Overview

overview

10

Static

static

3

e090a110c9...18.dll

windows7-x64

10

e090a110c9...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2024 16:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e090a110c92fd8946f94056dba3191a0_JaffaCakes118.dll

  • Size

    1.4MB

  • MD5

    e090a110c92fd8946f94056dba3191a0

  • SHA1

    e4d9a011c12ba06f3afbdad94c6d65459f98d479

  • SHA256

    9b35e8390d3620e3c5a99040ea4c5ad6e3ec02a165b5cf788ceec7f31a68a4a0

  • SHA512

    15c822a0530564d4c16d11428d5f3afe260881b4e7db6225b650b71ed20f20629c13e4edf7fd5cf806951b7c7a9a7afee680fbdcda3b5e477b8f078ff7b1308b

  • SSDEEP

    24576:CuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:K9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e090a110c92fd8946f94056dba3191a0_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2876
  • C:\Windows\system32\eudcedit.exe
    C:\Windows\system32\eudcedit.exe
    1⤵
      PID:772
    • C:\Users\Admin\AppData\Local\pQG\eudcedit.exe
      C:\Users\Admin\AppData\Local\pQG\eudcedit.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1164
    • C:\Windows\system32\wscript.exe
      C:\Windows\system32\wscript.exe
      1⤵
        PID:2220
      • C:\Users\Admin\AppData\Local\e5a79c\wscript.exe
        C:\Users\Admin\AppData\Local\e5a79c\wscript.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:804
      • C:\Windows\system32\RDVGHelper.exe
        C:\Windows\system32\RDVGHelper.exe
        1⤵
          PID:1988
        • C:\Users\Admin\AppData\Local\tDN\RDVGHelper.exe
          C:\Users\Admin\AppData\Local\tDN\RDVGHelper.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2124

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\e5a79c\VERSION.dll
          Filesize

          1.4MB

          MD5

          efbaa8079c13058ecf2c384f9b1a9a5e

          SHA1

          48baa8f429afb1e12f4337dd10ad708eaee2979d

          SHA256

          e8e86c0c9356cd8a9511e7ebcffd1c6f97f1300efb3604233ca1a5a5e1fbe220

          SHA512

          9802a85a99d334f43df4cc6ea1f98a6bd1a04333f0ee968b169e4fef6caba6111777cfb2aee148156a14a380091a5e987b476796896f5c198d91e3037c3517f0

          Download Submit

        • C:\Users\Admin\AppData\Local\pQG\MFC42u.dll
          Filesize

          1.4MB

          MD5

          95761a2dbe552add939e16bf8cd5a735

          SHA1

          9cf90f58539f2654522c3898526599f799e48c3c

          SHA256

          82f860a5014161f2963f417574147a927fc08a5de2d4186b60412c5b3e367460

          SHA512

          c08827c9c66c4576a96af0e57551b6293bccdf03bbe486783baa59752eb7db664d7362843aa8f0ca2d4d8463c35a18af8ae46f212d0b0204417799bf02eeafa5

          Download Submit

        • C:\Users\Admin\AppData\Local\tDN\dwmapi.dll
          Filesize

          1.4MB

          MD5

          53d79077e2839b91e970815b42475c54

          SHA1

          e60a03d239832846a5e367dffaacaa81e494f9a8

          SHA256

          55e88a498cdc36eafd3f025455ed54aaa6aa2869827377d3d7ca1b608df4e117

          SHA512

          85042dec885c9f51e3717037df565ec73dacadac0279eda31bb6908a0c64d7f9a043d8596284e3fcd61e0707a6f5c0986b4d16478342b9178acde8704e62750d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ngqpewzrrtyksiv.lnk
          Filesize

          938B

          MD5

          370c13c77b79e06b2cea32ccc4b114eb

          SHA1

          d7e34664a87d2fb02e5d5895562ea8e267b65cf5

          SHA256

          bbbccbb76bca72f2d945c631e2ffc3c875be1515ae06dbaa88739ad870e66dd1

          SHA512

          18bd3909752cbb0abfed2dbd64eff0b6ee5285a508078757b6bbadbb55b7cda1c2c5700dc95891afe6412fc66760ec2afa4f19853223b5469501808889d3df1d

          Download Submit

        • \Users\Admin\AppData\Local\e5a79c\wscript.exe
          Filesize

          165KB

          MD5

          8886e0697b0a93c521f99099ef643450

          SHA1

          851bd390bf559e702b8323062dbeb251d9f2f6f7

          SHA256

          d73f7ee4e6e992a618d02580bdbf4fd6ba7c683d110928001092f4073341e95f

          SHA512

          fc4a176f49a69c5600c427af72d3d274cfeacef48612b18cda966c3b4dda0b9d59c0fe8114d5ed8e0fec780744346e2cd503d1fd15c0c908908d067214b9d837

          Download Submit

        • \Users\Admin\AppData\Local\pQG\eudcedit.exe
          Filesize

          351KB

          MD5

          35e397d6ca8407b86d8a7972f0c90711

          SHA1

          6b39830003906ef82442522d22b80460c03f6082

          SHA256

          1f64118bdc3515e8e9fce6ad182f6d0c8a6528d638fedb4901a6152cde4c7cde

          SHA512

          71b0c4ac120e5841308b0c19718bdc28366b0d79c8177091328ef5421392b9ee5e4758816ffb8c0977f178e1b33ed064f64781eaf7d6952878dc8aea402f035e

          Download Submit

        • \Users\Admin\AppData\Local\tDN\RDVGHelper.exe
          Filesize

          93KB

          MD5

          53fda4af81e7c4895357a50e848b7cfe

          SHA1

          01fb2d0210f1c47aaf684e31a9fb78f89bba9c0f

          SHA256

          62ab8c2c5b5bd84fd07e96b6a3b87a4ea56946107ed9b7f8076580ae1fefd038

          SHA512

          dbbda90a57d27160c5a3a5e4e94cfc43b1663fcbfe424fdec851e52356f61492bdcf677c46be8aa4e8ccc8be7c389b6aa7bbbce8447e1fae32f03e5e409f4051

          Download Submit

        • memory/804-83-0x000007FEF5CD0000-0x000007FEF5E3F000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/804-78-0x000007FEF5CD0000-0x000007FEF5E3F000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1164-63-0x000007FEF6770000-0x000007FEF68E5000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1164-58-0x000007FEF6770000-0x000007FEF68E5000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1164-57-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1208-27-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-17-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-15-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-14-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-13-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-12-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-30-0x00000000772E0000-0x00000000772E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1208-29-0x0000000077151000-0x0000000077152000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-11-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-40-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-39-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-4-0x0000000077046000-0x0000000077047000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-49-0x0000000077046000-0x0000000077047000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-16-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-19-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-28-0x0000000002DE0000-0x0000000002DE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1208-10-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-18-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-5-0x0000000002E00000-0x0000000002E01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-7-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-8-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1208-9-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2124-95-0x0000000000370000-0x0000000000377000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2124-101-0x000007FEF5CD0000-0x000007FEF5E3F000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2876-3-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2876-48-0x000007FEF5CD0000-0x000007FEF5E3E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2876-0-0x000007FEF5CD0000-0x000007FEF5E3E000-memory.dmp

          Filesize

          1.4MB

          Download