Overview

overview

10

Static

static

3

b01fcdb7f9...18.dll

windows7-x64

10

b01fcdb7f9...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b01fcdb7f976ea702d6ed85384860517_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    b01fcdb7f976ea702d6ed85384860517

  • SHA1

    a98626defa6c2fcdc1f8c94989630b178e4525b5

  • SHA256

    acc1afe396b1cea595c410a56c82f0049395618df8725ff337259994b0d5b486

  • SHA512

    4629219101f8d1b5905a8bc282db82afbb7110a1d5102e4f860f73fdd9588fdec3afb47c954194428a77ae05add3fc8a829c8064b1fcb2d286eb82fa525fedd9

  • SSDEEP

    24576:KuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:S9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 5 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b01fcdb7f976ea702d6ed85384860517_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2688
  • C:\Windows\system32\mmc.exe
    C:\Windows\system32\mmc.exe
    1⤵
      PID:2992
    • C:\Users\Admin\AppData\Local\igKBBr\mmc.exe
      C:\Users\Admin\AppData\Local\igKBBr\mmc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1836
    • C:\Windows\system32\slui.exe
      C:\Windows\system32\slui.exe
      1⤵
        PID:552
      • C:\Users\Admin\AppData\Local\N26o5hv5\slui.exe
        C:\Users\Admin\AppData\Local\N26o5hv5\slui.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2460
      • C:\Windows\system32\rdpclip.exe
        C:\Windows\system32\rdpclip.exe
        1⤵
          PID:3056
        • C:\Users\Admin\AppData\Local\HGGm\rdpclip.exe
          C:\Users\Admin\AppData\Local\HGGm\rdpclip.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2064
        • C:\Windows\system32\mfpmp.exe
          C:\Windows\system32\mfpmp.exe
          1⤵
            PID:3008
          • C:\Users\Admin\AppData\Local\53qYX\mfpmp.exe
            C:\Users\Admin\AppData\Local\53qYX\mfpmp.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:2128

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\53qYX\MFPlat.DLL
            Filesize

            1.2MB

            MD5

            268e8a858b182971dc4157c617065c7a

            SHA1

            8df13bca7516061af5329c9beba8135abb516c40

            SHA256

            d539e71e2b89a208e344788d08654a6ede8c3616b6c481d8d5f044f893610b2d

            SHA512

            f9ef8c0be84736eb8847816ae7d2d77d66f884ac24a9330e291032d25b26c4abf1f78127f0384f21b2636dec9a30fdf105916995f0994c1d24178b2254a3e432

            Download Submit

          • C:\Users\Admin\AppData\Local\53qYX\mfpmp.exe
            Filesize

            24KB

            MD5

            2d8600b94de72a9d771cbb56b9f9c331

            SHA1

            a0e2ac409159546183aa45875497844c4adb5aac

            SHA256

            7d8d8918761b8b6c95758375a6e7cf7fb8e43abfdd3846476219883ef3f8c185

            SHA512

            3aaa6619f29434c294b9b197c3b86fdc5d88b0254c8f35f010c9b5f254fd47fbc3272412907e2a5a4f490bda2acfbbd7a90f968e25067abf921b934d2616eafc

            Download Submit

          • C:\Users\Admin\AppData\Local\HGGm\WINSTA.dll
            Filesize

            1.2MB

            MD5

            98c845d6c743c6dfdb89bb34ce8f2f0c

            SHA1

            7e026613848410e183afe709f3d115a70c9b092f

            SHA256

            0c228c4a17de354ead38e2596c5a6e0461e56030098f96a0e65622b73fa56627

            SHA512

            57ed1093b8ef3bb661752347b65d29653e3d9923731f8184d6b0335a1062ccfdc2219ed2c6f65e5f75ec84e684b7be2bfb2932a24fdc798d7c00ea7dbba9f49d

            Download Submit

          • C:\Users\Admin\AppData\Local\N26o5hv5\slc.dll
            Filesize

            1.2MB

            MD5

            e61ccc3bd35b46b0c173fc59136e66f9

            SHA1

            fda849d8bd8d7e481186bbaaa54caed91ab7866e

            SHA256

            6d20512bb6c2cfa539773816d114b3b10966f4483c0e82e563049bc531370913

            SHA512

            99f23c6c67c163f464734455be1c74b8d35a7da16f1b00fef6a607e1d1cb20fc78ae678d39c79d026e894628bc984da09f628c94e66f8b57821c65ad46e94f76

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Acjenwgziemamyd.lnk
            Filesize

