Overview

overview

10

Static

static

3

c8c93bdec2...18.dll

windows7-x64

10

c8c93bdec2...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-08-2024 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8c93bdec2879a4b3c23f3a3c8758777_JaffaCakes118.dll

  • Size

    1.4MB

  • MD5

    c8c93bdec2879a4b3c23f3a3c8758777

  • SHA1

    df26f9d9073ad61740eedd00a48446100c929761

  • SHA256

    d00def281b5d4e5f7279628c9c4bef32598d7d476f8a3c7bcd44a7eaf47b9ca1

  • SHA512

    90daab81877824c9846686f0f9ee8e762e1485e6dd2d82db8a5a2414a73188857a3031ecf5b4f4ba82006dc08ffcf64d47f6de44421fb147ed727f63d12b3f2e

  • SSDEEP

    24576:4uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:I9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8c93bdec2879a4b3c23f3a3c8758777_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4596
  • C:\Windows\system32\mfpmp.exe
    C:\Windows\system32\mfpmp.exe
    1⤵
      PID:3068
    • C:\Users\Admin\AppData\Local\13XlbmX\mfpmp.exe
      C:\Users\Admin\AppData\Local\13XlbmX\mfpmp.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1640
    • C:\Windows\system32\isoburn.exe
      C:\Windows\system32\isoburn.exe
      1⤵
        PID:436
      • C:\Users\Admin\AppData\Local\h4a11mLM\isoburn.exe
        C:\Users\Admin\AppData\Local\h4a11mLM\isoburn.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:460
      • C:\Windows\system32\DevicePairingWizard.exe
        C:\Windows\system32\DevicePairingWizard.exe
        1⤵
          PID:3636
        • C:\Users\Admin\AppData\Local\xpAuWKN\DevicePairingWizard.exe
          C:\Users\Admin\AppData\Local\xpAuWKN\DevicePairingWizard.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4460

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\13XlbmX\MFPlat.DLL
          Filesize

          1.4MB

          MD5

          a8c46c7b7041af5ad4ba778b626d5538

          SHA1

          10f1961ea7d6411d95d988fab2131a9ec05fe6ea

          SHA256

          37c588d67702076dec8a5c80c90b8398b476c6553b7f984ed9872bcae5dd8ecc

          SHA512

          e0c06d3687dd6a5c8a08c9f0a51928570bdb80f7a68068da00fd4c958d0340990b8d95e8bfef4160dd5d858c8550fe797c98770f649226f17aa0c2915e95cc95

          Download Submit

        • C:\Users\Admin\AppData\Local\13XlbmX\mfpmp.exe
          Filesize

          46KB

          MD5

          8f8fd1988973bac0c5244431473b96a5

          SHA1

          ce81ea37260d7cafe27612606cf044921ad1304c

          SHA256

          27287ac874cef86be03aee7b6d34fdc3bd208070ed20e44621a305865fb7579e

          SHA512

          a91179e1561168b3b58f5ca893bce425d35f4a02aec20ac3d6fb944f5eb3c06b0a1b9d9f3fb9ea87869d65671d2b89b4ae19acf794372bdbd27f5e9756c5a8ab

          Download Submit

        • C:\Users\Admin\AppData\Local\h4a11mLM\UxTheme.dll
          Filesize

          1.4MB

          MD5

          6cde4cc62f6bc0b53e74f9f1c8f25ab9

          SHA1

          11adf47b3a760d1e6fb2854f803fa3a379bbf6bf

          SHA256

          b9aebc1c4e2aeeb98072a76ba824f70d821d3cdfa8704f38b4d7d85f66ce7f60

          SHA512

          7786452a2c64af1ecb9bc4d418900afdca488d960a30c556cc00ad280105f2d284bced1933856863af71845eb625ec0b7856206631f19835ee3b03f87d3fa6d5

