Overview

overview

10

Static

static

3

ea01a6add7...18.dll

windows7-x64

10

ea01a6add7...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2024 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea01a6add7afdcb129fd6fff4ddb15ce_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    ea01a6add7afdcb129fd6fff4ddb15ce

  • SHA1

    11ec5fbc5ad77d25e9d22518f47f8f0b160a46a9

  • SHA256

    d9be09a9dd8aaa00eeffcc1023440100139d3176e9ee7600fce67b7d754f204d

  • SHA512

    6225b33bd6a0df411679014c25f23d0d41de3c96052f2eae86d1b072831a5e18bbb636775fbf88c2941b16d351aad70ec017545edb58d45122fe0e8cb1fc026d

  • SSDEEP

    24576:MuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:k9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ea01a6add7afdcb129fd6fff4ddb15ce_JaffaCakes118.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2900
  • C:\Windows\system32\cttune.exe
    C:\Windows\system32\cttune.exe
    1⤵
      PID:3580
    • C:\Users\Admin\AppData\Local\g7Dq455\cttune.exe
      C:\Users\Admin\AppData\Local\g7Dq455\cttune.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3784
    • C:\Windows\system32\DevicePairingWizard.exe
      C:\Windows\system32\DevicePairingWizard.exe
      1⤵
        PID:1032
      • C:\Users\Admin\AppData\Local\TcBvJ\DevicePairingWizard.exe
        C:\Users\Admin\AppData\Local\TcBvJ\DevicePairingWizard.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3696
      • C:\Windows\system32\SppExtComObj.Exe
        C:\Windows\system32\SppExtComObj.Exe
        1⤵
          PID:2196
        • C:\Users\Admin\AppData\Local\Oye\SppExtComObj.Exe
          C:\Users\Admin\AppData\Local\Oye\SppExtComObj.Exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:840

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Oye\ACTIVEDS.dll
          Filesize

          1.2MB

          MD5

          6e3dbabbb3a4820328d4e6f52a624cd4

          SHA1

          c23cabf6f0de013a682a46d2b29a6ef786cdc77d

          SHA256

          669fe80231c6efd0c50140394ab24aa2378d5bc26e3371dc2ed0f3cb022d8be7

          SHA512

          8dc4bed2b5ec4d947f36564b3cad37bcf33c612ca8ce90198b6d8d4549021f8afe414fe42b2b69b1595a6ade35c2f29a60d14bd8c473378b60fc6fe4914e7219

          Download Submit

        • C:\Users\Admin\AppData\Local\Oye\SppExtComObj.Exe
          Filesize

          559KB

          MD5

          728a78909aa69ca0e976e94482350700

          SHA1

          6508dfcbf37df25cae8ae68cf1fcd4b78084abb7

          SHA256

          2a6581576305771044f07ea0fef27f77859996dbf66c2017e938f90bfc1e010c

          SHA512

          22bf985e71afa58a1365cc733c0aa03dabd4b44e7c6a136eb5f9b870db14470201b4ef88a19fa3864af6c44e79e1a01d6f8806062d9d4861ba7dac77d82074f1

          Download Submit

        • C:\Users\Admin\AppData\Local\TcBvJ\DevicePairingWizard.exe
          Filesize

          93KB

          MD5

          d0e40a5a0c7dad2d6e5040d7fbc37533

          SHA1

          b0eabbd37a97a1abcd90bd56394f5c45585699eb

          SHA256

          2adaf3a5d3fde149626e3fef0e943c7029a135c04688acf357b2d8d04c81981b

          SHA512

          1191c2efcadd53b74d085612025c44b6cd54dd69493632950e30ada650d5ed79e3468c138f389cd3bc21ea103059a63eb38d9d919a62d932a38830c93f57731f

          Download Submit

        • C:\Users\Admin\AppData\Local\TcBvJ\MFC42u.dll
          Filesize

          1.2MB

          MD5

          bd4079c96bb38981885a4c0cbfc8d069

          SHA1

          bef604addca82cdd2143ef0cec987bfd9780296c

          SHA256

          3daa51f0bbf3b6009d897165f7022449fa311106272696b365ef7bb9baea2364

          SHA512

          08226ad0b6e59f334e400a3aaeda7dada6922180a1eaa7ac0871dae3410413650aa88ca69a977a27d71a82b247ea0b4d20ea42a12491b2ad30ad724f6df3838c

          Download Submit

        • C:\Users\Admin\AppData\Local\g7Dq455\UxTheme.dll
          Filesize

          1.2MB

          MD5

          5be5758b965e880d5b18e288905d742e

          SHA1

          8ecfe7a930b75f88c10985914972b9663bbcedd9

          SHA256

          5d604784d065cad357725f782185a4e29d55f42b1644053dbabc4a6689f4f3a3

          SHA512

          e928c55f8da60b887000f75a1f3f77d1bc633f29a35a4e4749478243e6d923f0a9eb8efee6ea15f9d9c2a9ffdf1d4f5df2d0be48b8b87650c04d962857b8e531

          Download Submit

        • C:\Users\Admin\AppData\Local\g7Dq455\cttune.exe
          Filesize

          90KB

          MD5

          fa924465a33833f41c1a39f6221ba460

          SHA1

          801d505d81e49d2b4ffa316245ca69ff58c523c3

          SHA256

          de2d871afe2c071cf305fc488875563b778e7279e57030ba1a1c9f7e360748da

          SHA512

          eef91316e1a679cc2183d4fe9f8f40b5efa6d06f7d1246fd399292e14952053309b6891059da88134a184d9bd0298a45a1bf4bc9f27140b1a31b9523acbf3757

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Nszgn.lnk
          Filesize

          1KB

          MD5

          025e4091b2c8768dcde56b430cae5391

          SHA1

          edb06e763b4120652126d7f1bbbc853dba802075

          SHA256

          dc05a26a0247380db78b2abea98904dadef847cf24a87d98ea690d5f14cdb8b9

          SHA512

          1e4ea591511f3be7cf3cf8445cd1975b99f0c6a4fd82353bcc371713088833f19069b6db75e8316a1d1fdac7c30527e27154a43afd64121b2e70e290c9e21822

          Download Submit

        • memory/840-88-0x00007FFACF7B0000-0x00007FFACF8E5000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/840-85-0x000001CD02F20000-0x000001CD02F27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2900-41-0x00007FFADE420000-0x00007FFADE554000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2900-1-0x00007FFADE420000-0x00007FFADE554000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2900-0-0x00000000027E0000-0x00000000027E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3460-38-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-19-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-16-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-15-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-14-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-13-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-11-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-10-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-9-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-17-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-27-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-31-0x0000000002780000-0x0000000002787000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3460-6-0x00007FFAEBDFA000-0x00007FFAEBDFB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3460-4-0x00000000027A0000-0x00000000027A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3460-12-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-32-0x00007FFAED150000-0x00007FFAED160000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3460-18-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-7-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3460-8-0x0000000140000000-0x0000000140134000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3696-71-0x00007FFACF7B0000-0x00007FFACF8EB000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3696-65-0x00007FFACF7B0000-0x00007FFACF8EB000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3696-68-0x0000027B45B60000-0x0000027B45B67000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3784-54-0x00007FFACF7B0000-0x00007FFACF8E5000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3784-49-0x00007FFACF7B0000-0x00007FFACF8E5000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3784-48-0x000001CE1F930000-0x000001CE1F937000-memory.dmp

          Filesize

          28KB

          Download