            1KB

            MD5

            fe5ec622b1f2cfdc9706700fc70a9a0e

            SHA1

            909c638967db8540bfca878bec9ffa74e5660139

            SHA256

            bebd1e7a80a69abcedb98a078f967bf4c7d5e6bb2d940e8e516b2c6344219911

            SHA512

            3b02ae30de2aa5157673ebe580c63c338dfbe2d84f9ecf8fd94e43eb219dd56f25ccc5b82cc2d4f072342432a736489004de90d0d9b779230cfce95137f171b3

            Download Submit

          • \Users\Admin\AppData\Local\HGGm\rdpclip.exe
            Filesize

            206KB

            MD5

            25d284eb2f12254c001afe9a82575a81

            SHA1

            cf131801fdd5ec92278f9e0ae62050e31c6670a5

            SHA256

            837e0d864c474956c0d9d4e7ae5f884007f19b7f420db9afcf0d266aefa6608b

            SHA512

            7b4f208fa1681a0a139577ebc974e7acfc85e3c906a674e111223783460585eb989cb6b38f215d79f89e747a0e9224d90e1aa43e091d2042edb8bac7b27b968b

            Download Submit

          • \Users\Admin\AppData\Local\N26o5hv5\slui.exe
            Filesize

            341KB

            MD5

            c5ce5ce799387e82b7698a0ee5544a6d

            SHA1

            ed37fdb169bb539271c117d3e8a5f14fd8df1c0d

            SHA256

            34aa7ca0ea833263a6883827e161a5c218576c5ad97e0ce386fad4250676b42c

            SHA512

            79453b45e1f38d164ee3dbc232f774ff121d4394c22783140f5c8c722f184a69f499f2fb9621bdb28f565065b791883526e1a1d4abef9df82289613c2ce97a5c

            Download Submit

          • \Users\Admin\AppData\Local\igKBBr\MFC42u.dll
            Filesize

            1.2MB

            MD5

            140fcd0495a993b4d998b8f13d9bfa0a

            SHA1

            e256c3b3910e7ad97a601c49c9cc8d56811f3cc5

            SHA256

            ffdfec54f74a7be8516800305e505ba2eb19079fb0c2043cb78a396dd65d2ee0

            SHA512

            338c58a0efc4b92f0ddd3815c73059d20eb57cbdcf3c2d993156691c211a40f200bb0e2aa6fecfc9e54d18f4c17d03f29c81ed41e79e1ca1c97466fd105e9b27

            Download Submit

          • \Users\Admin\AppData\Local\igKBBr\mmc.exe
            Filesize

            2.0MB

            MD5

            9fea051a9585f2a303d55745b4bf63aa

            SHA1

            f5dc12d658402900a2b01af2f018d113619b96b8

            SHA256

            b212e59e4c7fe77f6f189138d9d8b151e50eb83a35d6eadfb1e4bb0b4262c484

            SHA512

            beba79f0b6710929871fbdf378d3c0a41f230ac30cbfa87173f7b77c35e06425f48db42ed3b16d5d9bcb7ef0098dffcd0d2947da8fb7ec1136ea62205f1afc76

            Download Submit

          • memory/1192-7-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-27-0x0000000076F10000-0x0000000076F12000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1192-14-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-13-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-10-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-9-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-8-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-4-0x0000000076B76000-0x0000000076B77000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1192-5-0x0000000002E00000-0x0000000002E01000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1192-37-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-36-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-12-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-46-0x0000000076B76000-0x0000000076B77000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1192-16-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-25-0x0000000002E20000-0x0000000002E27000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1192-11-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-24-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-15-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1192-26-0x0000000076D81000-0x0000000076D82000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1836-58-0x000007FEF7910000-0x000007FEF7A47000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1836-57-0x00000000000A0000-0x00000000000A7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1836-54-0x000007FEF7910000-0x000007FEF7A47000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2064-85-0x000007FEF77E0000-0x000007FEF7912000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2064-91-0x000007FEF77E0000-0x000007FEF7912000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2064-88-0x0000000000110000-0x0000000000117000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2128-108-0x000007FEF77E0000-0x000007FEF7912000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2460-73-0x000007FEF78A0000-0x000007FEF79D1000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2460-68-0x000007FEF78A0000-0x000007FEF79D1000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2688-1-0x000007FEF77F0000-0x000007FEF7920000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2688-45-0x000007FEF77F0000-0x000007FEF7920000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2688-0-0x00000000003A0000-0x00000000003A7000-memory.dmp

            Filesize

            28KB

            Download