Overview

overview

10

Static

static

3

bac626c330...18.dll

windows7-x64

10

bac626c330...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23-08-2024 07:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bac626c330c4f54cf739b1840fe180b4_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    bac626c330c4f54cf739b1840fe180b4

  • SHA1

    ac00babc73192095dd0a99e15052dbc94b0076f1

  • SHA256

    d590a58d203fa7da5c807e2bdd946aaf55f04d2413ad267dc07bbc97de70476b

  • SHA512

    7452f661484866a623ab1c1b44c5cec0074f9f642ad6d15c0f3d7f1297dd3c224fa67f59d9e626627374ad4a57fdc1bb8be2a5e89a8f5a91cb3ef5d8732de942

  • SSDEEP

    24576:uuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:O9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bac626c330c4f54cf739b1840fe180b4_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2380
  • C:\Windows\system32\BdeUISrv.exe
    C:\Windows\system32\BdeUISrv.exe
    1⤵
      PID:2628
    • C:\Users\Admin\AppData\Local\StKiP\BdeUISrv.exe
      C:\Users\Admin\AppData\Local\StKiP\BdeUISrv.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2948
    • C:\Windows\system32\mspaint.exe
      C:\Windows\system32\mspaint.exe
      1⤵
        PID:1880
      • C:\Users\Admin\AppData\Local\kgtSgP\mspaint.exe
        C:\Users\Admin\AppData\Local\kgtSgP\mspaint.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2224
      • C:\Windows\system32\rdpshell.exe
        C:\Windows\system32\rdpshell.exe
        1⤵
          PID:1912
        • C:\Users\Admin\AppData\Local\u26mv\rdpshell.exe
          C:\Users\Admin\AppData\Local\u26mv\rdpshell.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2812

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\StKiP\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          7fdc85ab42f0c0ce03d0eb160d218fab

          SHA1

          9bb7491990d0cf2355aa9e73254978e70ae5acb2

          SHA256

          ab1633f88aaaeb58ca7846b1610cc83c5f77d5e5109baee1cd743ef600ec085a

          SHA512

          58aa58791696bc7236e50ae6d3254b9d1f161c35a3f0874cf2cb4d9a9181ab25658efb8ce9d601a036bf6844c4658e2ecc8c150548bf79d49093e799e4a74163

          Download Submit

        • C:\Users\Admin\AppData\Local\kgtSgP\VERSION.dll
          Filesize

          1.2MB

          MD5

          dc77cbfc49a7e6a7c21db2e72c65ea2b

          SHA1

          2c40b1d6c56bb1513357647402ba6ce0abb847d0

          SHA256

          a8765e5082e0a8e67c95353d37721b2bda263b1d6bd91f02f1d755ab476ebf9c

          SHA512

          9eae4c5ec1123ced9bb4ef80a2db0f875b838969cbaf9041eb71f76e4159309a408e72edfbadc39b2a9af936f5170dbe10a75702ca2edbf4115beb5e7188e4b6

          Download Submit

        • C:\Users\Admin\AppData\Local\u26mv\WINSTA.dll
          Filesize

          1.2MB

          MD5

          c24295d82ce5dbe44d92f01e59576e92

          SHA1

          5bf2e170d632569849fc5f60339026b76045aa6f

          SHA256

          2be4147f7c4e507b056b707bf25ef36ec4da43a7b4bd2818df6bddd2fe2940c0

          SHA512

          9407cc42aaacd623f199afb5fbf161965c4d069e73334c8284276173e2b4ff806a455c56bd0d6eba3503081a236d9c4a6e946744a8a5007c16f1bb7fdabac032

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dzyzbjcaevupvd.lnk
          Filesize

          732B

          MD5

          b525f006e506a8100703c5c6a59c62cf

          SHA1

          89c9f8959f3c87ad5bfd41d5f2db3c6042c4eed4

          SHA256

          96c1b871a93c1f4a7650dc35c78451cdbb0ded22654f6dbfb63acf69f33b656a

          SHA512

          6c4a18fc111fd7083659cb8374e72229b3d7522d7db9f71d7e2925a5645523f19bc3f9e5036b6fe0ea7717b93fd4d3efb5f1664532998082fa8b6d784d54376f

          Download Submit

        • \Users\Admin\AppData\Local\StKiP\BdeUISrv.exe
          Filesize

          47KB

          MD5

          1da6b19be5d4949c868a264bc5e74206

          SHA1

          d5ee86ba03a03ef8c93d93accafe40461084c839

          SHA256

          00330a0e0eb1dbb6ee84997963f8e15c7c15c1df787f1c7f109609d7b31bd35c

          SHA512

          9cee858c55eb0852e5bad53a675a094ae591b46b07afe9fb4224cac32e0be577fe36c1ed3e9f6bda4d4eb0c924a773d00e3181cd97f07e24c6c68c70f2b002c6

          Download Submit

        • \Users\Admin\AppData\Local\kgtSgP\mspaint.exe
          Filesize

          6.4MB

          MD5

          458f4590f80563eb2a0a72709bfc2bd9

          SHA1

          3f97dc3bd1467c710c6a8d26b97bb6cf47deb4c6

          SHA256

          ff923c051ae380bf30d749ebe9cf310ccab6572d84eb81b76fb1012bcbdf557f

          SHA512

          e34500658dbe105a704fff6988b75d13aa9931adfd585b8ce1f023c61abd573d58067ee1f43e80076729ba99c9a00c17eb8cfcfac9c3d271d76bd251ccab1681

          Download Submit

        • \Users\Admin\AppData\Local\u26mv\rdpshell.exe
          Filesize

          292KB

          MD5

          a62dfcea3a58ba8fcf32f831f018fe3f

          SHA1

          75f7690b19866f2c2b3dd3bfdff8a1c6fa8e958b

          SHA256

          f8346a44f12e5b1ca6beaae5fbdf5f7f494ba204379c21d1875b03ba6da6152e

          SHA512

          9a3df5be95017c23ab144302d2275654e86193e2cd94957d5f72bda3cb171ec2a6da14e6631a7fd4fd053b4529f4083aa287ada57484ad0ee01a8e5b2b54c603

          Download Submit

        • memory/1064-29-0x0000000077A81000-0x0000000077A82000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1064-47-0x0000000077876000-0x0000000077877000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1064-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-26-0x0000000002090000-0x0000000002097000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1064-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-30-0x0000000077C10000-0x0000000077C12000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1064-4-0x0000000077876000-0x0000000077877000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1064-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-5-0x00000000020B0000-0x00000000020B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1064-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1064-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2224-73-0x00000000002B0000-0x00000000002B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2224-74-0x000007FEF6EC0000-0x000007FEF6FF2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2224-79-0x000007FEF6EC0000-0x000007FEF6FF2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2380-46-0x000007FEF70D0000-0x000007FEF7201000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2380-0-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2380-1-0x000007FEF70D0000-0x000007FEF7201000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2812-91-0x000007FEF70D0000-0x000007FEF7203000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2812-96-0x000007FEF70D0000-0x000007FEF7203000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2948-61-0x000007FEF7940000-0x000007FEF7A72000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2948-56-0x000007FEF7940000-0x000007FEF7A72000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2948-55-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download