Overview

overview

10

Static

static

3

b273fa9743...18.dll

windows7-x64

10

b273fa9743...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    21-08-2024 06:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b273fa97431153c131b5b9ae8d6f85b7_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    b273fa97431153c131b5b9ae8d6f85b7

  • SHA1

    6747bd7ef216cdf6d23e500c2ca8c41e851b109e

  • SHA256

    f487a0f3b8ef34854390d1f67b57ead543c6a940a74bf00699264c183533cbe6

  • SHA512

    6bc9e750e65ae49fa76d6fc1447b3386c79cf434871e75a5b6f2307ccd35b9105c8b6e5eafd610e618ce36ac4089cecd2c739ed05cb9bf9944327b40fcbc2e1c

  • SSDEEP

    24576:GuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:m9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b273fa97431153c131b5b9ae8d6f85b7_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:300
  • C:\Windows\system32\winlogon.exe
    C:\Windows\system32\winlogon.exe
    1⤵
      PID:2632
    • C:\Users\Admin\AppData\Local\BDkA57OWD\winlogon.exe
      C:\Users\Admin\AppData\Local\BDkA57OWD\winlogon.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2724
    • C:\Windows\system32\SystemPropertiesPerformance.exe
      C:\Windows\system32\SystemPropertiesPerformance.exe
      1⤵
        PID:2496
      • C:\Users\Admin\AppData\Local\PYzhQOGX\SystemPropertiesPerformance.exe
        C:\Users\Admin\AppData\Local\PYzhQOGX\SystemPropertiesPerformance.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2532
      • C:\Windows\system32\dwm.exe
        C:\Windows\system32\dwm.exe
        1⤵
          PID:672
        • C:\Users\Admin\AppData\Local\vnSjTLwY\dwm.exe
          C:\Users\Admin\AppData\Local\vnSjTLwY\dwm.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2028

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\BDkA57OWD\WINSTA.dll
          Filesize

          1.2MB

          MD5

          b76c0444eb0a31f7bee49b245c2368b2

          SHA1

          11f0291b2a6cceb01839e20658b98f444ca30f9c

          SHA256

          85fa2def56aed1c2d28371184d37584d634bb719f1037bf33a8c74e75dcdf0ab

          SHA512

          8e0f0813d758e4f60e836d9b1e0eb90538c2cff3e82c3541575f6738497ab156d60185a83171168383a50275824bce8d2148f150e0d84c002ebc2db537a48508

          Download Submit

        • C:\Users\Admin\AppData\Local\PYzhQOGX\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          f8b7d30692090a4e0c74e3ca55cc866a

          SHA1

          f55f86ac060aca009c00452d74867877f4b2c127

          SHA256

          b86cc5f410913c7307d84dd6706eab3d08e9226ec577cd2efc91c77b9062d24d

          SHA512

          bb47969f69ee5f6650e5fd505d3e4135794137fb95508134420028a001e88de8359eea11d8c9c260af1ca359577df7b3d30636d1368645fe4d68d66cc0b29c87

          Download Submit

        • C:\Users\Admin\AppData\Local\vnSjTLwY\UxTheme.dll
          Filesize

          1.2MB

          MD5

          df0b33396b6f9a24e428edf2aed20cb2

          SHA1

          5def2c48b17dc12c9a9ed6ef5cc01291101e0d59

          SHA256

          620e493c30d003d8ca7438fd673a1329e1d17f651f2b2b9a27d253f9ecb972cc

          SHA512

          bb8539753741c643771244ae41d1682a817d3fa40b0b1cd3fd88c24e04d2ebee9b392249248fbcfacab7b81d70763881fc27d73038d65267abef4a23d13b601c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ewnqrlgibmqii.lnk
          Filesize

          1KB

          MD5

          0dcf09478c08017f3d76a51274833a47

          SHA1

          a66d27225fe445e88f06547041e98a72a34f434a

          SHA256

          d37e038a287e1dbc8dca4df5d6eeb514f36b2f2d25d80e8f8e2272b1c3716027

          SHA512

          7571dbd64103fc93603133639c1501b429cfbcb3672ff6c09486f1ecf407fbf77adda637dc387d499039e15ac965e73b15b8f4112b3d76baad5fe3f73ef8637c

          Download Submit

        • \Users\Admin\AppData\Local\BDkA57OWD\winlogon.exe
          Filesize

          381KB

          MD5

          1151b1baa6f350b1db6598e0fea7c457

          SHA1

          434856b834baf163c5ea4d26434eeae775a507fb

          SHA256

          b1506e0a7e826eff0f5252ef5026070c46e2235438403a9a24d73ee69c0b8a49

          SHA512

          df728d06238da1dece96f8b8d67a2423ed4dcb344b42d5958768d23bd570a79e7189e7c5ba783c1628fe8ddd1deaebeacb1b471c59c8a7c9beb21b4f1eb9edab

          Download Submit

        • \Users\Admin\AppData\Local\PYzhQOGX\SystemPropertiesPerformance.exe
          Filesize

          80KB

          MD5

          870726cdcc241a92785572628b89cc07

          SHA1

          63d47cc4fe9beb75862add1abca1d8ae8235710a

          SHA256

          1ab77fa1ee0cbe59ca185c228c3c11abeba2b2008a162c91a06d3c40542e7fc6

          SHA512

          89b961c2a2716fe0800e54e0206c8b349a26f1bc2a463ec9bd12f3ab22bfcb13e6402b4c20ddcf284d838a3c66e73335af8f6dc4554d76646382e387242c6f72

          Download Submit

        • \Users\Admin\AppData\Local\vnSjTLwY\dwm.exe
          Filesize

          117KB

          MD5

          f162d5f5e845b9dc352dd1bad8cef1bc

          SHA1

          35bc294b7e1f062ef5cb5fa1bd3fc942a3e37ae2

          SHA256

          8a7b7528db30ab123b060d8e41954d95913c07bb40cdae32e97f9edb0baf79c7

          SHA512

          7077e800453a4564a24af022636a2f6547bdae2c9c6f4ed080d0c98415ecc4fbf538109cbebd456e321b9b74a00613d647b63998e31925fbd841fc9d4613e851

          Download Submit

        • memory/300-3-0x00000000002A0000-0x00000000002A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/300-1-0x000007FEF5D10000-0x000007FEF5E41000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/300-46-0x000007FEF5D10000-0x000007FEF5E41000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-30-0x0000000076FE0000-0x0000000076FE2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1184-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-27-0x0000000076E51000-0x0000000076E52000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-26-0x0000000002D20000-0x0000000002D27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1184-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-47-0x0000000076D46000-0x0000000076D47000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-4-0x0000000076D46000-0x0000000076D47000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-5-0x0000000002D10000-0x0000000002D11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1184-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2028-91-0x0000000001E80000-0x0000000001E87000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2028-96-0x000007FEF5D10000-0x000007FEF5E42000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2532-73-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2532-74-0x000007FEF5D10000-0x000007FEF5E42000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2532-79-0x000007FEF5D10000-0x000007FEF5E42000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2724-60-0x000007FEF6C80000-0x000007FEF6DB3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2724-56-0x000007FEF6C80000-0x000007FEF6DB3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2724-55-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download