Overview

overview

10

Static

static

3

b42d93e77b...18.dll

windows7-x64

10

b42d93e77b...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21-08-2024 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b42d93e77b5c62799de6e15c87e5aa0a_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    b42d93e77b5c62799de6e15c87e5aa0a

  • SHA1

    00254ec7a4aea06c5836d06de5f395c03e8df426

  • SHA256

    2fae4980756d9703b8adb56e7b874137e38a2a19d94874286517d7c753e0e3b3

  • SHA512

    49dd41fbaf5f2107b041a8811a4ddd05d5e5ff6b52b4066c69b909cb2c7ccbb002057db58eeb2a0f34391cc7415963917b45b425510d3dfb2f0bd8350ecb21fe

  • SSDEEP

    24576:0uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NF:s9cKrUqZWLAcUd

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 5 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b42d93e77b5c62799de6e15c87e5aa0a_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2568
  • C:\Windows\system32\sdclt.exe
    C:\Windows\system32\sdclt.exe
    1⤵
      PID:2992
    • C:\Users\Admin\AppData\Local\W7Ul\sdclt.exe
      C:\Users\Admin\AppData\Local\W7Ul\sdclt.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2936
    • C:\Windows\system32\mmc.exe
      C:\Windows\system32\mmc.exe
      1⤵
        PID:2156
      • C:\Users\Admin\AppData\Local\Kxu4Vejb\mmc.exe
        C:\Users\Admin\AppData\Local\Kxu4Vejb\mmc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1808
      • C:\Windows\system32\DevicePairingWizard.exe
        C:\Windows\system32\DevicePairingWizard.exe
        1⤵
          PID:2292
        • C:\Users\Admin\AppData\Local\VgZy9iLR\DevicePairingWizard.exe
          C:\Users\Admin\AppData\Local\VgZy9iLR\DevicePairingWizard.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2484
        • C:\Windows\system32\DeviceDisplayObjectProvider.exe
          C:\Windows\system32\DeviceDisplayObjectProvider.exe
          1⤵
            PID:2968
          • C:\Users\Admin\AppData\Local\Juwx\DeviceDisplayObjectProvider.exe
            C:\Users\Admin\AppData\Local\Juwx\DeviceDisplayObjectProvider.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:3052

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Juwx\XmlLite.dll
            Filesize

            1.2MB

            MD5

            01ddfdc267edb5ed9a00b769725fa290

            SHA1

            541a417fa6a57a54da6e8798e98d669806e74a8f

            SHA256

            d8fb86d3ecf2a78176d38820ac1d7afd53bef5cf12eb5278276feed69f7ad773

            SHA512

            049f867c8c40f38363edc74cd5dbb0bf7c1eac995862e9d9116653abc82447bf96cd886e955c7ad12c83f1d8fb00b512d415fbcdea44bc3bb9abc2c2c43c6b3b

            Download Submit

          • C:\Users\Admin\AppData\Local\Kxu4Vejb\MFC42u.dll
            Filesize

            1.2MB

            MD5

            9a59535c65bc9cde9fa43a011f709395

            SHA1

            04cfbe7994faa735a7948b13ca99cea027a0ee8e

            SHA256

            6b32295f9341f9a8b0593221d7d4610444b4615b34be1637ae60b17f1f1acaba

            SHA512

            4a993bfbe2c8c91a719d0c4b8710e08934f13487b9520d9b2d3b77e264f073c66da4e6e5e04dae0e9e1d75f9aad5f259b95c48e4cb2bf70b5c4d5e76600a57af

            Download Submit

          • C:\Users\Admin\AppData\Local\VgZy9iLR\MFC42u.dll
            Filesize

            1.2MB

            MD5

            a307e000e5c861cd85638a6a4a5f3d2c

            SHA1

            9a064ffbd62339505724b216b39e8109713c5392

            SHA256

            04c2a26916bda39b8692cf5bde38a0e8a3202ea7d3585ec053af7cefcc244394

            SHA512

            11a198fcfd77953a503eb1ecd7dd0ed1dd9db9a72bed27b6829c30b1110d61b1d76cabbe8f4701f21b1fa3b9207cbce70e62a5702a6251151deba99178b4b599

            Download Submit

          • C:\Users\Admin\AppData\Local\W7Ul\SPP.dll
            Filesize

            1.2MB

            MD5

            99c70a64a10a1ef5947b82058f39ac14

            SHA1

            9f10690cfbec62a886bcd207a991c8df9af767a4

            SHA256

            976a6324ecdd36d1d3f3a5f1d596d2aaed616035a88f518eaf6d9105fb357191

            SHA512

            1fcfc424cbd437bb051a8ce6a6d2541ebf7f18bf6b7a49bdaff756fba1356980843d0e9af56fbb32b13b705aecf7ac5191a49f731d247f2ea6c214baf0c1b80d

