Users\Admin\AppData\Local\BOxot\DUI70.dll
          Filesize

          1.4MB

          MD5

          3ebaa9926f0e0a0df215442bae543696

          SHA1

          fd4d2479c1f09b0ae8d52b028c0cfb93c793f2ed

          SHA256

          89c8b18ea90049bbe421c48ff4bd27658a0f18d0720747a60fcbaf19e70ce40a

          SHA512

          84836d5cfe031f7236335673706342efe55faf13c8511da7b854a6821684d9a942122d9138360565e5943938117a21cd228da9b9a2146b12b3acbb712e9afa1d

          Download Submit

        • C:\Users\Admin\AppData\Local\H6m\appwiz.cpl
          Filesize

          1.2MB

          MD5

          a85045faaa0f264a289a4e6021742640

          SHA1

          ce4e67a58ee6ccaa1541047e22631a86374510b4

          SHA256

          30d3d778972c10d9eb506d3fef6f2b45d4b279f727512da259e592206ed71dfc

          SHA512

          7bf397579ffcb1db002da80cdd1eb8880f1d630ba2b8c19022ca7e4fbb7f39b26b31f587829069e48ff1c755088a049f50cac6332f51080341c874aa4cf892c3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ygxjfqh.lnk
          Filesize

          899B

          MD5

          b477bfb2b3e4429b9ab996386c085117

          SHA1

          d5cb4df1ec0b1c941e91256059bc70d560f2d51f

          SHA256

          ad550dd3939082826e8a163579b5986a8da8029f90c7af49154416541e151365

          SHA512

          7af36caa8e75dbad6c056d7c73b1c9c75c7506462286c38d5e5c73ddbf76e091ce1e432d8d8146a0ad529350688092c4f2406e720c1158ea5375fdf5a972bbd8

          Download Submit

        • \Users\Admin\AppData\Local\0mClVvB\dvdupgrd.exe
          Filesize

          25KB

          MD5

          75a9b4172eac01d9648c6d2133af952f

          SHA1

          63c7e1af762d2b584e9cc841e8b0100f2a482b81

          SHA256

          18f9f520c7157023b0e7dfe7433a63c4dedd47b04d24aac4038b795893050736

          SHA512

          5a7a2c7f184efd9c84256a1a0a5e7aeb95432d63a567196be54e7a9437a5ada9b922983c5fc0cafb16eab4493665d8e56e2f646f9f6a2d6179986925ffcdf769

          Download Submit

        • \Users\Admin\AppData\Local\BOxot\dpapimig.exe
          Filesize

          73KB

          MD5

          0e8b8abea4e23ddc9a70614f3f651303

          SHA1

          6d332ba4e7a78039f75b211845514ab35ab467b2

          SHA256

          66fc6b68e54b8840a38b4de980cc22aed21009afc1494a9cc68e892329f076a1

          SHA512

          4feded78f9b953472266693e0943030d00f82a5cc8559df60ae0479de281164155e19687afc67cba74d04bb9ad092f5c7732f2d2f9b06274ca2ae87dc2d4a6dc

          Download Submit

        • \Users\Admin\AppData\Local\H6m\OptionalFeatures.exe
          Filesize

          95KB

          MD5

          eae7af6084667c8f05412ddf096167fc

          SHA1

          0dbe8aba001447030e48e8ad5466fd23481e6140

          SHA256

          01feebd3aca961f31ba4eac45347b105d1c5772627b08f5538047721b61ff9bc

          SHA512

          172a8accaa35a6c9f86713a330c5899dfeeffe3b43413a3d276fc16d45cd62ed9237aa6bff29cc60a2022fba8dcc156959723c041df4b7463436a3bdabef2a9d

          Download Submit

        • memory/1204-16-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-4-0x00000000770C6000-0x00000000770C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-25-0x0000000002E20000-0x0000000002E27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1204-24-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-27-0x0000000077460000-0x0000000077462000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-26-0x00000000772D1000-0x00000000772D2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-36-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-38-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-5-0x0000000002E40000-0x0000000002E41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-46-0x00000000770C6000-0x00000000770C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1844-90-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1844-91-0x000007FEF6370000-0x000007FEF64A1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1844-96-0x000007FEF6370000-0x000007FEF64A1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2292-45-0x000007FEF6380000-0x000007FEF64B0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2292-1-0x000007FEF6380000-0x000007FEF64B0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2292-0-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2492-72-0x0000000001AC0000-0x0000000001AC7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2492-73-0x000007FEF5E70000-0x000007FEF5FD4000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2492-78-0x000007FEF5E70000-0x000007FEF5FD4000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2636-60-0x000007FEF6A00000-0x000007FEF6B31000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2636-55-0x000007FEF6A00000-0x000007FEF6B31000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2636-54-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download