Overview

overview

10

Static

static

3

d29a9bff7a...18.dll

windows7-x64

10

d29a9bff7a...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d29a9bff7a76be99fb115fbc9c46ab19_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    d29a9bff7a76be99fb115fbc9c46ab19

  • SHA1

    77923c1d6eb58ada0eba8ac9f95a6b6eeae99dd6

  • SHA256

    6c81b737c65a78dd31564f648152c40c15a1dacfab48130f46f5168f9526691f

  • SHA512

    cd7d1779641120ccd7f59842599b341f102bf4f5626a24b6393490c223f396945eca6bc9fca3567771fb3b5efd71b5e6290fdd1e2803aaf86ffd6be467958107

  • SSDEEP

    24576:huYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N7:z9cKrUqZWLAcUj

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d29a9bff7a76be99fb115fbc9c46ab19_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1980
  • C:\Windows\system32\ddodiag.exe
    C:\Windows\system32\ddodiag.exe
    1⤵
      PID:2568
    • C:\Users\Admin\AppData\Local\CG6eTxQoP\ddodiag.exe
      C:\Users\Admin\AppData\Local\CG6eTxQoP\ddodiag.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2620
    • C:\Windows\system32\isoburn.exe
      C:\Windows\system32\isoburn.exe
      1⤵
        PID:2980
      • C:\Users\Admin\AppData\Local\6S1AMS\isoburn.exe
        C:\Users\Admin\AppData\Local\6S1AMS\isoburn.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2576
      • C:\Windows\system32\p2phost.exe
        C:\Windows\system32\p2phost.exe
        1⤵
          PID:2060
        • C:\Users\Admin\AppData\Local\xYY3FEzom\p2phost.exe
          C:\Users\Admin\AppData\Local\xYY3FEzom\p2phost.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:568

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\6S1AMS\UxTheme.dll
          Filesize

          1.2MB

          MD5

          68b2ddbab0d753acf816b305cc670d00

          SHA1

          f5e051ab4c10d3ac025efe6424970c3f0cb22986

          SHA256

          a67bd1fe4151b232b12230404335d935b35970c75a5a35c4cd0d0f3c0609e861

          SHA512

          ca050401922312ca843cd32ad5cc177b640b244d79006fbabe3d185e62d9407b35d4ea66b40fb8ff62006e8ed7f2b2ebeea57ab399bdb0c0031fa172c945fd37

          Download Submit

        • C:\Users\Admin\AppData\Local\CG6eTxQoP\XmlLite.dll
          Filesize

          1.2MB

          MD5

          664e0a06e90a5f7f8abf221efe9d4ac3

          SHA1

          e2941b4212bb27030955ca0096df7373ee967355

          SHA256

          55ed26d3fff40b3298d4e00c6cb5ffbc08b27435e9d09dc539936a44a7b827ec

          SHA512

          9dd1bc3f158b19311404f6ac6a0be25339438414dcaf62742d5801c18fa3712898dba7926f5141ce8776576dc447c9cb7fe64f9373af548b5f003280d36d5950

          Download Submit

        • C:\Users\Admin\AppData\Local\xYY3FEzom\P2PCOLLAB.dll
          Filesize

          1.2MB

          MD5

          4e2247e3646c39c630bddd02f29c472b

          SHA1

          040ece563f630418e2a4bbcaf067c4a934872b4f

          SHA256

          c1a848fd0d28ba6f2873bb04e83f33489e6ab8aae655bfce66331e815f5256dd

          SHA512

          5db8dbe7f9e3475af897735790bb99cf91a4d40349b234c698a70e2f9534f28fe6a0c0780682a6e59fbbd7e070260066a431fa6c8fd0b07c5d4e3a44b240499e

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yjafzwirjcl.lnk
          Filesize

          1KB

          MD5

          f034b226429f6420c35d2503b53266f0

          SHA1

          c082489a3c90298ddf1ab23e285250d6c734d171

          SHA256

          05b9c8e3f06bca95a32414547d3905a7437596d61c5b45d72d7e440ba7c88c46

          SHA512

          2de98dfa573370eb0e16a8904e59c4b419346a94e5ac16da4fce1f65d53ecb80af010f8ed48a79109d4a9917f93937f2a9f8dd62aa12f424e6ccb44203c850f6

          Download Submit

        • \Users\Admin\AppData\Local\6S1AMS\isoburn.exe
          Filesize

          89KB

          MD5

          f8051f06e1c4aa3f2efe4402af5919b1

          SHA1

          bbcf3711501dfb22b04b1a6f356d95a6d5998790

          SHA256

          50dcb4be409f50d26c0fc32dd9cdbf96bff4e19bf624221cb566ebeb3e09ce1a

          SHA512

          5f664d937abe4426ee7e0d8491a395f9ef4ffe7a51dba05b54b7ba27e80c9be37833400911c5878d3dec659f4fa1579ec8ba4cfc485fb2ce24dd37c321006daa

          Download Submit

        • \Users\Admin\AppData\Local\CG6eTxQoP\ddodiag.exe
          Filesize

          42KB

          MD5

          509f9513ca16ba2f2047f5227a05d1a8

          SHA1

          fe8d63259cb9afa17da7b7b8ede4e75081071b1a

          SHA256

          ddf48c333e45c56c9e3f16e492c023bf138629f4c093b8aaab8ea60310c8c96e

          SHA512

          ad3168767e5eba575ae766e1e2923b1db4571bbeb302d7c58e8023612e33913dcd9e5f4a4c1bc7b1556442a0807117066f17c62b38fe2ae0dfaa3817b7318862

          Download Submit

        • \Users\Admin\AppData\Local\xYY3FEzom\p2phost.exe
          Filesize

          172KB

          MD5

          0dbd420477352b278dfdc24f4672b79c

          SHA1

          df446f25be33ac60371557717073249a64e04bb2

          SHA256

          1baba169de6c8f3b3c33cea96314c67b709a171bdc8ea9c250a0d016db767345

          SHA512

          84014b2dcc00f9fa1a337089ad4d4abcaa9e3155171978ec07bc155ddaebebfabb529d8de3578e564b3aae59545f52d71af173ebb50d2af252f219ac60b453d1

          Download Submit

        • memory/568-97-0x000007FEF6DC0000-0x000007FEF6EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/568-91-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1168-27-0x0000000077A31000-0x0000000077A32000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1168-8-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-25-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-16-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-14-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-12-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-11-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-9-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-28-0x0000000077BC0000-0x0000000077BC2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1168-4-0x0000000077826000-0x0000000077827000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1168-37-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-38-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-5-0x0000000002560000-0x0000000002561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1168-47-0x0000000077826000-0x0000000077827000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1168-17-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-26-0x0000000002540000-0x0000000002547000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1168-7-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-10-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-13-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1168-15-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1980-46-0x000007FEF77E0000-0x000007FEF7917000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1980-0-0x000007FEF77E0000-0x000007FEF7917000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1980-3-0x0000000000140000-0x0000000000147000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2576-79-0x000007FEF6DC0000-0x000007FEF6EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2576-73-0x000007FEF6DC0000-0x000007FEF6EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2576-76-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2620-61-0x000007FEF7840000-0x000007FEF7978000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2620-58-0x0000000000170000-0x0000000000177000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2620-55-0x000007FEF7840000-0x000007FEF7978000-memory.dmp

          Filesize

          1.2MB

          Download