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dwxzrb.lnk
            Filesize

            1KB

            MD5

            2da575bb5f53baecfd4a4603e6a54cc0

            SHA1

            7ae1c496e8b1847ef2eacf4ad9460d1388b94bd3

            SHA256

            8706a864f9105fb9bd3f3ad121cb07f52820feb09670208e31028745bb61989d

            SHA512

            1355aed0019dc5f194ec842616451d94e9674fbfeb59ce4afe4d3bc007d3c8fed539284c4b83c0084c8cbbd20615e3f19889b51ae2adfdf6da437cf935acd99e

            Download Submit

          • \Users\Admin\AppData\Local\Juwx\DeviceDisplayObjectProvider.exe
            Filesize

            109KB

            MD5

            7e2eb3a4ae11190ef4c8a9b9a9123234

            SHA1

            72e98687a8d28614e2131c300403c2822856e865

            SHA256

            8481a8ec19cb656ce328c877d5817d317203ba34424a2e9d169ddce5bf2cd2b0

            SHA512

            18b1a0637f48929972a463d441182307725ebf1410dd461a1966bd040ac5dcced138155b7c713bfc924ea2f7b39527a084a08b44fa24c3eb9c654871f99caabf

            Download Submit

          • \Users\Admin\AppData\Local\Kxu4Vejb\mmc.exe
            Filesize

            2.0MB

            MD5

            9fea051a9585f2a303d55745b4bf63aa

            SHA1

            f5dc12d658402900a2b01af2f018d113619b96b8

            SHA256

            b212e59e4c7fe77f6f189138d9d8b151e50eb83a35d6eadfb1e4bb0b4262c484

            SHA512

            beba79f0b6710929871fbdf378d3c0a41f230ac30cbfa87173f7b77c35e06425f48db42ed3b16d5d9bcb7ef0098dffcd0d2947da8fb7ec1136ea62205f1afc76

            Download Submit

          • \Users\Admin\AppData\Local\VgZy9iLR\DevicePairingWizard.exe
            Filesize

            73KB

            MD5

            9728725678f32e84575e0cd2d2c58e9b

            SHA1

            dd9505d3548f08e5198a8d6ba6bcd60b1da86d5c

            SHA256

            d95d3aa065a657c354244e3d9d4dc62673dc36c1bed60650fade7d128ddab544

            SHA512

            a5d22240450e7b659cba507f9abe7e6d861e9712ca2335ea5ceb69e3557362b00f5d02bf84c3a6fed82a09eda555866dcab43741ad9c6db96e1e302ef2363377

            Download Submit

          • \Users\Admin\AppData\Local\W7Ul\sdclt.exe
            Filesize

            1.2MB

            MD5

            cdebd55ffbda3889aa2a8ce52b9dc097

            SHA1

            4b3cbfff5e57fa0cb058e93e445e3851063646cf

            SHA256

            61bd24487c389fc2b939ce000721677cc173bde0edcafccff81069bbd9987bfd

            SHA512

            2af69742e90d3478ae0a770b2630bfdc469077311c1f755f941825399b9a411e3d8d124126f59b01049456cddc01b237a3114847f1fe53f9e7d1a97e4ba36f13

            Download Submit

          • memory/1204-38-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-8-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-26-0x0000000002E70000-0x0000000002E77000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1204-16-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-14-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-13-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-12-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-11-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-10-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-9-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-37-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-4-0x0000000077616000-0x0000000077617000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1204-5-0x0000000002E90000-0x0000000002E91000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1204-47-0x0000000077616000-0x0000000077617000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1204-28-0x00000000778B0000-0x00000000778B2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1204-17-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-27-0x0000000077721000-0x0000000077722000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1204-7-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-15-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1204-25-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1808-73-0x000007FEF6540000-0x000007FEF6678000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1808-77-0x000007FEF6540000-0x000007FEF6678000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1808-76-0x0000000000520000-0x0000000000527000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2484-90-0x00000000000F0000-0x00000000000F7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2484-93-0x000007FEF6540000-0x000007FEF6678000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2568-46-0x000007FEF6540000-0x000007FEF6671000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2568-0-0x000007FEF6540000-0x000007FEF6671000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2568-3-0x0000000000120000-0x0000000000127000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2936-56-0x000007FEF6E50000-0x000007FEF6F82000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2936-55-0x00000000001B0000-0x00000000001B7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2936-61-0x000007FEF6E50000-0x000007FEF6F82000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3052-105-0x000007FEF6540000-0x000007FEF6672000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3052-110-0x000007FEF6540000-0x000007FEF6672000-memory.dmp

            Filesize

            1.2MB

            Download