Overview

overview

10

Static

static

3

dd004eb199...18.dll

windows7-x64

10

dd004eb199...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-09-2024 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd004eb1995ca16c41612ab17fb29d16_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    dd004eb1995ca16c41612ab17fb29d16

  • SHA1

    3a75a7c007771180bd4c55006b3f60015fa96b8d

  • SHA256

    720dda96ea558310e2dd575d2dbd382caeccff1c8a71299b091f293845bf46de

  • SHA512

    8ac3e636b114189eab565f7d68f634e989bee34a48b5d259af724c55df9dd4ee70626559d3f73f302de78a605a21e8b0ca88483d8efa1e15cc920c5812e0516a

  • SSDEEP

    12288:8VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:JfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd004eb1995ca16c41612ab17fb29d16_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:5056
  • C:\Windows\system32\SppExtComObj.Exe
    C:\Windows\system32\SppExtComObj.Exe
    1⤵
      PID:4244
    • C:\Users\Admin\AppData\Local\NKMD\SppExtComObj.Exe
      C:\Users\Admin\AppData\Local\NKMD\SppExtComObj.Exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4956
    • C:\Windows\system32\dxgiadaptercache.exe
      C:\Windows\system32\dxgiadaptercache.exe
      1⤵
        PID:3276
      • C:\Users\Admin\AppData\Local\q8tz0z6\dxgiadaptercache.exe
        C:\Users\Admin\AppData\Local\q8tz0z6\dxgiadaptercache.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:924
      • C:\Windows\system32\CloudNotifications.exe
        C:\Windows\system32\CloudNotifications.exe
        1⤵
          PID:3744
        • C:\Users\Admin\AppData\Local\QejMvtvk\CloudNotifications.exe
          C:\Users\Admin\AppData\Local\QejMvtvk\CloudNotifications.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:5088

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\NKMD\ACTIVEDS.dll
          Filesize

          1.2MB

          MD5

          c096907809920773e6052908f00f7440

          SHA1

          75f939fa6eb1847810ce78e651c8273f8cb4fc10

          SHA256

          1201dc4c29c9b626dfc31c2290f059253968af764d550f691dc1129a7f104bd7

          SHA512

          d5652154f6f0c03f5407eafea4e6f60cea619eaaa4452d72f128e0ec89476e28a46dee9a8d13c94f401a92bc40e1b7b823689096076c3708523828f273fcb92b

          Download Submit

        • C:\Users\Admin\AppData\Local\NKMD\SppExtComObj.Exe
          Filesize

          559KB

          MD5

          728a78909aa69ca0e976e94482350700

          SHA1

          6508dfcbf37df25cae8ae68cf1fcd4b78084abb7

          SHA256

          2a6581576305771044f07ea0fef27f77859996dbf66c2017e938f90bfc1e010c

          SHA512

          22bf985e71afa58a1365cc733c0aa03dabd4b44e7c6a136eb5f9b870db14470201b4ef88a19fa3864af6c44e79e1a01d6f8806062d9d4861ba7dac77d82074f1

          Download Submit

        • C:\Users\Admin\AppData\Local\QejMvtvk\CloudNotifications.exe
          Filesize

          59KB

          MD5

          b50dca49bc77046b6f480db6444c3d06

          SHA1

          cc9b38240b0335b1763badcceac37aa9ce547f9e

          SHA256

          96e7e1a3f0f4f6fc6bda3527ab8a739d6dfcab8e534aa7a02b023daebb3c0775

          SHA512

          2a0504ca336e86b92b2f5eff1c458ebd9df36c496331a7247ef0bb8b82eabd86ade7559ddb47ca4169e8365a97e80e5f1d3c1fc330364dea2450608bd692b1d3

          Download Submit

        • C:\Users\Admin\AppData\Local\QejMvtvk\UxTheme.dll
          Filesize

          1.2MB

          MD5

          3bb143592bb4fbdcbab3d4fea912bb1a

          SHA1

          01818aad24a08c6b5a9665444c19b3212e4f7826

          SHA256

          efe3cb1898e36488c837d56cef09b4c71425b2d8003a9528c62262fd72c2362c

          SHA512

          19578553e00cff1365b500293199ae433d381c7b513f401032bd3fdda7b77852073dcd2d5335bf992dd04d0d1e34b012954433715c48c6e5b85922eae5b09877

          Download Submit

        • C:\Users\Admin\AppData\Local\q8tz0z6\dxgi.dll
          Filesize

          1.2MB

          MD5

          ba696031a7e702ff6a9b8beeaa1fcfc3

          SHA1

          27b9ca121cc78a201c511487152d42b61c3c02fd

          SHA256

          85c2f517814a79c6b6eaf9644bc95300bb2b10d47b3cf2774b7d25b69f3909a1

          SHA512

          07f0dee5ed1bfa8584dfc608cc6345ff1ccffa0e5f7d6750803c74990ec8c77ebc071b3b180ffa72e6468e61aec9f80569ffd7500797561c5115cac9ee7801fb

          Download Submit

        • C:\Users\Admin\AppData\Local\q8tz0z6\dxgiadaptercache.exe
          Filesize

          230KB

          MD5

          e62f89130b7253f7780a862ed9aff294

          SHA1

          b031e64a36e93f95f2061be5b0383069efac2070

          SHA256

          4bea9f741fe4ca9d6262477849896b9fa6377326d11af044561c31bde2d994b5

          SHA512

          05649d38a0b5d825bb8442549427b0ff77b139c9dd297b04d6c0fb1415504c95ed750cd79efea2ff514abfc5d1003e6251a3cd871d352dcea06be0cdeb0304f7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Nszgn.lnk
          Filesize

          1019B

          MD5

          5ecbcaade501110164a67d06ec7468e8

          SHA1

          be0025bff841a2b955bd51e912dae1d7fba7e485

          SHA256

          ae967b35747ba6eca724bb372923ea45bdab11edaf2fb794858ac905f08fec15

          SHA512

          8f096c90ab61983faf9dafd7582961fa418ed42eb2a735ce2d6bf820337d2a54f94779b6ff1844c39916d9b75250d83875265be620f175563352914660e8c3f4

          Download Submit

        • memory/924-96-0x0000021160190000-0x0000021160197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3552-24-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-16-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-53-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-45-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-44-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-43-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-42-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-41-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-40-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-38-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-37-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-36-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-35-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-34-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-33-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-32-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-31-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-30-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-28-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-27-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-26-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-25-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-6-0x00007FF9A822A000-0x00007FF9A822B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3552-22-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-64-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-21-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-17-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-62-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-15-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-14-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-4-0x0000000002410000-0x0000000002411000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3552-18-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-46-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-70-0x00007FF9A9F40000-0x00007FF9A9F50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3552-69-0x0000000000AA0000-0x0000000000AA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3552-12-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-39-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-11-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-10-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-9-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-29-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-8-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-7-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-23-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-19-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3552-20-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4956-75-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4956-81-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4956-80-0x000001619E5D0000-0x000001619E5D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/5056-13-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/5056-3-0x000001636B110000-0x000001636B117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/5056-0-0x0000000140000000-0x0000000140137000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/5088-110-0x000001C61A670000-0x000001C61A677000-memory.dmp

          Filesize

          28KB

          Download