Overview

overview

10

Static

static

3

d24290c72a...18.dll

windows7-x64

10

d24290c72a...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-09-2024 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d24290c72ad04d54e46acbe21b617c43_JaffaCakes118.dll

  • Size

    1.1MB

  • MD5

    d24290c72ad04d54e46acbe21b617c43

  • SHA1

    b7a91df70b0620b578a3d709b5af18b2d8eb8f33

  • SHA256

    c45a7ae23c315e0e5cb56d1bfe89d4a5ab30194c99f6f16b814d246f787c24de

  • SHA512

    d07efe41fc582b3d838d6e6191af14737b9733455bb57baad38a77aa066cb8a9dbd36678810fbaf27cbf8bf9dffa59529dd9f078bd32e4131c4da5dffe835da6

  • SSDEEP

    12288:VdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0TOt:7MIJxSDX3bqjhcfHk7MzH6zyt

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d24290c72ad04d54e46acbe21b617c43_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3076
  • C:\Windows\system32\upfc.exe
    C:\Windows\system32\upfc.exe
    1⤵
      PID:3460
    • C:\Users\Admin\AppData\Local\nOA\upfc.exe
      C:\Users\Admin\AppData\Local\nOA\upfc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2380
    • C:\Windows\system32\LicensingUI.exe
      C:\Windows\system32\LicensingUI.exe
      1⤵
        PID:4280
      • C:\Users\Admin\AppData\Local\Y2a\LicensingUI.exe
        C:\Users\Admin\AppData\Local\Y2a\LicensingUI.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2184
      • C:\Windows\system32\GamePanel.exe
        C:\Windows\system32\GamePanel.exe
        1⤵
          PID:3340
        • C:\Users\Admin\AppData\Local\wC4RrmYe5\GamePanel.exe
          C:\Users\Admin\AppData\Local\wC4RrmYe5\GamePanel.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2296

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Y2a\DUI70.dll
          Filesize

          1.4MB

          MD5

          922cfc3a436594805b28388a5196bf3a

          SHA1

          d54b3455661d9d32f1ac60ecb5fed8f1714bc371

          SHA256

          8a5a2a3758f54f6e64b6fc936cbe8a4077467f49070f63b3f7bf1dc0fcb5f34a

          SHA512

          bbfeafaf3f34df68c2a6d8c1ca534f6fb0605a9571907cd2e76e0240058c33ee75becc82cc9fc29df611b89c91abf299496f506ec50b2e2281222a334693b92f

          Download Submit

        • C:\Users\Admin\AppData\Local\Y2a\LicensingUI.exe
          Filesize

          142KB

          MD5

          8b4abc637473c79a003d30bb9c7a05e5

          SHA1

          d1cab953c16d4fdec2b53262f56ac14a914558ca

          SHA256

          0e9eb89aa0df9bb84a8f11b0bb3e9d89905355de34c91508968b4cb78bc3f6c5

          SHA512

          5a40c846c5b3a53ae09114709239d8238c322a7d3758b20ed3fc8e097fc1409f62b4990557c1192e894eabfa89741a9d88bd5175850d039b97dfdf380d1c6eeb

          Download Submit

        • C:\Users\Admin\AppData\Local\nOA\XmlLite.dll
          Filesize

          1.1MB

          MD5

          6c2082e91e76681bf9fab107f44b515c

          SHA1

          b37bf364e5465b32fc49a79b59b9533b10c8a770

          SHA256

          027a8232582a8b0e43f31fa0d74a6beec6553ccf12c7e31c06275cc00ee3a756

          SHA512

          205134a4d3b2f54156c85b3d0b3aead83e8d363177b0bb78feaad9aff7ce2b0cf394563eb2493841b342501b1bfaba6a1aa1eca4de9985b3946d905a29463877

