Overview

overview

10

Static

static

3

a236617cba...18.dll

windows7-x64

10

a236617cba...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-08-2024 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a236617cba1842bc67dd010ff75e0165_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    a236617cba1842bc67dd010ff75e0165

  • SHA1

    45c927cb4e54935e080eb289d6b3873599f326aa

  • SHA256

    33143ae3dad7d48a7b60f534dda386fe9ca6451864b50facc77d50c41cb7d704

  • SHA512

    fc2a47558586c1af2621d6eb12c0d1a418117f3291a04a8a4744e276514f71851d399da19cb7e873a0826c40e136b605cab83500447e89a7c476736164a02168

  • SSDEEP

    24576:HuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N3:p9cKrUqZWLAcUv

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a236617cba1842bc67dd010ff75e0165_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4932
  • C:\Windows\system32\mmc.exe
    C:\Windows\system32\mmc.exe
    1⤵
      PID:4760
    • C:\Users\Admin\AppData\Local\1x5N\mmc.exe
      C:\Users\Admin\AppData\Local\1x5N\mmc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2036
    • C:\Windows\system32\ie4uinit.exe
      C:\Windows\system32\ie4uinit.exe
      1⤵
        PID:1236
      • C:\Users\Admin\AppData\Local\OcesgAL\ie4uinit.exe
        C:\Users\Admin\AppData\Local\OcesgAL\ie4uinit.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1040
      • C:\Windows\system32\SysResetErr.exe
        C:\Windows\system32\SysResetErr.exe
        1⤵
          PID:5040
        • C:\Users\Admin\AppData\Local\S4U\SysResetErr.exe
          C:\Users\Admin\AppData\Local\S4U\SysResetErr.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4024
        • C:\Windows\system32\BitLockerWizard.exe
          C:\Windows\system32\BitLockerWizard.exe
          1⤵
            PID:1188
          • C:\Users\Admin\AppData\Local\Xfi\BitLockerWizard.exe
            C:\Users\Admin\AppData\Local\Xfi\BitLockerWizard.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:4444

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\1x5N\MFC42u.dll
            Filesize

            1.2MB

            MD5

            215577c73de8051541de40fba42d3b90

            SHA1

            603180cf8d783a7b29fc96548ce973fbaf4825a9

            SHA256

            750a7c2d10737938b7aa42ec78489d325dc45bee06d4b544c01c536ab01f1fa4

            SHA512

            45c635890b8eeff3a4c280ab2e71342593975539a3b84613777f4fc124a7d22b2a9eccc6ad064f909809a59ff2fed17c8254e6beed9fcd540ab425d86d65c63c

            Download Submit

          • C:\Users\Admin\AppData\Local\1x5N\mmc.exe
            Filesize

            1.8MB

            MD5

            8c86b80518406f14a4952d67185032d6

            SHA1

            9269f1fbcf65fefbc88a2e239519c21efe0f6ba5

            SHA256

            895eef1eda5700a425934ae3782d4741dfefb7deafa53891bde490150187b98a

            SHA512

            1bbdaa3ae8b5716ad2bd517055533e286ddb8a6c23cbc7aa602143dbb1ae132b513088ab61527c49737c554269c51416cceb80206ac8128ac6b003f1864eb099

            Download Submit

          • C:\Users\Admin\AppData\Local\OcesgAL\VERSION.dll
            Filesize

            1.2MB

            MD5

            ff817064fb6f4a1e85b16938a331e3b7

            SHA1

            2529fbfdcbdd9ec859e54b332e8d1757a18ff224

            SHA256

            bc809acf2b97be20b089953971c86af52ee6dc0c32ababb58f16cdafeac0700a

            SHA512

            9dcaac3bf134f5c6300c49431394fd96e6d0995629b70cdbe24b6210dcd28707514f3f2fa2cab0aab67b16b3a1051efd13f994e8b1f7611e0f48b2144b76845b

            Download Submit

          • C:\Users\Admin\AppData\Local\OcesgAL\ie4uinit.exe
            Filesize

            262KB

            MD5

            a2f0104edd80ca2c24c24356d5eacc4f

            SHA1

            8269b9fd9231f04ed47419bd565c69dc677fab56

            SHA256

            5d85c4d62cc26996826b9d96a9153f7e05a2260342bd913b3730610a1809203c

            SHA512

            e7bb87f9f6c82cb945b95f62695be98b3fa827a24fa8c4187fe836d4e7d3e7ae3b95101edd3c41d65f6cb684910f5954a67307d450072acd8d475212db094390

