Overview

overview

10

Static

static

3

a4c489c2af...18.dll

windows7-x64

10

a4c489c2af...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 00:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4c489c2af8ca511afa7de96641d2f08_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    a4c489c2af8ca511afa7de96641d2f08

  • SHA1

    f8f54d4f16282bf6cfaa33216ba9d7fed9e2c9e5

  • SHA256

    027e62076d92fb4a2ba14c63b2e628d47d5385d2a9f8af691bdb674cfaa29ca0

  • SHA512

    eb031dac63ac09ecaf738e8e2968ea785ee9f3fa151442a9cd934ce4073a93538fbabea03575c46de42fd14e8b0870908f5c1d26ca97c125bc8ed5265de64b89

  • SSDEEP

    24576:yuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:a9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4c489c2af8ca511afa7de96641d2f08_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2368
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4336,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:8
    1⤵
      PID:3112
    • C:\Windows\system32\SystemPropertiesProtection.exe
      C:\Windows\system32\SystemPropertiesProtection.exe
      1⤵
        PID:4540
      • C:\Users\Admin\AppData\Local\488z4\SystemPropertiesProtection.exe
        C:\Users\Admin\AppData\Local\488z4\SystemPropertiesProtection.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3448
      • C:\Windows\system32\isoburn.exe
        C:\Windows\system32\isoburn.exe
        1⤵
          PID:4268
        • C:\Users\Admin\AppData\Local\8qio76b4f\isoburn.exe
          C:\Users\Admin\AppData\Local\8qio76b4f\isoburn.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4284
        • C:\Windows\system32\usocoreworker.exe
          C:\Windows\system32\usocoreworker.exe
          1⤵
            PID:5092
          • C:\Users\Admin\AppData\Local\y1MMuaSY\usocoreworker.exe
            C:\Users\Admin\AppData\Local\y1MMuaSY\usocoreworker.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:4456

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\488z4\SYSDM.CPL
            Filesize

            1.2MB

            MD5

            19d313758d2a4eee70a35d9c411d0086

            SHA1

            c4fec81ab4ab8f7b7bcc1f2ee6747ebaebe42ff7

            SHA256

            663b0e65c0fce907efbcd2603d5d98eb7a5ab80312071e0683457377ff9ff5ab

            SHA512

            8840183816896624585d65c0fa2258e564ef6af76334b1511661091979eb553d1517e80189b2288a39deaa676765f64539b18ef031632cf85e634ea0b5ee12a9

            Download Submit

          • C:\Users\Admin\AppData\Local\488z4\SystemPropertiesProtection.exe
            Filesize

            82KB

            MD5

            26640d2d4fa912fc9a354ef6cfe500ff

            SHA1

            a343fd82659ce2d8de3beb587088867cf2ab8857

            SHA256

            a8ddf1b17b0cbc96a7eaedb0003aa7b1631da09ebfe85b387f8f630222511b37

            SHA512

            26162a3d9d4a8e3290dbcf6fe387b5c48ab1d9552aa02a38954649d877f408cb282e57580f81e15128e3a41da0eb58328d1d6253e1b57232f9a8cecdd99991dc

            Download Submit

          • C:\Users\Admin\AppData\Local\8qio76b4f\UxTheme.dll
            Filesize

            1.2MB

            MD5

            66111914ee31435dc22784d20ac907ef

            SHA1

            86edd6a352b6019e09508b8f5352c42795273053

            SHA256

            3c1398ef159bbbf1a0857b7638fd3504ef6a25c1b1b8d40dc89b1bce898ebfa8

            SHA512

            466a56702963604065c05d490672bcdb781c376cc0f55dda60847dda46ae8096ff1485ca234b4f000c97f41816f88115153243d39cbb93dabb19d108da5604c8

            Download Submit

          • C:\Users\Admin\AppData\Local\8qio76b4f\isoburn.exe
            Filesize

            119KB

            MD5

            68078583d028a4873399ae7f25f64bad

            SHA1

            a3c928fe57856a10aed7fee17670627fe663e6fe

            SHA256

            9478c095afe212bce91d2de1a3c3647109f2d54e46b9bf70843e839324458567

            SHA512

            25503a47c53fe83eeb56726b5a5eec5cb01bc783e866306f92242a7a8cbafa20a3209217e0f4561febfec78d2f64f1725727a6b2d3ee6da512618984d0bb0bc1

            Download Submit

          • C:\Users\Admin\AppData\Local\y1MMuaSY\XmlLite.dll
            Filesize

            1.2MB

            MD5

            fe514c9fb5b948d2bfe4ee3b76e3836e

            SHA1

            36948859da604754e6fcced20111344612756e72

            SHA256

            f88eba9b3b11af5a482545865a53d54f65de1e9097e9896cd2adcdcce70cd207

            SHA512

            ca1c93dfacf7648f89a5b49915d05c19160fc5d09102ce9cb614fde35edffa92dfc3f6325f61fcba6bf2d43edb4fcf0ee6683eee9528b94983e65ba7640658bb

            Download Submit

          • C:\Users\Admin\AppData\Local\y1MMuaSY\usocoreworker.exe
            Filesize

            1.3MB

            MD5

            2c5efb321aa64af37dedc6383ce3198e

            SHA1

            a06d7020dd43a57047a62bfb443091cd9de946ba

            SHA256

            0fb6688a32340036f3eaab4a09a82dee533bfb2ca266c36f6142083134de6f0e

            SHA512

            5448ea01b24af7444505bda80064849a2efcc459011d32879e021e836fd573c9b1b9d3b37291d3f53ff536c691ac13a545b12f318a16c8a367421986bbf002ed

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Jmybglakcar.lnk
            Filesize

            1KB

            MD5

            ec9b7a9137e96943d2376fcb1a5f07c7

            SHA1

            09aa373bd0f8cf995dd9ef19aee8758614c9049e

            SHA256

            1d59401b0f04e23f1de68fce5526ddfe4bc2041801816f3a12d9bd9f2979081f

            SHA512

            e6ac8d3bc9dc9144103043647466471a529ec50d657a2316fed2686d005acb7aa6e0b488e93382bc48838870a8dda24676b28900390e712f53286dde73f58b9e

            Download Submit

          • memory/2368-39-0x00007FF846CA0000-0x00007FF846DD1000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2368-0-0x00007FF846CA0000-0x00007FF846DD1000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2368-3-0x0000027CD4780000-0x0000027CD4787000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3448-52-0x00007FF837FC0000-0x00007FF8380F2000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-46-0x00007FF837FC0000-0x00007FF8380F2000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3448-49-0x000002B2556A0000-0x000002B2556A7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3460-30-0x0000000000480000-0x0000000000487000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3460-36-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-9-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-8-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-15-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-7-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-11-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-12-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-16-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-17-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-25-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-10-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-31-0x00007FF856150000-0x00007FF856160000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3460-14-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3460-6-0x00007FF8550EA000-0x00007FF8550EB000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3460-4-0x0000000002800000-0x0000000002801000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3460-13-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4284-69-0x00007FF837FC0000-0x00007FF8380F2000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4284-66-0x0000016EEAB90000-0x0000016EEAB97000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4456-83-0x00000226B96D0000-0x00000226B96D7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4456-86-0x00007FF837FC0000-0x00007FF8380F2000-memory.dmp

            Filesize

            1.2MB

            Download