Overview

overview

10

Static

static

3

d7124391cb...18.dll

windows7-x64

10

d7124391cb...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 20:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d7124391cb48a2dd54731363a0abc0df_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    d7124391cb48a2dd54731363a0abc0df

  • SHA1

    e41176662cbdecf7e10bb93ae809932610f2803e

  • SHA256

    43edfba88ac4ef39ede058afdd0640c659e3cf939a920c7f45449bf514ecd9cf

  • SHA512

    14e4f489a3bb06c4a00feac97adbc520dc3cc4c967d20482d6d18f59f7b6e2fc175dc1e31579b5ada833f1b4983357c02f4361dec2ca7fc2bcee050cc58dfe1e

  • SSDEEP

    24576:fuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:h9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7124391cb48a2dd54731363a0abc0df_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2452
  • C:\Windows\system32\InfDefaultInstall.exe
    C:\Windows\system32\InfDefaultInstall.exe
    1⤵
      PID:3236
    • C:\Users\Admin\AppData\Local\YAijH\InfDefaultInstall.exe
      C:\Users\Admin\AppData\Local\YAijH\InfDefaultInstall.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4276
    • C:\Windows\system32\DWWIN.EXE
      C:\Windows\system32\DWWIN.EXE
      1⤵
        PID:4368
      • C:\Users\Admin\AppData\Local\IwSoq7d\DWWIN.EXE
        C:\Users\Admin\AppData\Local\IwSoq7d\DWWIN.EXE
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1096
      • C:\Windows\system32\wusa.exe
        C:\Windows\system32\wusa.exe
        1⤵
          PID:1532
        • C:\Users\Admin\AppData\Local\BipLCvh6\wusa.exe
          C:\Users\Admin\AppData\Local\BipLCvh6\wusa.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4384

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\BipLCvh6\dpx.dll
          Filesize

          1.2MB

          MD5

          2b63f14aaa23aa05c8e14d7a771c10cc

          SHA1

          cfaf03ec300be4932049ec74692a57724f9ca47e

          SHA256

          44c1295d226fc28e38a225c24f274aefcd57b556e3e1517e2ad75839b4c2a961

          SHA512

          7d5d8bdbdfbc1e648aaa5c0b7dd5359d50d9e21f42a8df804c962e8d8e1bfb2d6e7e95fcfe94349c50959ac70f584b7175f1162f4d0d8d11175a7eeb58a74c3d

          Download Submit

        • C:\Users\Admin\AppData\Local\BipLCvh6\wusa.exe
          Filesize

          309KB

          MD5

          e43499ee2b4cf328a81bace9b1644c5d

          SHA1

          b2b55641f2799e3fdb3bea709c9532017bbac59d

          SHA256

          3e30230bbf3ceee3e58162b61eed140e9616210833a6ad7df3e106bc7492d2fb

          SHA512

          04823764520871f9202d346b08a194bdd5f5929db6d5c2f113911f84aece7471c8d3bd2c4256119a303dbe18a0c055dbc5034d80b1f27a43744104544731f52b

          Download Submit

        • C:\Users\Admin\AppData\Local\IwSoq7d\DWWIN.EXE
          Filesize

          229KB

          MD5

          444cc4d3422a0fdd45c1b78070026c60

          SHA1

          97162ff341fff1ec54b827ec02f8b86fd2d41a97

          SHA256

          4b3f620272e709ce3e01ae5b19ef0300bd476f2da6412637f703bbaded2821f0

          SHA512

          21742d330a6a5763ea41a8fed4d71b98e4a1b4c685675c4cfeb7253033c3a208c23902caf0efdf470a85e0770cb8fac8af0eb6d3a8511445b0570054b42d5553

          Download Submit

        • C:\Users\Admin\AppData\Local\IwSoq7d\VERSION.dll
          Filesize

          1.2MB

          MD5

          ba17a0e45c0a4c3d4f55f81ccda4d3d6

          SHA1

          84fd18d60194d32f729b4bc7414b5f50c6348c89

          SHA256

          19dd15d93fde53dbebd897945d536d57b5127282144b26d9cdfdbdc19fe25cbd

          SHA512

          4acf988b53d0e70de70727254d0ef8d1f859c552cae6966d40e958edd19ed6b594c151669bc9adb616e0c2b79f39b7a4960efebfa695022ddca150c2f59bf85b

          Download Submit

        • C:\Users\Admin\AppData\Local\YAijH\InfDefaultInstall.exe
          Filesize

          13KB

          MD5

          ee18876c1e5de583de7547075975120e

          SHA1

          f7fcb3d77da74deee25de9296a7c7335916504e3

          SHA256

          e59127b5fe82714956c7a1f10392a8673086a8e1f609e059935c7da1fa015a5d

          SHA512

          08bc4d28b8f528582c58175a74871dd33ac97955c3709c991779fc34b5ba4b2ba6ff40476d9f59345b61b0153fd932b0ea539431a67ff5012cb2ac8ab392f73c

          Download Submit

        • C:\Users\Admin\AppData\Local\YAijH\newdev.dll
          Filesize

          1.2MB

          MD5

          586b9628218cdb2e593bd45336c86b37

          SHA1

          c6b87dcb6f956bee2f88e8c4f17057ad8eb482c3

          SHA256

          60b472ce5a9946581deac07aa48d24d884c5ced45fb652931c600e7a15b1dd2c

          SHA512

          a40466d98747eaab7e74e20ca13c4275b7fd105f048ffc556719a65ed6076ae122b557fcefe2285683774109e17c32d21620ae77ebbc49ac89fe11f011b42713

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Mihblavoyj.lnk
          Filesize

          721B

          MD5

          6bbaba9d95a2b25be5648ac9bf1d082e

          SHA1

          8c5c4e98b5014440f9f2154f0409c52279baf6e5

          SHA256

          8ccc5fb83895acfbd04b7898a04855b9c7e16561af44be844ca9a2c014ba78ea

          SHA512

          e0a518a13699cfa59c2a6a1cd1ad4c3d6a5ec33ea1b129fe33cfbd6afc9d4082c4e3e80845018fa0cef2de21670762539dcd9d5af7992286ecf68b9b45b7d396

          Download Submit

        • memory/1096-69-0x00007FFD488E0000-0x00007FFD48A11000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1096-63-0x0000024DFDDB0000-0x0000024DFDDB7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2452-0-0x00000206B1C30000-0x00000206B1C37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2452-2-0x00007FFD58150000-0x00007FFD58280000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2452-38-0x00007FFD58150000-0x00007FFD58280000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-5-0x00007FFD66DEA000-0x00007FFD66DEB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-29-0x00007FFD66F30000-0x00007FFD66F40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3524-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-4-0x0000000002FD0000-0x0000000002FD1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-16-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-24-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-35-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3524-28-0x0000000002FB0000-0x0000000002FB7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4276-50-0x00007FF7FF490000-0x00007FF7FF497000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4276-51-0x00007FFD488E0000-0x00007FFD48A11000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4276-46-0x00007FFD488E0000-0x00007FFD48A11000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4276-45-0x000001BFD76C0000-0x000001BFD76C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4384-83-0x00000191B32A0000-0x00000191B32A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4384-86-0x00007FFD488E0000-0x00007FFD48A11000-memory.dmp

          Filesize

          1.2MB

          Download