Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
13-09-2024 17:29
General
-
Target
de915c885da0de165bf8c0e92d702b7a_JaffaCakes118.dll
-
Size
1.2MB
-
MD5
de915c885da0de165bf8c0e92d702b7a
-
SHA1
27e5f69d7ecbeefa9babd6e43295dd62b9b9b8ff
-
SHA256
2579ef73b4428c682a9609a873d3b415a65ff2f61387d72270f1dcf5c07034b2
-
SHA512
9c7c80efbf5cc3142882ecc36ac9a4ee5390f89830d3d09c700ea153d8f681fd5976fc7e549682951cc0110c80e7cdc9bbbbbb5ddb5cd80b01cba385cb2f5477
-
SSDEEP
24576:buYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:F9cKrUqZWLAcU
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\de915c885da0de165bf8c0e92d702b7a_JaffaCakes118.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\Magnify.exeC:\Windows\system32\Magnify.exe1⤵
-
C:\Users\Admin\AppData\Local\TZS0\Magnify.exeC:\Users\Admin\AppData\Local\TZS0\Magnify.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\Netplwiz.exeC:\Windows\system32\Netplwiz.exe1⤵
-
C:\Users\Admin\AppData\Local\0N4o6srf\Netplwiz.exeC:\Users\Admin\AppData\Local\0N4o6srf\Netplwiz.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\mblctr.exeC:\Windows\system32\mblctr.exe1⤵
-
C:\Users\Admin\AppData\Local\jA5P0eF\mblctr.exeC:\Users\Admin\AppData\Local\jA5P0eF\mblctr.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Accessibility Features
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD58552e9b0d38e280888966c40fa65128f
SHA1a16cbb375210c627dc4eac5a97c2cc2f748e5d1b
SHA2566d34d396b73c7784f8a5f3ab6e0c450c98d2fd35ee56c6a125b61c6033fcfea6
SHA51224ea1a20e2152dad432b36c85ec7e93433c48e680e2c050945087d8ecfbb9c0a6276be8cb5b180534dd188c895f1f6b97cfde07a86e15ee31e7e507ffae18f90
-
Filesize
1.2MB
MD51a32ca666c666b5bffed90928c552650
SHA1482af760b44b08c1856dacee24311c4d504f295d
SHA256d0462de969369c496357abde141a78246c340485a6787c5616662d304db9d6e4
SHA5122d6d9c8c02e8b039eb4d925faca70c45d0897340495e4894d08865827be9054266b496a55c4672b2341500280355d2d9fd8a158231368676a6d66e69f48b3f1b
-
Filesize
1.2MB
MD5878fe438c7426ca47807be79d2049b33
SHA1e0207b16cc36482b28e30e9f227883a9099aeb40
SHA25696deb655a9d6aad81e71ce659c8f87017e4867e63cc5b4ff6682be9cb5bee17b
SHA5125785fba4ea34555382c79af6b585d10b9afae87d8c923a720dd61f8a511b2d0dcb77097df6ec55a57839665edf503f349b3c37bf8fe8dfe5a808c540e4be66e5
-
Filesize
1KB
MD5814fc3ed2caff11b5e4d0df9c5379038
SHA164f2a7686800b0b82ce526777c87107148eddfe0
SHA2563526e9e3e147a44d1acd99833501ad603b71063c96c73bba2c5fbae0eed4b808
SHA512e6c5605537cb501086f4980cdf3fa227ce04254f87e157313104240dd682faffa20e75ee109b49d020ebfb9d54f7f7762e40162ca185d2b921403925f504daff
-
Filesize
26KB
MD5e43ec3c800d4c0716613392e81fba1d9
SHA137de6a235e978ecf3bb0fc2c864016c5b0134348
SHA256636606415a85a16a7e6c5c8fcbdf35494991bce1c37dfc19c75ecb7ce12dc65c
SHA512176c6d8b87bc5a9ca06698e2542ff34d474bcbbf21278390127981366eda89769bd9dd712f3b34f4dd8332a0b40ee0e609276400f16b51999471c8ff24522a08
-
Filesize
637KB
MD5233b45ddf77bd45e53872881cff1839b
SHA1d4b8cafce4664bb339859a90a9dd1506f831756d
SHA256adfd109ec03cd57e44dbd5fd1c4d8c47f8f58f887f690ba3c92f744b670fd75a
SHA5126fb5f730633bfb2d063e6bc8cf37a7624bdcde2bd1d0c92b6b9a557484e7acf5d3a2be354808cade751f7ac5c5fe936e765f6494ef54b4fdb2725179f0d0fe39
-
Filesize
935KB
MD5fa4c36b574bf387d9582ed2c54a347a8
SHA1149077715ee56c668567e3a9cb9842284f4fe678
SHA256b71cdf708d4a4f045f784de5e5458ebf9a4fa2b188c3f7422e2fbfe19310be3f
SHA5121f04ce0440eec7477153ebc2ce56eaabcbbac58d9d703c03337f030e160d22cd635ae201752bc2962643c75bbf2036afdd69d97e8cbc81260fd0e2f55946bb55
-
Filesize
1.2MB
-
Filesize
28KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
28KB
-
Filesize
1.2MB
-
Filesize
28KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
28KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
28KB