Overview

overview

10

Static

static

3

a67261a158...18.dll

windows7-x64

10

a67261a158...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18-08-2024 10:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a67261a15803bb7e21d3d22d97d8e923_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    a67261a15803bb7e21d3d22d97d8e923

  • SHA1

    f702e1a7cccc81d925e4b75796da0ace7aac8005

  • SHA256

    b8c5142d09851bb8da18953b38041345f177a1ea49f2101da423f3d148a26631

  • SHA512

    2f37783a9b247b9752b5bf25015fbbcd051fcc125bfc49ad8cc6d5df1da8457a0ea7aff6c3b14f2538d86e03c1534c032ec7378be20571ba5b1edfec4f0bc384

  • SSDEEP

    24576:BuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:T9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a67261a15803bb7e21d3d22d97d8e923_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3016
  • C:\Windows\system32\calc.exe
    C:\Windows\system32\calc.exe
    1⤵
      PID:340
    • C:\Users\Admin\AppData\Local\fgxFON1\calc.exe
      C:\Users\Admin\AppData\Local\fgxFON1\calc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2556
    • C:\Windows\system32\eudcedit.exe
      C:\Windows\system32\eudcedit.exe
      1⤵
        PID:2604
      • C:\Users\Admin\AppData\Local\792lk\eudcedit.exe
        C:\Users\Admin\AppData\Local\792lk\eudcedit.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1724
      • C:\Windows\system32\mblctr.exe
        C:\Windows\system32\mblctr.exe
        1⤵
          PID:2044
        • C:\Users\Admin\AppData\Local\DYbp\mblctr.exe
          C:\Users\Admin\AppData\Local\DYbp\mblctr.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1616

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\792lk\MFC42u.dll
          Filesize

          1.2MB

          MD5

          6162bd11a369e718465e82a453b63e48

          SHA1

          e15e36d9e713461699c18b498668db1dd16cef0b

          SHA256

          8274ef713e3802602e6115bf074c6c4395497bfdf3a173efae98a273e6d22b94

          SHA512

          7266e0119c0c32ff352fb1f459f891d673f4ed866765f16ec7fdaa1d523e99a4632d063b7e9532f32c9d16b45414bdb4aebf11ce10154afb20e14f24b493a10e

          Download Submit

        • C:\Users\Admin\AppData\Local\DYbp\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          a9836f80a765ad4dfb28ed98d0da3ff0

          SHA1

          cdbf4dc3b747abd5369a95501c9a1aed70226c33

          SHA256

          58f2cff00f728743e1504dfe4a12be8e8897008ecb79c6bc44154b44488d6fba

          SHA512

          f1b52c896d9c3f3c6691264bebfd66eca2ac4872a24477b6ee56853d83d9012138eefd891aa2d9a73fa3e344516e77e101236c27a33d9f1e74ade2ad282e0d6e

          Download Submit

        • C:\Users\Admin\AppData\Local\fgxFON1\VERSION.dll
          Filesize

          1.2MB

          MD5

          2a8aa05568cf91b474ee5ba018dfd260

          SHA1

          7a3eb2f518f00ceb34197e4db672f30315406930

          SHA256

          a31f51fa9322758371f2b3bfa4e73f18e8754902248e5f818e0759203b61d537

          SHA512

          eeac875b06c2434b631c062b42b77d5a5ebccc9fc5c09e6786f1808ba1b4abaed9ea18734b2a05e3ba02167e64dad27c288c19504b50ee042c1827466582993b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ewnqrlgibmqii.lnk
          Filesize

          1KB

          MD5

          88cd59a3b93b6dd800f500426cd8c87d

          SHA1

          3306fe143d5f0eb1adabdb5ea62393edf5541d77

          SHA256

          263b45c38bc49b7c3c520c4b8ea4d9871ef5cb6133dfc37a24ce713693f12d94

          SHA512

          80ee71b08823ff5075903162bd527c89ac7e3491fc9a94bae55aa4779c04601da186ff1a536033b1d94f296518f2a032a8d06c2ce0132eb953a3284b7764b221

          Download Submit

        • \Users\Admin\AppData\Local\792lk\eudcedit.exe
          Filesize

          351KB

          MD5

          35e397d6ca8407b86d8a7972f0c90711

          SHA1

          6b39830003906ef82442522d22b80460c03f6082

          SHA256

          1f64118bdc3515e8e9fce6ad182f6d0c8a6528d638fedb4901a6152cde4c7cde

          SHA512

          71b0c4ac120e5841308b0c19718bdc28366b0d79c8177091328ef5421392b9ee5e4758816ffb8c0977f178e1b33ed064f64781eaf7d6952878dc8aea402f035e

          Download Submit

        • \Users\Admin\AppData\Local\DYbp\mblctr.exe
          Filesize

          935KB

          MD5

          fa4c36b574bf387d9582ed2c54a347a8

          SHA1

          149077715ee56c668567e3a9cb9842284f4fe678

          SHA256

          b71cdf708d4a4f045f784de5e5458ebf9a4fa2b188c3f7422e2fbfe19310be3f

          SHA512

          1f04ce0440eec7477153ebc2ce56eaabcbbac58d9d703c03337f030e160d22cd635ae201752bc2962643c75bbf2036afdd69d97e8cbc81260fd0e2f55946bb55

          Download Submit

        • \Users\Admin\AppData\Local\fgxFON1\calc.exe
          Filesize

          897KB

          MD5

          10e4a1d2132ccb5c6759f038cdb6f3c9

          SHA1

          42d36eeb2140441b48287b7cd30b38105986d68f

          SHA256

          c6a91cba00bf87cdb064c49adaac82255cbec6fdd48fd21f9b3b96abf019916b

          SHA512

          9bd44afb164ab3e09a784c765cd03838d2e5f696c549fc233eb5a69cada47a8e1fb62095568cb272a80da579d9d0e124b1c27cf61bb2ac8cf6e584a722d8864d

          Download Submit

        • memory/1216-28-0x0000000077A50000-0x0000000077A52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1216-47-0x00000000777B6000-0x00000000777B7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-26-0x00000000024D0000-0x00000000024D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1216-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-27-0x00000000778C1000-0x00000000778C2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-4-0x00000000777B6000-0x00000000777B7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-39-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-5-0x00000000024F0000-0x00000000024F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1216-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1216-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1616-91-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1616-92-0x000007FEF7B70000-0x000007FEF7CA2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1616-97-0x000007FEF7B70000-0x000007FEF7CA2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1724-76-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1724-73-0x000007FEF7B70000-0x000007FEF7CA8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1724-79-0x000007FEF7B70000-0x000007FEF7CA8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2556-61-0x000007FEF7CA0000-0x000007FEF7DD2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2556-55-0x000007FEF7CA0000-0x000007FEF7DD2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2556-58-0x0000000001EC0000-0x0000000001EC7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3016-46-0x000007FEF7B60000-0x000007FEF7C91000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3016-0-0x000007FEF7B60000-0x000007FEF7C91000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3016-3-0x00000000003A0000-0x00000000003A7000-memory.dmp

          Filesize

          28KB

          Download