            Download Submit

          • C:\Users\Admin\AppData\Local\S4U\DUI70.dll
            Filesize

            1.5MB

            MD5

            0d491677cfd06e131c26af691e47d20c

            SHA1

            01f7a1cb3dfa610a2c3eab37436407f9ca35ca98

            SHA256

            4673f8b483b98a651d2dd813c396754bc4aa61c72587f386b7cbf467886ee81f

            SHA512

            45ab38af93ab22d311d46c7dd700bbe7cb6c24bb411709779bbb498af20383f8439ec82f85813650bf791b6aa9f61710d3cda9d1216c4390c294b0f54ca02b71

            Download Submit

          • C:\Users\Admin\AppData\Local\S4U\SysResetErr.exe
            Filesize

            41KB

            MD5

            090c6f458d61b7ddbdcfa54e761b8b57

            SHA1

            c5a93e9d6eca4c3842156cc0262933b334113864

            SHA256

            a324e3ba7309164f215645a6db3e74ed35c7034cc07a011ebed2fa60fda4d9cd

            SHA512

            c9ef79397f3a843dcf2bcb5f761d90a4bdadb08e2ca85a35d8668cb13c308b275ed6aa2c8b9194a1f29964e0754ad05e89589025a0b670656386a8d448a1f542

            Download Submit

          • C:\Users\Admin\AppData\Local\Xfi\BitLockerWizard.exe
            Filesize

            100KB

            MD5

            6d30c96f29f64b34bc98e4c81d9b0ee8

            SHA1

            4a3adc355f02b9c69bdbe391bfb01469dee15cf0

            SHA256

            7758227642702e645af5e84d1c0e5690e07687c8209072a2c5f79379299edf74

            SHA512

            25471b0ac7156d9ee9d12181020039bf551ba3efe252b656030c12d93b8db2648a18bdf762740f2a5cd8e43640e4bd4e8742310dea15823fc76b9e1c126876b8

            Download Submit

          • C:\Users\Admin\AppData\Local\Xfi\FVEWIZ.dll
            Filesize

            1.2MB

            MD5

            c1038cba489cae1c5ceec90ff25da415

            SHA1

            2940598de89bb7cef95dc24452e9f4c03b529c92

            SHA256

            5d1190e86c9223fe35b965d4ed79eb1d60a90ce2b856a99e229aec8bbf059e72

            SHA512

            48fcb7772fef0eda4823eee484044fe5c040b04902baf3f1a8905260fc3aae3e48cc85f8991cb1581a1eed230c00a01b209d070ccee2884d8580f6d36eebb754

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Plbydas.lnk
            Filesize

            1021B

            MD5

            b8612b90af3407a716f2f8cf56890d95

            SHA1

            77df2330dcb20c5ea1512d6daacd7e97d068d87a

            SHA256

            dea1ee2a4ad0dab3e4b71072612bb637654e44b0be926558a059ceaf60770c11

            SHA512

            e5716e3f9cef5aedf520a6a92fca750e181293977d10ac91a8033e654c879c6cd88ac0080df3a99ce5520fd31f21148be0fa87f73623972704181b125f075c84

            Download Submit

          • memory/1040-58-0x00007FF81C560000-0x00007FF81C697000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1040-61-0x000001812B580000-0x000001812B587000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1040-64-0x00007FF81C560000-0x00007FF81C697000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2036-50-0x00007FF81C560000-0x00007FF81C69D000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2036-49-0x0000000003190000-0x0000000003197000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2036-46-0x00007FF81C560000-0x00007FF81C69D000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-16-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-24-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-4-0x00000000073D0000-0x00000000073D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3456-6-0x00007FF8386DA000-0x00007FF8386DB000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3456-10-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-7-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-8-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-9-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-13-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-15-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-12-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-11-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-33-0x00007FF83A110000-0x00007FF83A120000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3456-35-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3456-29-0x00000000073B0000-0x00000000073B7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3456-14-0x0000000140000000-0x0000000140136000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4024-75-0x00007FF81C520000-0x00007FF81C69C000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/4024-80-0x00007FF81C520000-0x00007FF81C69C000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/4444-96-0x00007FF81C560000-0x00007FF81C697000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4932-0-0x00007FF82B010000-0x00007FF82B146000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4932-38-0x00007FF82B010000-0x00007FF82B146000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4932-3-0x0000000000EA0000-0x0000000000EA7000-memory.dmp

            Filesize

            28KB

            Download