Overview

overview

10

Static

static

3

a77ea17035...18.dll

windows7-x64

10

a77ea17035...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18-08-2024 17:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a77ea170351ac991900e99d6ab82ba94_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    a77ea170351ac991900e99d6ab82ba94

  • SHA1

    89883fdfd9b195314c5f11c9f3a6f11f1ac54481

  • SHA256

    2c09684615691cd1f32ce11fc79ac9d166f341082f8d699b1f8c23322fe87281

  • SHA512

    b0b5bce4389d55febe02120e620b27fb20a938d1e35de20402815028ccc6c897fc6eb37df6e394dd8a47b1fb18ff71d21efc6f1d0d08d392de2acdb5efc8525c

  • SSDEEP

    24576:5uYfQ4rhHr4NFXa5O1aUiDBv52+IT3WpclO9N:bdca7Uq5WbQcU

Score
10/10
dridexbotnetevasionpayloadtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a77ea170351ac991900e99d6ab82ba94_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1664
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 1200 -s 2820
    1⤵
      PID:2988

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1200-27-0x0000000077C91000-0x0000000077C92000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1200-8-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-38-0x0000000077A86000-0x0000000077A87000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1200-15-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-17-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-7-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-16-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-9-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-14-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-25-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-4-0x0000000077A86000-0x0000000077A87000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1200-28-0x0000000077E20000-0x0000000077E22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1200-5-0x00000000025A0000-0x00000000025A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1200-13-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-12-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-11-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-10-0x0000000140000000-0x0000000140131000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1200-26-0x0000000002580000-0x0000000002587000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1664-3-0x00000000002A0000-0x00000000002A7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1664-37-0x000007FEF6A30000-0x000007FEF6B61000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1664-0-0x000007FEF6A30000-0x000007FEF6B61000-memory.dmp

      Filesize

      1.2MB

      Download