Overview

overview

10

Static

static

3

d2653bc52a...18.dll

windows7-x64

10

d2653bc52a...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2653bc52ac82fd57843f88b6cfb3cdb_JaffaCakes118.dll

  • Size

    1.4MB

  • MD5

    d2653bc52ac82fd57843f88b6cfb3cdb

  • SHA1

    27bdf0d4fa3e6088ab7a45849f826c125690ae08

  • SHA256

    32b3250666fa89539a9e89b14b35032a0d496166592382d3cda4685c42a08aee

  • SHA512

    24ce2014a7d984eacb7908f4eea16ec2a9edf35fe1e126005c71b5421efed6260bcd51f49aae50e151932c906bd1571e3e457d8a1cd340824d2a13013fea8364

  • SSDEEP

    24576:0uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9Np:s9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2653bc52ac82fd57843f88b6cfb3cdb_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1592
  • C:\Windows\system32\unregmp2.exe
    C:\Windows\system32\unregmp2.exe
    1⤵
      PID:2656
    • C:\Users\Admin\AppData\Local\DPVvRGZb\unregmp2.exe
      C:\Users\Admin\AppData\Local\DPVvRGZb\unregmp2.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2716
    • C:\Windows\system32\AdapterTroubleshooter.exe
      C:\Windows\system32\AdapterTroubleshooter.exe
      1⤵
        PID:1992
      • C:\Users\Admin\AppData\Local\XJ1\AdapterTroubleshooter.exe
        C:\Users\Admin\AppData\Local\XJ1\AdapterTroubleshooter.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1712
      • C:\Windows\system32\rdpclip.exe
        C:\Windows\system32\rdpclip.exe
        1⤵
          PID:2096
        • C:\Users\Admin\AppData\Local\IQY7O\rdpclip.exe
          C:\Users\Admin\AppData\Local\IQY7O\rdpclip.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2680

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\DPVvRGZb\slc.dll
          Filesize

          1.4MB

          MD5

          89eb2742559a09d2ad998d25eb3e49ad

          SHA1

          1694374e593439648011b2a4f05dc424cdd99bb5

          SHA256

          889c49961386febc42ce95c93a6064c38b8803093cb8533449eca2d043ff8e0d

          SHA512

          5df3f9d80a0f77488bc87941ec062d6787a98078317503d11c1f71eac7f8c8a164bf4f9c8c69ab22fab5710f49a01c5f13012b6f1405c9bafff5f67ce2133656

          Download Submit

        • C:\Users\Admin\AppData\Local\XJ1\AdapterTroubleshooter.exe
          Filesize

          39KB

          MD5

          d4170c9ff5b2f85b0ce0246033d26919

          SHA1

          a76118e8775e16237cf00f2fb79718be0dc84db1

          SHA256

          d05e010a2570cdd5a67f62c99483aeeecb6a8d5ecc523cd49b158a460c9be5da

          SHA512

          9c85a9ea4002bd55cf9c51e470dd1bec527ff04b5d0d6f83094a998c541416cd47c9f42c6ca7e35ffa2842877f79e3c2e989489b9bf81644c5c57bb406b89608

          Download Submit

        • C:\Users\Admin\AppData\Local\XJ1\d3d9.dll
          Filesize

          1.4MB

          MD5

          b3be39ccc92bc4200bfb7d83daad5905

          SHA1

          51a47f9353841c5a6d8cfb46e5b3ecc674ae98c0

          SHA256

          c6180d80a9e4d1a0a044f084e92725c21d799948061bd5cbf21b071b08241150

          SHA512

          03d6b37919ff7246fd55321c6d35265b2c2c0f521cb0f217a6688f75084cf277c11d83d9b2f430656ef3922ed8c51d995b8c70748ff5cd9eea4161858a733b08

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Wzkhocxsoqdr.lnk
          Filesize

          1KB

          MD5

          7b702281b6dbee6d64225bdfa9145c26

          SHA1

          4f8ac091e3dce6cdad27298eb985657e92ff74a3

          SHA256

          646fe10a873c2f9fecbd3f7c7c2fc1cbeaa978c9e82ae68816e6c3c32d70acde

          SHA512

          64c37957d28dcae47e593bfdba081cb94d600727b5453a4f9d5e937a54e939d57b87b10270cd8248348e3cfee42398bb4c189b2fad10664902e3da72e312f1cc

          Download Submit

        • \Users\Admin\AppData\Local\DPVvRGZb\unregmp2.exe
          Filesize

          316KB

          MD5

          64b328d52dfc8cda123093e3f6e4c37c

          SHA1

          f68f45b21b911906f3aa982e64504e662a92e5ab

          SHA256

          7d6be433ba7dd4a2b8f8b79d7b87055da8daafa3e0404432d40469c39c2040e1

          SHA512

          e29fc068532df36f39c86b79392b5c6191de6f69b7beaba28f9ac96a26089b341b770ff29556eca14f57afd1de59a6f3726818482d6861bdd8ac556ae768df00

          Download Submit

        • \Users\Admin\AppData\Local\IQY7O\WINSTA.dll
          Filesize

          1.4MB

          MD5

          1e6b18a833113ceb4b67df2d2f3c7211

          SHA1

          c9f2cfaaf74b366fcba5f7bd73c901f4face360c

          SHA256

          47851c9a5a8b67642ec86793ab8355f68b03446dfd5d60d4a4daa8b9306491f6

          SHA512

          e1dcc2da7b3f54658e602322520ca78bdf29cf6774789a0dcf95d8af020e0705dc164d98d04498fa19a1cb57cee9915ec13bad63ae8f6e8246486974f64007a4

          Download Submit

        • \Users\Admin\AppData\Local\IQY7O\rdpclip.exe
          Filesize

          206KB

          MD5

          25d284eb2f12254c001afe9a82575a81

          SHA1

          cf131801fdd5ec92278f9e0ae62050e31c6670a5

          SHA256

          837e0d864c474956c0d9d4e7ae5f884007f19b7f420db9afcf0d266aefa6608b

          SHA512

          7b4f208fa1681a0a139577ebc974e7acfc85e3c906a674e111223783460585eb989cb6b38f215d79f89e747a0e9224d90e1aa43e091d2042edb8bac7b27b968b

          Download Submit

        • memory/1372-16-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-25-0x00000000026F0000-0x00000000026F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1372-4-0x0000000076E36000-0x0000000076E37000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1372-15-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-14-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-13-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-12-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-11-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-10-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-9-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-8-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-5-0x0000000002710000-0x0000000002711000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1372-33-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-34-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-42-0x0000000076E36000-0x0000000076E37000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1372-24-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-28-0x0000000076F41000-0x0000000076F42000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1372-7-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1372-29-0x00000000770D0000-0x00000000770D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1592-30-0x000007FEF7160000-0x000007FEF72C3000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1592-1-0x000007FEF7160000-0x000007FEF72C3000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1592-0-0x00000000003A0000-0x00000000003A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1712-68-0x000007FEF71A0000-0x000007FEF7304000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1712-71-0x0000000000170000-0x0000000000177000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1712-74-0x000007FEF71A0000-0x000007FEF7304000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2680-86-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2680-87-0x000007FEF71A0000-0x000007FEF7305000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2680-92-0x000007FEF71A0000-0x000007FEF7305000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2716-56-0x000007FEF72D0000-0x000007FEF7434000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2716-53-0x0000000000280000-0x0000000000287000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2716-50-0x000007FEF72D0000-0x000007FEF7434000-memory.dmp

          Filesize

          1.4MB

          Download