Overview

overview

10

Static

static

3

9c2ea8a66a...18.dll

windows7-x64

10

9c2ea8a66a...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2024 00:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c2ea8a66ae300767e59b45a8143a82d_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    9c2ea8a66ae300767e59b45a8143a82d

  • SHA1

    b4fa6eed05c8f92dad7e9eb45da03913ea5bfccb

  • SHA256

    517a906ea67b39b318993c2340fd67b5a0ff00bc486d77fdd7afeb99e5029234

  • SHA512

    a1a7c8ce64099d60e7c0153d2228af875097df0552b4c82f16d5beac058adb109a5e6cffef02e1317a5d82c0781e61117c06d8414635c5d0eec12b9eb500345d

  • SSDEEP

    24576:HuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:p9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9c2ea8a66ae300767e59b45a8143a82d_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2652
  • C:\Windows\system32\SystemPropertiesRemote.exe
    C:\Windows\system32\SystemPropertiesRemote.exe
    1⤵
      PID:2252
    • C:\Users\Admin\AppData\Local\0vWt\SystemPropertiesRemote.exe
      C:\Users\Admin\AppData\Local\0vWt\SystemPropertiesRemote.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2892
    • C:\Windows\system32\javaws.exe
      C:\Windows\system32\javaws.exe
      1⤵
        PID:2640
      • C:\Users\Admin\AppData\Local\yGAv7wv\javaws.exe
        C:\Users\Admin\AppData\Local\yGAv7wv\javaws.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:772
      • C:\Windows\system32\tcmsetup.exe
        C:\Windows\system32\tcmsetup.exe
        1⤵
          PID:1704
        • C:\Users\Admin\AppData\Local\Jb7ULC\tcmsetup.exe
          C:\Users\Admin\AppData\Local\Jb7ULC\tcmsetup.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3060

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\0vWt\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          d07ea81afadcb24d45abb7d4ce8dec7e

          SHA1

          37da8b8c3d70d83a0a0ac8b53f4ec3e1cc8e8683

          SHA256

          adaef634d0fea07ae04cd97dd906e6b410687306708541e6269d988668e11ed5

          SHA512

          7906b6e808dbf3e7a51e43abe2bfcdeebc8307fe94e10d4b79e91cc8fd141c964d65ac7cbad9d52516af90bda77ad4687ef1759cbbed843f2f75817c9deb04ec

          Download Submit

        • C:\Users\Admin\AppData\Local\Jb7ULC\TAPI32.dll
          Filesize

          1.2MB

          MD5

          27704b07e8381153a161f4b6b76e4a11

          SHA1

          861f18ce9e71254600cd301e0231ec153edafc3a

          SHA256

          3cfb87d2518ae6f8e453744473181243a0015321b8e56cc9477acfaaad03dce2

          SHA512

          6b2e376b52d78fb3150099032c927b5456a9ed4aaf6f2c7744e055cc3b9edba05a948251168fc9415a3b38a6c38f720d72398f1ed9d38ae942214ed5b2b78c0c

          Download Submit

        • C:\Users\Admin\AppData\Local\yGAv7wv\VERSION.dll
          Filesize

          1.2MB

          MD5

          8674d5e6c233dd33476316b9435241e3

          SHA1

          d1d9e2602abd90adf3c7dc46868e2011ff44a9ef

          SHA256

          915206d11e93ed3d8df336d32135de69803fac862e1650b3df34f447cae66587

          SHA512

          314efdd4484817cae1dc6610ad86a13e5273d136d11dfa171f827a332906c7a20f0e186cb75a9b2efa4d2ec934800addb141b87d27abf9a37b559462a072ccb2

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ngqpewzrrtyksiv.lnk
          Filesize

          1KB

          MD5

          2cb1c29776d29d87bd770f33f55ff69c

          SHA1

          8108cf44ef5a92eb75b43febe7fbfe0224fb1894

          SHA256

          7698c18d1c981512218210863a7800ba71cad6f124ad1565844e3616e1b631b2

          SHA512

          a0c336d8d7c0781f9bd2dedcd3cc081ec0806470e80d622cdb3071d17c347d1452e9820431a9593e4b3b3712efa9fe273b157a7c33855b51a681f23b2de010c9

          Download Submit

        • \Users\Admin\AppData\Local\0vWt\SystemPropertiesRemote.exe
          Filesize

          80KB

          MD5

          d0d7ac869aa4e179da2cc333f0440d71

          SHA1

          e7b9a58f5bfc1ec321f015641a60978c0c683894

          SHA256

          5762e1570de6ca4ff4254d03c8f6e572f3b9c065bf5c78fd5a9ea3769c33818a

          SHA512

          1808b10dc85f8755a0074d1ea00794b46b4254573b6862c2813a89ca171ad94f95262e8b59a8f9a596c9bd6a724f440a14a813eab93aa140e818ee97af106db7

          Download Submit

        • \Users\Admin\AppData\Local\Jb7ULC\tcmsetup.exe
          Filesize

          15KB

          MD5

          0b08315da0da7f9f472fbab510bfe7b8

          SHA1

          33ba48fd980216becc532466a5ff8476bec0b31c

          SHA256

          e19556bb7aa39bbd5f0d568a95aec0b3af18dda438cc5737f945243b24d106e7

          SHA512

          c30501546efe2b0c003ef87ac381e901c69ddfc6791c6a5102cff3a07f56555d94995a4413b93036821aa214fc31501fa87eb519e1890ef75b2ec497983ffd58

          Download Submit

        • \Users\Admin\AppData\Local\yGAv7wv\javaws.exe
          Filesize

          312KB

          MD5

          f94bc1a70c942621c4279236df284e04

          SHA1

          8f46d89c7db415a7f48ccd638963028f63df4e4f

          SHA256

          be9f8986a6c86d9f77978105d48b59eebfec3b9732dbf19e0f3d48bf7f20120c

          SHA512

          60edf20ca3cae9802263446af266568d0b5e0692eddcfcfc3b2f9a39327b3184613ca994460b919d17a6edc5936b4da16d9033f5138bcfd9bc0f09d88c8dcd52

          Download Submit

        • memory/772-78-0x000007FEF6130000-0x000007FEF6267000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/772-73-0x000007FEF6130000-0x000007FEF6267000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/772-72-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1184-14-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-25-0x0000000002D50000-0x0000000002D57000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1184-10-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-9-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-8-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-11-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-27-0x0000000076EC0000-0x0000000076EC2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1184-26-0x0000000076D31000-0x0000000076D32000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-37-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-36-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-4-0x0000000076C26000-0x0000000076C27000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-46-0x0000000076C26000-0x0000000076C27000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-13-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-5-0x0000000002D70000-0x0000000002D71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-7-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-16-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-12-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-15-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-24-0x0000000140000000-0x0000000140136000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2652-0-0x000007FEF6B00000-0x000007FEF6C36000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2652-45-0x000007FEF6B00000-0x000007FEF6C36000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2652-3-0x00000000001C0000-0x00000000001C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2892-60-0x000007FEF6B60000-0x000007FEF6C97000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2892-57-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2892-54-0x000007FEF6B60000-0x000007FEF6C97000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3060-91-0x000007FEF6130000-0x000007FEF6268000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3060-90-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3060-96-0x000007FEF6130000-0x000007FEF6268000-memory.dmp

          Filesize

          1.2MB

          Download