          Download Submit

        • C:\Users\Admin\AppData\Local\nOA\upfc.exe
          Filesize

          118KB

          MD5

          299ea296575ccb9d2c1a779062535d5c

          SHA1

          2497169c13b0ba46a6be8a1fe493b250094079b7

          SHA256

          ee44fe14df89c4e5eaf8398f8fb4823fd910c5a94d913653d6b9e831254f6cc2

          SHA512

          02fc2b25167ebd7dfcc7b8aa74613e7004fdf33dfccccba6c3427434cca981c2eb50f4a801969b3a40c495a9bb0eac8176f4f2ec9091916cf3509a7f909b30fa

          Download Submit

        • C:\Users\Admin\AppData\Local\wC4RrmYe5\GamePanel.exe
          Filesize

          1.2MB

          MD5

          266f6a62c16f6a889218800762b137be

          SHA1

          31b9bd85a37bf0cbb38a1c30147b83671458fa72

          SHA256

          71f8f11f26f3a7c1498373f20f0f4cc960513d0383fe24906eeb1bc9678beecd

          SHA512

          b21d9b0656ab6bd3b158922722a332f07096ddd4215c802776c5807c9cf6ece40082dd986ea6867bdc8d22878ce035a5c8dfcc26cfae94aeee059701b6bf1e68

          Download Submit

        • C:\Users\Admin\AppData\Local\wC4RrmYe5\dwmapi.dll
          Filesize

          1.1MB

          MD5

          d0734271c33200a8accd73dc8429ac55

          SHA1

          69750343a99a6e774d56d8f957085b4cd34c2c18

          SHA256

          0ff2c5b3de887e869096a8711e173ccdaf11574fa519961b41720de5bb8f8eec

          SHA512

          f45041b18ec0bdb2750d0f8d7f3cb4db538559b6631b6a18a011d720d0a730f2c6af271e7d38f2e65dc5c2a15cc8d0f9d560682bcb19002726e5552e895e74e8

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sfbjsepzltomqmf.lnk
          Filesize

          1KB

          MD5

          6ca5c2bc832a073a95ca94e48d18868c

          SHA1

          7ffafc03c055d16d47da43cb89475d8d8fda645d

          SHA256

          290485d40da4f78aab8271379c5699adfae976f27a397d3446aa47bf590c838b

          SHA512

          c32820306f0ca359b9d76f2a16bfcf4308a4e937c6cd687e5c1a91dc1ac0c8a515d937ca788a083b79f44ff598b431f1d6de4210f4195af32be7052a11450327

          Download Submit

        • memory/2184-89-0x0000000140000000-0x000000014015E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2184-87-0x0000000140000000-0x000000014015E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2184-93-0x0000000140000000-0x000000014015E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2184-88-0x0000020090AB0000-0x0000020090AB7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2296-105-0x0000017798470000-0x0000017798477000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2296-104-0x0000000140000000-0x0000000140119000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2296-110-0x0000000140000000-0x0000000140119000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2380-76-0x0000000140000000-0x0000000140119000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2380-71-0x0000000140000000-0x0000000140119000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2380-69-0x0000000140000000-0x0000000140119000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2380-72-0x0000019654EE0000-0x0000019654EE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3076-62-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3076-0-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3076-2-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3076-3-0x000001D221840000-0x000001D221847000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3476-36-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-28-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-26-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-24-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-23-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-22-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-21-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-20-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-29-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-19-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-18-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-17-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-16-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-15-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-13-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-12-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-10-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-9-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-8-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-27-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-11-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-7-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-30-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-31-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-32-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-33-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-34-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-35-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-37-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-38-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-39-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-47-0x00000000025C0000-0x00000000025C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3476-49-0x00007FFAF3C00000-0x00007FFAF3C10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3476-59-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-50-0x00007FFAF3BF0000-0x00007FFAF3C00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3476-48-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-25-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-14-0x0000000140000000-0x0000000140118000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-4-0x00000000025E0000-0x00000000025E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3476-6-0x00007FFAF276A000-0x00007FFAF276B000-memory.dmp

          Filesize

          4KB

          Download