Overview

overview

10

Static

static

3

d69063a86c...18.dll

windows7-x64

10

d69063a86c...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-09-2024 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d69063a86c406e82e46e5747e5ef8794_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    d69063a86c406e82e46e5747e5ef8794

  • SHA1

    55511b528dd91aa2b5fc7cd24916103a9ad24a5f

  • SHA256

    7126dd06985d20a9411b370715973a5eda642003567fe11aed9848cd25cea415

  • SHA512

    1b9a3def2cb145cc645828a7880b76781c25bf8ef8bf66f0c167fb9ccd924400a86b6cb2e51725b6d4297b75825291053d0e97edbc60d109b7d4f66681b881dd

  • SSDEEP

    24576:vuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:R9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d69063a86c406e82e46e5747e5ef8794_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3408
  • C:\Windows\system32\ie4ushowIE.exe
    C:\Windows\system32\ie4ushowIE.exe
    1⤵
      PID:3572
    • C:\Users\Admin\AppData\Local\ZZSU0y\ie4ushowIE.exe
      C:\Users\Admin\AppData\Local\ZZSU0y\ie4ushowIE.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3576
    • C:\Windows\system32\dpapimig.exe
      C:\Windows\system32\dpapimig.exe
      1⤵
        PID:2312
      • C:\Users\Admin\AppData\Local\9C6QRp\dpapimig.exe
        C:\Users\Admin\AppData\Local\9C6QRp\dpapimig.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4080
      • C:\Windows\system32\ApplySettingsTemplateCatalog.exe
        C:\Windows\system32\ApplySettingsTemplateCatalog.exe
        1⤵
          PID:4992
        • C:\Users\Admin\AppData\Local\32R5Ya8k\ApplySettingsTemplateCatalog.exe
          C:\Users\Admin\AppData\Local\32R5Ya8k\ApplySettingsTemplateCatalog.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1720

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\32R5Ya8k\ACTIVEDS.dll
          Filesize

          1.2MB

          MD5

          35ad4d9696c7de891e5441aead6a7fbe

          SHA1

          c7b92e935ec10227fd9bdfbff00304c45888009a

          SHA256

          0e0917f40c8309dc1051f49ffbe86027daaa59637e503fd878e49f7292439ec6

          SHA512

          78a40478913a5bd91d25736077909424091d0159fae0da4e471df2cc5cd56186448520352c6157dfae16d5b8b6dd1f8e909267c526b0a1c956ea62748dd2f9c6

          Download Submit

        • C:\Users\Admin\AppData\Local\32R5Ya8k\ApplySettingsTemplateCatalog.exe
          Filesize

          1.1MB

          MD5

          13af41b1c1c53c7360cd582a82ec2093

          SHA1

          7425f893d1245e351483ab4a20a5f59d114df4e1

          SHA256

          a462f29efaaa3c30411e76f32608a2ba5b7d21af3b9804e5dda99e342ba8c429

          SHA512

          c7c82acef623d964c520f1a458dbfe34099981de0b781fb56e14b1f82632e3a8437db6434e7c20988aa3b39efde47aab8d188e80845e841a13e74b079285706a

          Download Submit

        • C:\Users\Admin\AppData\Local\9C6QRp\DUI70.dll
          Filesize

          1.4MB

          MD5

          1ca504a1f82d2e61daa4519a09a81c57

          SHA1

          76a7eac5719d1bfef07e572a7a4d36f0d4d67f75

          SHA256

          38ba9e07df31234a3e72802caa4b5617cd9750a8336a6ee082f7807a070b3d2f

          SHA512

          dd3a83f6908598922523c619c79763d7a89453a72dd7d4db57f772c1aecefb8b82583e4da44a3781d76c5fd36c4fc2b1cf6b096311386e09d03165371bd48687

          Download Submit

        • C:\Users\Admin\AppData\Local\9C6QRp\dpapimig.exe
          Filesize

          76KB

          MD5

          b6d6477a0c90a81624c6a8548026b4d0

          SHA1

          e6eac6941d27f76bbd306c2938c0a962dbf1ced1

          SHA256

          a8147d08b82609c72d588a0a604cd3c1f2076befcc719d282c7cbd6525ae89eb

          SHA512

          72ec8b79e3438f0f981129a323ad39db84df7dd14a796a820bdbc74ea8fa13eee843d1ea030a0c1caeda2e2d69952f14a821a73825b38dd9415047aca597b1fe

          Download Submit

        • C:\Users\Admin\AppData\Local\ZZSU0y\VERSION.dll
          Filesize

          1.2MB

          MD5

          3df4576da2c601761c43298f6353a431

          SHA1

          62210fa6591fff99b4f6d943aed2b5454a487b12

          SHA256

          9b296a44bf2762cd100882f382ad5479da7f0c836ec576fc0931777e2123e258

          SHA512

          23bf998fec4567c56c83d7127591cd769246535b1f4c8f744e949fbf079d7a5006c7c9d3f0889150eed0172072861b388ca075e7bad3c6c7c951d1c5ccb0fb87

          Download Submit

        • C:\Users\Admin\AppData\Local\ZZSU0y\ie4ushowIE.exe
          Filesize

          76KB

          MD5

          9de952f476abab0cd62bfd81e20a3deb

          SHA1

          109cc4467b78dad4b12a3225020ea590bccee3e6

          SHA256

          e9cb6336359ac6f71ac75af2836efb28daa3bafd10a1f0b775dcdc2ec8850a6b

          SHA512

          3cbe50a146ca50b0657a78a2d89a34630c69823005668906785b2d2015cc6139c8dbbf7aefa5fe55957ef55ae06e758933b3b41eaf822e49dba3b7700582e2c9

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Piobvoh.lnk
          Filesize

          1KB

          MD5

          2b69c904fcf19fde3ac86f5a8be6f2fe

          SHA1

          39df90576b78d5d393fafd345d6bd8661e707ca5

          SHA256

          ad192dacbc4e4aea20647897df9514bd9d0171993bdff9c85a89a98496619b3d

          SHA512

          60dafb55a954b77768de976bd15a21fdbacaf9511972c778ba3fb47acbc5483ec4d16c51dd7e4031188f10a9fa0d7e1d3bb61a880cc72a5c98d633ded7c8a4dc

          Download Submit

        • memory/1720-85-0x00007FF99DC20000-0x00007FF99DD51000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1720-82-0x00000233BFC30000-0x00000233BFC37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1720-79-0x00007FF99DC20000-0x00007FF99DD51000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3408-1-0x00007FF9AD960000-0x00007FF9ADA90000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3408-0-0x000002AB66430000-0x000002AB66437000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3408-38-0x00007FF9AD960000-0x00007FF9ADA90000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-33-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-4-0x0000000008AE0000-0x0000000008AE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3432-6-0x00007FF9BB2BA000-0x00007FF9BB2BB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3432-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-16-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-24-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-37-0x00007FF9BC490000-0x00007FF9BC4A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3432-36-0x0000000008090000-0x0000000008097000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3576-51-0x00007FF99DC80000-0x00007FF99DDB1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3576-48-0x0000016BF00A0000-0x0000016BF00A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3576-45-0x00007FF99DC80000-0x00007FF99DDB1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4080-68-0x00007FF99DBE0000-0x00007FF99DD56000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4080-62-0x00007FF99DBE0000-0x00007FF99DD56000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4080-65-0x000001C91C9F0000-0x000001C91C9F7000-memory.dmp

          Filesize

          28KB

          Download