Overview

overview

10

Static

static

3

d26885945e...18.dll

windows7-x64

10

d26885945e...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d26885945eb4456891a98cf5150c51bb_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    d26885945eb4456891a98cf5150c51bb

  • SHA1

    2a51c4f78684aff8b1b4ee5831bc78276d7c0c02

  • SHA256

    72a98167067dce07044af99248b5e58b14dcdad86d1e6e1a677014103bb08698

  • SHA512

    aa8f8b39916d5ad5b0ed3fc278abb0912f899e85f333ed1772c87e104e7c5bbcda1251c2f16f4682c2b26f36228330f234264de60c8e88916c36dacecf916a76

  • SSDEEP

    24576:juYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:N9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d26885945eb4456891a98cf5150c51bb_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3040
  • C:\Windows\system32\sdclt.exe
    C:\Windows\system32\sdclt.exe
    1⤵
      PID:2724
    • C:\Users\Admin\AppData\Local\RwSdgA5ht\sdclt.exe
      C:\Users\Admin\AppData\Local\RwSdgA5ht\sdclt.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2636
    • C:\Windows\system32\eudcedit.exe
      C:\Windows\system32\eudcedit.exe
      1⤵
        PID:1796
      • C:\Users\Admin\AppData\Local\s3OO\eudcedit.exe
        C:\Users\Admin\AppData\Local\s3OO\eudcedit.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:264
      • C:\Windows\system32\msdtc.exe
        C:\Windows\system32\msdtc.exe
        1⤵
          PID:276
        • C:\Users\Admin\AppData\Local\HvXF\msdtc.exe
          C:\Users\Admin\AppData\Local\HvXF\msdtc.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2928

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\HvXF\VERSION.dll
          Filesize

          1.2MB

          MD5

          aa48a03ee1762ada18b8d893f0269690

          SHA1

          5d3479b5d109e5f2ee11b18094a37ddd838ff52d

          SHA256

          98bb69e0b9e74802ac7d6367ab9fdf7e3a17643299a1af5b203b8a8de4962a4d

          SHA512

          9f4a0b280a5decb48a8dbdc14f430a2f51630844645b47fba21a628418834af57a2efcae4587b0eff4dda2bd26c1290234e01da2749fe66c79924a2c7bf630ff

          Download Submit

        • C:\Users\Admin\AppData\Local\HvXF\msdtc.exe
          Filesize

          138KB

          MD5

          de0ece52236cfa3ed2dbfc03f28253a8

          SHA1

          84bbd2495c1809fcd19b535d41114e4fb101466c

          SHA256

          2fbbec4cacb5161f68d7c2935852a5888945ca0f107cf8a1c01f4528ce407de3

          SHA512

          69386134667626c60c99d941c8ab52f8e5235e3897b5af76965572287afd5dcd42b8207a520587844a57a268e4decb3f3c550e5b7a06230ee677dc5e40c50bb3

          Download Submit

        • C:\Users\Admin\AppData\Local\RwSdgA5ht\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          8a9d2d6d2fa3e4b428f3de30e06b657e

          SHA1

          f1a137644713ffc17eae51d2e74f4d89c1e1ac7f

          SHA256

          4566ab3ace335fcf83ab1d04058cd36d980bf26746d7d55fdf110845a295c486

          SHA512

          c5db6997b2595ce9c95f69264f447135a116aa762df6815b1a0a1d858948367ffecc99471e96860b862cf25b98a71a73c148caf80bec889e542bdc141f157f1b

          Download Submit

        • C:\Users\Admin\AppData\Local\s3OO\MFC42u.dll
          Filesize

          1.2MB

          MD5

          48c94e29182c870f8fbb4ba4508f3253

          SHA1

          5438550b08710f549b975bc846805259399f07e1

          SHA256

          0dbb800d939939d503d17182e4705b2aa8ce4dbf50babebb327e04e531f4d055

          SHA512

          98a5c4b700c58a14962abacb0cd891ff3585d0a8e6f4022369a87d491187203b100e5af2f8a8776742d235be351977db149e9bb29af37ebd148d36c271ef32b8

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yjafzwirjcl.lnk
          Filesize

          1KB

          MD5

          13b341ec4c1d0e01bebd9cf84c5419e9

          SHA1

          600e1efd1af1e6d113493aacced345a06fd2cd33

          SHA256

          42c71ee75e1a89241f555686deafea88f483c51df8eb75ff8dbb3d6732b6124c

          SHA512

          4bc61fbb27a3252a8c13ac4b26b4f6be8fb6660ecb7800552941b747edb60413ea3459a08c57b290011896d59b1538cc3c8cecfb83e40e0c3e2f8b0f4b2aab77

          Download Submit

        • \Users\Admin\AppData\Local\RwSdgA5ht\sdclt.exe
          Filesize

          1.2MB

          MD5

          cdebd55ffbda3889aa2a8ce52b9dc097

          SHA1

          4b3cbfff5e57fa0cb058e93e445e3851063646cf

          SHA256

          61bd24487c389fc2b939ce000721677cc173bde0edcafccff81069bbd9987bfd

          SHA512

          2af69742e90d3478ae0a770b2630bfdc469077311c1f755f941825399b9a411e3d8d124126f59b01049456cddc01b237a3114847f1fe53f9e7d1a97e4ba36f13

          Download Submit

        • \Users\Admin\AppData\Local\s3OO\eudcedit.exe
          Filesize

          351KB

          MD5

          35e397d6ca8407b86d8a7972f0c90711

          SHA1

          6b39830003906ef82442522d22b80460c03f6082

          SHA256

          1f64118bdc3515e8e9fce6ad182f6d0c8a6528d638fedb4901a6152cde4c7cde

          SHA512

          71b0c4ac120e5841308b0c19718bdc28366b0d79c8177091328ef5421392b9ee5e4758816ffb8c0977f178e1b33ed064f64781eaf7d6952878dc8aea402f035e

          Download Submit

        • memory/264-78-0x000007FEF5FE0000-0x000007FEF6118000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/264-72-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/264-73-0x000007FEF5FE0000-0x000007FEF6118000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-25-0x0000000002470000-0x0000000002477000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1200-24-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-27-0x00000000770D0000-0x00000000770D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-26-0x0000000076F41000-0x0000000076F42000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-36-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-4-0x0000000076E36000-0x0000000076E37000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-46-0x0000000076E36000-0x0000000076E37000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-5-0x0000000002490000-0x0000000002491000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2636-60-0x000007FEF5FE0000-0x000007FEF6112000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2636-57-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2636-55-0x000007FEF5FE0000-0x000007FEF6112000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2928-90-0x0000000000390000-0x0000000000397000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2928-91-0x000007FEF5980000-0x000007FEF5AB2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2928-96-0x000007FEF5980000-0x000007FEF5AB2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3040-2-0x00000000001B0000-0x00000000001B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3040-45-0x000007FEF5FE0000-0x000007FEF6111000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3040-0-0x000007FEF5FE0000-0x000007FEF6111000-memory.dmp

          Filesize

          1.2MB

          Download