Overview

overview

10

Static

static

3

b1354a3e55...18.dll

windows7-x64

10

b1354a3e55...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1354a3e5555a634bafbb1f7d544a307_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    b1354a3e5555a634bafbb1f7d544a307

  • SHA1

    8b31570d013db1d63bfdbac53acb3359193fa565

  • SHA256

    3b9b60dc1df3c32236efbfa255e992f1dab96551ffa4dfc533a00b6cf810d0ae

  • SHA512

    73ae2f978f9cd855f41591d369ff7f606ab84a197322f85de8bb3ad177fbfe58daf3e9037004304ee9f151a382cbc00e9a7c4dcffe344f9d2e1875301fa24e0c

  • SSDEEP

    24576:XuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:Z9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1354a3e5555a634bafbb1f7d544a307_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1916
  • C:\Windows\system32\isoburn.exe
    C:\Windows\system32\isoburn.exe
    1⤵
      PID:2112
    • C:\Users\Admin\AppData\Local\v97rqVUgD\isoburn.exe
      C:\Users\Admin\AppData\Local\v97rqVUgD\isoburn.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:316
    • C:\Windows\system32\msinfo32.exe
      C:\Windows\system32\msinfo32.exe
      1⤵
        PID:2508
      • C:\Users\Admin\AppData\Local\5Xy9\msinfo32.exe
        C:\Users\Admin\AppData\Local\5Xy9\msinfo32.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2772
      • C:\Windows\system32\UI0Detect.exe
        C:\Windows\system32\UI0Detect.exe
        1⤵
          PID:2956
        • C:\Users\Admin\AppData\Local\czt7Bi7p\UI0Detect.exe
          C:\Users\Admin\AppData\Local\czt7Bi7p\UI0Detect.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2148

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\5Xy9\MFC42u.dll
          Filesize

          1.2MB

          MD5

          f8ef710643d909d44971c9fbd16688a3

          SHA1

          b633e3d6296ee064312de9b7af881a9e1070b205

          SHA256

          0d5b9ca821e867d2498dc84bdc6c89f734198d0df2db4c95678bebba4eabcca2

          SHA512

          b7b152bbffa7edaf956f6b8301c2a8598f96318a2bd30a532209ca9ef69f669e34797b84ca8ed35b204c5fd37013c131c5de2fde449669d27dfdf2853c8ab0f9

          Download Submit

        • C:\Users\Admin\AppData\Local\czt7Bi7p\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          c463d550053910f0cb0a6dbf2c786cde

          SHA1

          f0b3c0cb25ead61137661538190d9b8a8688be5c

          SHA256

          b60d876f60b41596d8c94d5abae7dda4f7302ae368701107f4411579f259f673

          SHA512

          dd7a21f7ff12d28a04bf15b4fe1a3391457918c1a101ef1ae54afecb97f996632cf5484786e627303e0bd7d32f7398803202d47f4840b3ba8abac3bf26e7c429

          Download Submit

        • C:\Users\Admin\AppData\Local\v97rqVUgD\UxTheme.dll
          Filesize

          1.2MB

          MD5

          f04711b0efe114a3b39ab459d2b95995

          SHA1

          63f19401a981696c025ea529600c4c61a4fe3c79

          SHA256

          1f6423f43b432a1bd9d6cded6bfd784e85cee156fe1615b93e561eff1a9817bd

          SHA512

          562e6b16891e2be9f33b19ad96c7b5ec82353fb2fdde45a682064af61e011598bacb069e0fd6ea3d2498b818f2190fc1b66e9372831b1b5ee78a61379e25814c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dzyzbjcaevupvd.lnk
          Filesize

          1KB

          MD5

          8cae6f276af4c4ad00bf95a338b2c975

          SHA1

          cd7338d65100421e6f431cb27ee69e021bdee542

          SHA256

          0fa83105091837bcc66f39c988ddda59322f60a3158b4d0a7b8d8faac00106d7

          SHA512

          95f7567eeee4651f337cf54e206ed41ff2a58529e72a0e6e58f25ce77f0658337703c107bbe05292e5f6073876c0ea9a20cf11d71c7fdfa94e9be4a8ae8b8d36

          Download Submit

        • \Users\Admin\AppData\Local\5Xy9\msinfo32.exe
          Filesize

          370KB

          MD5

          d291620d4c51c5f5ffa62ccdc52c5c13

          SHA1

          2081c97f15b1c2a2eadce366baf3c510da553cc7

          SHA256

          76e959dd7db31726c040d46cfa86b681479967aea36db5f625e80bd36422e8ae

          SHA512

          75f9bcce4c596dae1f4d78e13d9d53b0c31988d2170c3d9f5db352b8c8a1c8ca58f4a002b30a4b328b8f4769008b750b8a1c9fda44a582e11c3adc38345c334b

          Download Submit

        • \Users\Admin\AppData\Local\czt7Bi7p\UI0Detect.exe
          Filesize

          40KB

          MD5

          3cbdec8d06b9968aba702eba076364a1

          SHA1

          6e0fcaccadbdb5e3293aa3523ec1006d92191c58

          SHA256

          b8dab8aa804fc23021bfebd7ae4d40fbe648d6c6ba21cc008e26d1c084972f9b

          SHA512

          a8e434c925ef849ecef0efcb4873dbb95eea2821c967b05afbbe5733071cc2293fc94e7fdf1fdaee51cbcf9885b3b72bfd4d690f23af34558b056920263e465d

          Download Submit

        • \Users\Admin\AppData\Local\v97rqVUgD\isoburn.exe
          Filesize

          89KB

          MD5

          f8051f06e1c4aa3f2efe4402af5919b1

          SHA1

          bbcf3711501dfb22b04b1a6f356d95a6d5998790

          SHA256

          50dcb4be409f50d26c0fc32dd9cdbf96bff4e19bf624221cb566ebeb3e09ce1a

          SHA512

          5f664d937abe4426ee7e0d8491a395f9ef4ffe7a51dba05b54b7ba27e80c9be37833400911c5878d3dec659f4fa1579ec8ba4cfc485fb2ce24dd37c321006daa

          Download Submit

        • memory/316-60-0x000007FEF73C0000-0x000007FEF74F1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/316-55-0x000007FEF73C0000-0x000007FEF74F1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/316-54-0x0000000000390000-0x0000000000397000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1184-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-25-0x0000000002550000-0x0000000002557000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1184-5-0x0000000002570000-0x0000000002571000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-4-0x0000000077B86000-0x0000000077B87000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-24-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-16-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-26-0x0000000077C91000-0x0000000077C92000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-27-0x0000000077E20000-0x0000000077E22000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1184-36-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-37-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-46-0x0000000077B86000-0x0000000077B87000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1916-45-0x000007FEF6B60000-0x000007FEF6C90000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1916-0-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1916-2-0x000007FEF6B60000-0x000007FEF6C90000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2148-90-0x00000000000A0000-0x00000000000A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2148-91-0x000007FEF6B50000-0x000007FEF6C81000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2148-96-0x000007FEF6B50000-0x000007FEF6C81000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2772-72-0x000007FEF6B50000-0x000007FEF6C87000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2772-75-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2772-78-0x000007FEF6B50000-0x000007FEF6C87000-memory.dmp

          Filesize

          1.2MB

          Download