          Download Submit

        • C:\Users\Admin\AppData\Local\h4a11mLM\isoburn.exe
          Filesize

          119KB

          MD5

          68078583d028a4873399ae7f25f64bad

          SHA1

          a3c928fe57856a10aed7fee17670627fe663e6fe

          SHA256

          9478c095afe212bce91d2de1a3c3647109f2d54e46b9bf70843e839324458567

          SHA512

          25503a47c53fe83eeb56726b5a5eec5cb01bc783e866306f92242a7a8cbafa20a3209217e0f4561febfec78d2f64f1725727a6b2d3ee6da512618984d0bb0bc1

          Download Submit

        • C:\Users\Admin\AppData\Local\xpAuWKN\DevicePairingWizard.exe
          Filesize

          93KB

          MD5

          d0e40a5a0c7dad2d6e5040d7fbc37533

          SHA1

          b0eabbd37a97a1abcd90bd56394f5c45585699eb

          SHA256

          2adaf3a5d3fde149626e3fef0e943c7029a135c04688acf357b2d8d04c81981b

          SHA512

          1191c2efcadd53b74d085612025c44b6cd54dd69493632950e30ada650d5ed79e3468c138f389cd3bc21ea103059a63eb38d9d919a62d932a38830c93f57731f

          Download Submit

        • C:\Users\Admin\AppData\Local\xpAuWKN\MFC42u.dll
          Filesize

          1.4MB

          MD5

          16e3209d933f025d069fe3e4c17ec0d6

          SHA1

          edd2e83f7fc547463b0e7d808374d6a5a7ea0ccb

          SHA256

          8b02d7b4f9b4ceb6c6c11b358b74d39cda5006dec69f7066a47d03d2e0130859

          SHA512

          cb42a1a254abfa5096a265de0c0445801a5c78542528f9d46bc008d406a86c1ac2cbc2e8fba79929a43048e15bf0158bf7fffd556c75c2932875ff669be19126

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ahvhgxnkgdxqlh.lnk
          Filesize

          1KB

          MD5

          8cc7f23f6fada493e9ba21a42d0abdd6

          SHA1

          6a35fdfd633f2af06713c30ff87198295a0c4965

          SHA256

          eb27cfa34f7dce019298d3e82cfe6c1c0a89625d72e959057f937cbb314f9a4d

          SHA512

          58f02a133f3f028d1dd1853f2d243406d619108703d5c69bdfbee01b5a6d0c13593374ccd0273ede0a80f495777d351fcca5f2c9bb3b80302acfeaef23a6cb16

          Download Submit

        • memory/460-66-0x00007FF8A7030000-0x00007FF8A719F000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/460-65-0x00000163A6140000-0x00000163A6147000-memory.dmp

          Filesize

          28KB

          Download

        • memory/460-71-0x00007FF8A7030000-0x00007FF8A719F000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1640-54-0x00007FF8A7030000-0x00007FF8A71A0000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1640-51-0x00000252239E0000-0x00000252239E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1640-48-0x00007FF8A7030000-0x00007FF8A71A0000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-36-0x0000000004990000-0x0000000004997000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3588-6-0x00007FF8C577A000-0x00007FF8C577B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3588-13-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-12-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-10-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-27-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-9-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-8-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-4-0x00000000085D0000-0x00000000085D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3588-15-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-16-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-18-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-19-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-14-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-38-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-37-0x00007FF8C5D90000-0x00007FF8C5DA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3588-17-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-7-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-11-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/4460-82-0x000001E5271C0000-0x000001E5271C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4460-83-0x00007FF8A7020000-0x00007FF8A7195000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4460-88-0x00007FF8A7020000-0x00007FF8A7195000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4596-3-0x0000028AC5EA0000-0x0000028AC5EA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4596-41-0x00007FF8B7B50000-0x00007FF8B7CBE000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/4596-0-0x00007FF8B7B50000-0x00007FF8B7CBE000-memory.dmp

          Filesize

          1.4MB

          Download