Overview

overview

10

Static

static

3

dd4291c04d...18.dll

windows7-x64

10

dd4291c04d...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 23:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dd4291c04dcea049af1211bed4fbff12_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    dd4291c04dcea049af1211bed4fbff12

  • SHA1

    99c7c1882b1adbdca93d40b6d1bb670abe21cec0

  • SHA256

    16e713fc83ba72915d16505d5350d1ecc99f13b3cf71b714da0471a8272ce5b5

  • SHA512

    db7107eddb7b2291f936c3bbb3cf7a40239b6b4a041abad9707b5b0479bf6aa58d40be60647c01bd8ba05f8a7128f1d635cdaf8ebda70423e96a77f534a38339

  • SSDEEP

    24576:ruYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N0:19cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd4291c04dcea049af1211bed4fbff12_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2400
  • C:\Windows\system32\AdapterTroubleshooter.exe
    C:\Windows\system32\AdapterTroubleshooter.exe
    1⤵
      PID:2708
    • C:\Users\Admin\AppData\Local\4PO\AdapterTroubleshooter.exe
      C:\Users\Admin\AppData\Local\4PO\AdapterTroubleshooter.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3060
    • C:\Windows\system32\vmicsvc.exe
      C:\Windows\system32\vmicsvc.exe
      1⤵
        PID:2628
      • C:\Users\Admin\AppData\Local\wns02A9MC\vmicsvc.exe
        C:\Users\Admin\AppData\Local\wns02A9MC\vmicsvc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:804
      • C:\Windows\system32\SystemPropertiesAdvanced.exe
        C:\Windows\system32\SystemPropertiesAdvanced.exe
        1⤵
          PID:2796
        • C:\Users\Admin\AppData\Local\5KtBnwcL\SystemPropertiesAdvanced.exe
          C:\Users\Admin\AppData\Local\5KtBnwcL\SystemPropertiesAdvanced.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2112

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\4PO\d3d9.dll
          Filesize

          1.2MB

          MD5

          963e5403d5d11a4caffbdd0740ffb1b4

          SHA1

          74475646825aeb0110076c0fbc5b67aca780b813

          SHA256

          5c7e229a1fab5cc89d41cc0183daddabb20dec4d59f664262f75136660a008ff

          SHA512

          97c2ea67d135f1eef1bdbb5c9fc998069addcacf390ed6e4fe227c8840613dffb49de32d77cb033dac462e21e6e3cfd8a2ad2046f4b599fb948fb74dc319bbcd

          Download Submit

        • C:\Users\Admin\AppData\Local\5KtBnwcL\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          0f6f17f198df529fc281aed71be38bae

          SHA1

          67f837dffcd1184e870df931a4c417a1eea60636

          SHA256

          2b934f8047bdc38049e7b82557ad34079f005157a0fa5600306d4c8c70c25505

          SHA512

          0f37e19bb0478b8d1b75f6471a24df91d0023e2b9769a5979fccc5d1b9becbb68527f55ee2a701a7f7974214d217e498223d63c58b1c26e55f80f17dba9b6f20

          Download Submit

        • C:\Users\Admin\AppData\Local\wns02A9MC\ACTIVEDS.dll
          Filesize

          1.2MB

          MD5

          f8917cff536bf09209dc07972f7252f9

          SHA1

          c3a8a243bd0f11b259ab0b384f9f3b738e6021df

          SHA256

          ec4e87399fa69ed9154e11a45ce31f41b6df266ec584358de12e58d7c834497a

          SHA512

          acb32c52dfbe28e13eee1550bb5004e0d3a8525252b805222b5b9ce5905ae03c70fbcdb1f9429e7659e80d8f801c21955840ecedf6d4ab6c3d73c39624aa1d43

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ykefwsdudlbqds.lnk
          Filesize

          1KB

          MD5

          a7b6f4dc74574578f285f4c7d3eca4d0

          SHA1

          0b65ba520bd9dd4b3cac6de8dc767443bde22995

          SHA256

          df66885feca4b050b46c57b736a2ddb2c31c39f888081812b7e9707c4dccbdc4

          SHA512

          26380874b36ca2afde01247e366fbc151aa64d3e675a468627de49d790151fd2f333fdd4e7eaf880564da6b859df2e0f045862b6afbc250575afa5b4c1412ec5

          Download Submit

        • \Users\Admin\AppData\Local\4PO\AdapterTroubleshooter.exe
          Filesize

          39KB

          MD5

          d4170c9ff5b2f85b0ce0246033d26919

          SHA1

          a76118e8775e16237cf00f2fb79718be0dc84db1

          SHA256

          d05e010a2570cdd5a67f62c99483aeeecb6a8d5ecc523cd49b158a460c9be5da

          SHA512

          9c85a9ea4002bd55cf9c51e470dd1bec527ff04b5d0d6f83094a998c541416cd47c9f42c6ca7e35ffa2842877f79e3c2e989489b9bf81644c5c57bb406b89608

          Download Submit

        • \Users\Admin\AppData\Local\5KtBnwcL\SystemPropertiesAdvanced.exe
          Filesize

          80KB

          MD5

          25dc1e599591871c074a68708206e734

          SHA1

          27a9dffa92d979d39c07d889fada536c062dac77

          SHA256

          a13b2ba5892c11c731869410b1e3dd2f250d70ff9efd513a9f260ab506dd42ef

          SHA512

          f7da9ce4c3e8aea9095fcc977084c042f85df48fca0b58fb136dfd835ce69b5b1e68f3c11eeb14c617ffcec7011ffc7e5d5a948f49dde653a2348b28e10adb72

          Download Submit

        • \Users\Admin\AppData\Local\wns02A9MC\vmicsvc.exe
          Filesize

          238KB

          MD5

          79e14b291ca96a02f1eb22bd721deccd

          SHA1

          4c8dbff611acd8a92cd2280239f78bebd2a9947e

          SHA256

          d829166db30923406a025bf33d6a0997be0a3df950114d1f34547a9525b749e8

          SHA512

          f3d1fa7732b6b027bbaf22530331d27ede85f92c9fd64f940139fd262bd7468211a8a54c835d3934b1974b3d8ecddefa79ea77901b9ef49ab36069963693f988

          Download Submit

        • memory/804-74-0x000007FEF7C80000-0x000007FEF7DB1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/804-71-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/804-68-0x000007FEF7C80000-0x000007FEF7DB1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-16-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-29-0x0000000077B60000-0x0000000077B62000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-12-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-11-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-10-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-9-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-8-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-13-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-32-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-33-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-4-0x00000000778C6000-0x00000000778C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-42-0x00000000778C6000-0x00000000778C7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-15-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-5-0x0000000002D60000-0x0000000002D61000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-7-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-25-0x0000000002A20000-0x0000000002A27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1204-14-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-24-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1204-28-0x00000000779D1000-0x00000000779D2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2112-89-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2112-92-0x000007FEF7C80000-0x000007FEF7DB1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2400-1-0x000007FEF7C90000-0x000007FEF7DC0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2400-41-0x000007FEF7C90000-0x000007FEF7DC0000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2400-0-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3060-56-0x000007FEF7DB0000-0x000007FEF7EE1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3060-53-0x00000000000A0000-0x00000000000A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3060-50-0x000007FEF7DB0000-0x000007FEF7EE1000-memory.dmp

          Filesize

          1.2MB

          Download