Overview

overview

10

Static

static

3

ca85c8ac9e...18.dll

windows7-x64

10

ca85c8ac9e...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2024 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca85c8ac9e78fff1382072443b979d98_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    ca85c8ac9e78fff1382072443b979d98

  • SHA1

    ac2624a13f968db008cec1aac51691778b98c743

  • SHA256

    f493377faeb311a801726886346632f0cecb8f6a70547a01b69114192c3caa2a

  • SHA512

    3a273ec1b7b3c81a163bc2a5b4082da83427eaa798c449e34b25f79ca6ea4e84d749f319321604b9871ab4a9dc94b960d0e69a02244b9a44f7544a65bbc9b764

  • SSDEEP

    24576:muYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:G9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca85c8ac9e78fff1382072443b979d98_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2292
  • C:\Windows\system32\tcmsetup.exe
    C:\Windows\system32\tcmsetup.exe
    1⤵
      PID:2616
    • C:\Users\Admin\AppData\Local\pEEqqgv7\tcmsetup.exe
      C:\Users\Admin\AppData\Local\pEEqqgv7\tcmsetup.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2676
    • C:\Windows\system32\ComputerDefaults.exe
      C:\Windows\system32\ComputerDefaults.exe
      1⤵
        PID:2488
      • C:\Users\Admin\AppData\Local\CqQ\ComputerDefaults.exe
        C:\Users\Admin\AppData\Local\CqQ\ComputerDefaults.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2504
      • C:\Windows\system32\DeviceDisplayObjectProvider.exe
        C:\Windows\system32\DeviceDisplayObjectProvider.exe
        1⤵
          PID:2388
        • C:\Users\Admin\AppData\Local\dKL1H\DeviceDisplayObjectProvider.exe
          C:\Users\Admin\AppData\Local\dKL1H\DeviceDisplayObjectProvider.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1696

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\CqQ\appwiz.cpl
          Filesize

          1.2MB

          MD5

          9b591fe1d6f2b99594939a52989edf41

          SHA1

          873420dbf94f332e00ee7f32cb6f251cff7c348d

          SHA256

          fb11fb89f4853dd16787230e7e8e349b671a05b58953a6df2c425e71ed2f769a

          SHA512

          2427e95452a729d5ffdb42d46406089f745df19fa1e3222f6a954a4ff37ab6fced4cef368b16c79b878d3f27681ca27076f2aa67a3824d5258273815e64fbfea

          Download Submit

        • C:\Users\Admin\AppData\Local\dKL1H\XmlLite.dll
          Filesize

          1.2MB

          MD5

          1206c12994aed44a9417a4e1f955f281

          SHA1

          a70f5d7fe517d3cfabe75d97a4bca4d170065a74

          SHA256

          ebfabf3e25710e071f164623605fca93c47f7492b09e6275c9c75d67c673e15c

          SHA512

          b8d8eaa538ada5f886b14019fd11ab67ecb492ad75fdaeef84c2459dd9f6fa3d2c6c86fe90cc2f7b0ce3758a3bbb4285b5a341e6ac68939ac4ecc09be2624794

          Download Submit

        • C:\Users\Admin\AppData\Local\pEEqqgv7\TAPI32.dll
          Filesize

          1.2MB

          MD5

          c8a00f41c4df7701845e587671e8cf0c

          SHA1

          7397c5032d5b42dfe09862a03eabae41480a718c

          SHA256

          d01b3c7cb899cc36cea601c3dc87ba91601b0b601c16b5f2f6b4e360603b82e4

          SHA512

          d7e1e89b7aa728d920414b717f92b94af5d3b90931aa7226cc290839e620a7b7557a322018b1fe2bc3e4fd3199d9584df16af1e1650ba684964e38870b625b67

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ygxjfqh.lnk
          Filesize

          1KB

          MD5

          39f71391fe10c0d6ef0b1f0f749b6103

          SHA1

          9e36099b4cad96ced1f57685f933b0a5991099d2

          SHA256

          fb30de23e860846fceff321bf27d948a4ecab663edbea31e9be292fb6be7e7c7

          SHA512

          e58a3bb815b0fb76001b60e3e3d5e030a872d4239af05cce217bf457425f3d13fa12e77b7c5bf2a4096d4398fbebf6982dc2aeb6ed140a25e7c218ec3f2efcdd

          Download Submit

        • \Users\Admin\AppData\Local\CqQ\ComputerDefaults.exe
          Filesize

          36KB

          MD5

          86bd981f55341273753ac42ea200a81e

          SHA1

          14fe410efc9aeb0a905b984ac27719ff0dd10ea7

          SHA256

          40b194be2bad2d3d4d1b69f9aec2853c8b663130810a11607ff72a9e3a06d5b3

          SHA512

          49bb6d4bf7a9356fadde7f6165af6973630827d28b69db10ad477a84d98b08fb82e4daae777166e1ddddb5b5efcdf634e4e9bd34b255dae87462ba32e8bba143

          Download Submit

        • \Users\Admin\AppData\Local\dKL1H\DeviceDisplayObjectProvider.exe
          Filesize

          109KB

          MD5

          7e2eb3a4ae11190ef4c8a9b9a9123234

          SHA1

          72e98687a8d28614e2131c300403c2822856e865

          SHA256

          8481a8ec19cb656ce328c877d5817d317203ba34424a2e9d169ddce5bf2cd2b0

          SHA512

          18b1a0637f48929972a463d441182307725ebf1410dd461a1966bd040ac5dcced138155b7c713bfc924ea2f7b39527a084a08b44fa24c3eb9c654871f99caabf

          Download Submit

        • \Users\Admin\AppData\Local\pEEqqgv7\tcmsetup.exe
          Filesize

          15KB

          MD5

          0b08315da0da7f9f472fbab510bfe7b8

          SHA1

          33ba48fd980216becc532466a5ff8476bec0b31c

          SHA256

          e19556bb7aa39bbd5f0d568a95aec0b3af18dda438cc5737f945243b24d106e7

          SHA512

          c30501546efe2b0c003ef87ac381e901c69ddfc6791c6a5102cff3a07f56555d94995a4413b93036821aa214fc31501fa87eb519e1890ef75b2ec497983ffd58

          Download Submit

        • memory/1204-27-0x00000000772D1000-0x00000000772D2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-47-0x00000000770C6000-0x00000000770C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-26-0x0000000002A70000-0x0000000002A77000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1204-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-28-0x0000000077460000-0x0000000077462000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-4-0x00000000770C6000-0x00000000770C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-5-0x0000000002A90000-0x0000000002A91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1696-91-0x0000000000170000-0x0000000000177000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1696-97-0x000007FEF6370000-0x000007FEF64A2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2292-46-0x000007FEF6370000-0x000007FEF64A1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2292-0-0x000007FEF6370000-0x000007FEF64A1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2292-3-0x0000000000130000-0x0000000000137000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2504-73-0x0000000001AC0000-0x0000000001AC7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2504-74-0x000007FEF6370000-0x000007FEF64A2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2504-79-0x000007FEF6370000-0x000007FEF64A2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2676-61-0x000007FEF6A00000-0x000007FEF6B33000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2676-56-0x000007FEF6A00000-0x000007FEF6B33000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2676-55-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download