Overview

overview

10

Static

static

3

e87adb12a4...18.dll

windows7-x64

10

e87adb12a4...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2024 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e87adb12a4d0bf15245bbd0d65bb0cfc_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    e87adb12a4d0bf15245bbd0d65bb0cfc

  • SHA1

    56d12429ec379f1d6df251feb0ee6794ce410bed

  • SHA256

    3e42df93d811b179bcebf9e9cfc4402a2b4f7aa92665ee3725850d141c35be09

  • SHA512

    2244c10e117dcf2b1592e5e3bb513c3e0976d9765e4c924e82abe72c5948859a2819060d6bbcf6a67217abb7f81b1f1e7b2232e2ea6da6d082d67de61f81dd77

  • SSDEEP

    24576:9uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:X9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e87adb12a4d0bf15245bbd0d65bb0cfc_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1504
  • C:\Windows\system32\SystemSettingsRemoveDevice.exe
    C:\Windows\system32\SystemSettingsRemoveDevice.exe
    1⤵
      PID:4848
    • C:\Users\Admin\AppData\Local\16q\SystemSettingsRemoveDevice.exe
      C:\Users\Admin\AppData\Local\16q\SystemSettingsRemoveDevice.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4444
    • C:\Windows\system32\msra.exe
      C:\Windows\system32\msra.exe
      1⤵
        PID:2312
      • C:\Users\Admin\AppData\Local\suA7aMQ\msra.exe
        C:\Users\Admin\AppData\Local\suA7aMQ\msra.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4440
      • C:\Windows\system32\Narrator.exe
        C:\Windows\system32\Narrator.exe
        1⤵
          PID:1092
        • C:\Users\Admin\AppData\Local\5nT\Narrator.exe
          C:\Users\Admin\AppData\Local\5nT\Narrator.exe
          1⤵
          • Executes dropped EXE
          PID:4720
        • C:\Windows\system32\unregmp2.exe
          C:\Windows\system32\unregmp2.exe
          1⤵
            PID:1628
          • C:\Users\Admin\AppData\Local\SLTXmKXa\unregmp2.exe
            C:\Users\Admin\AppData\Local\SLTXmKXa\unregmp2.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:3336

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\16q\DUI70.dll
            Filesize

            1.4MB

            MD5

            d552ea2c03c3f92e654fd2f82133d0f8

            SHA1

            45d5058b5a0d3ee0c3b1e20c76cef310c59b99f5

            SHA256

            75add49a69280415498997b1ae1241f18f43bcc234f1dcb646b24eaaf00e5f51

            SHA512

            7aef12b21779b36902af42810bdc4b076e9ec150773f678d162bed3b637a306ccacc656148d6e42962f2d4314446b19f01a6fe3f66a53f61390151a1ef1da689

            Download Submit

          • C:\Users\Admin\AppData\Local\16q\SystemSettingsRemoveDevice.exe
            Filesize

            39KB

            MD5

            7853f1c933690bb7c53c67151cbddeb0

            SHA1

            d47a1ad0ccba4c988c8ffc5cbf9636fd4f4fa6e6

            SHA256

            9500731b2a3442f11dfd08a8adfe027e7f32ef5834c628eed4b78be74168470d

            SHA512

            831993d610539d44422d769de6561a4622e1b9cb3d73253774b6cecabf57654a74cd88b4ebe20921585ea96d977225b9501f02a0f6a1fc7d2cad6824fd539304

            Download Submit

          • C:\Users\Admin\AppData\Local\5nT\Narrator.exe
            Filesize

            521KB

            MD5

            d92defaa4d346278480d2780325d8d18

            SHA1

            6494d55b2e5064ffe8add579edfcd13c3e69fffe

            SHA256

            69b8c93d9b262b36e2bdc223cc0d6e312cc471b49d7cc36befbba1f863a05d83

            SHA512

            b82c0fbc07361e4ad6e4ab171e55e1e41e9312ba995dce90696ca90f734f5d1ea11371ca046e8680ea566a1c2e0643ab86f1f6dcf6cbd05aed8448425a2830b5

            Download Submit

          • C:\Users\Admin\AppData\Local\SLTXmKXa\VERSION.dll
            Filesize

            1.2MB

            MD5

            cb2e3dbb798c40a000ae94fb5c732ae4

            SHA1

            f4d04f7509cb4d0fd1868cc285292289d89961da

            SHA256

            32c91580f574a8daa5c3a58a755f9d1d343eb230c0df47aac46bbb336df50b5f

            SHA512

            71fcfc6916d0f50cefd3cc1a94ff15d37ff14a0c98730126b028050f64e98f6761e0b4d4d052cfbd04d8e5b08466cf98d709c3634941eaca7eb3cd772999b281

            Download Submit

          • C:\Users\Admin\AppData\Local\SLTXmKXa\unregmp2.exe
            Filesize

            259KB

            MD5

            a6fc8ce566dec7c5873cb9d02d7b874e

            SHA1

            a30040967f75df85a1e3927bdce159b102011a61

            SHA256

            21f41fea24dddc8a32f902af7b0387a53a745013429d8fd3f5fa6916eadc839d

            SHA512

            f83e17dd305eb1bc24cca1f197e2440f9b501eafb9c9d44ede7c88b1520030a87d059bdcb8eadeac1eaedabcbc4fe50206821965d73f0f6671e27edd55c01cbc

            Download Submit

          • C:\Users\Admin\AppData\Local\suA7aMQ\UxTheme.dll
            Filesize

            1.2MB

            MD5

            8d61203fd62f977a860ee0535f954b3d

            SHA1

            4b35545d9b340ffc2cd0229679661c8c48742ad6

            SHA256

            486e41cb2d34ab1f2626415923d301819b40aaf722042ce8269a02deec4c792b

            SHA512

            c2cb0982e222e2d1ba928573bb2ab1b9723377c11c5a09156cd3490363fdb1ce110e41e3e6ec2e3cf22b0866fd524315718598f471fb46d6312c3107327fa64c

            Download Submit

          • C:\Users\Admin\AppData\Local\suA7aMQ\msra.exe
            Filesize

            579KB

            MD5

            dcda3b7b8eb0bfbccb54b4d6a6844ad6

            SHA1

            316a2925e451f739f45e31bc233a95f91bf775fa

            SHA256

            011e1decd6683afe5f1e397fe9697f2cf592ae21766a7629e234682f721658ae

            SHA512

            18e8c99f8b86375627aba0d2b10cf4db24ee5ac61a3d6a73d382a83ec63217c7e455570d4fa7dcdbb188dcc73988689661f8cab2337ae8c615fa6bc9a08f71f5

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Mcinmsnhewplgza.lnk
            Filesize

            1KB

            MD5

            25c8457ec9a2d3069b721c9378e3408d

            SHA1

            325ead3d7d6bbe9430791eab20b340f93ec56b42

            SHA256

            08dbdb728bd436ee6b27455554acd7e1156642e841cef568bff3e3df78db999d

            SHA512

            0b52f8b3d5e42a55207780077e8a32f191bdca9b1e0dbbe0dcc57a4bdaf93c84ec8ee01ca2ecec3a6c2bdb9bc6fb3e6751c65010470a5e77f6dca082c547a788

            Download Submit

          • memory/1504-0-0x00000251C4F00000-0x00000251C4F07000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1504-38-0x00007FFEADA80000-0x00007FFEADBB0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1504-2-0x00007FFEADA80000-0x00007FFEADBB0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3336-90-0x00000172A1D90000-0x00000172A1D97000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3336-93-0x00007FFE9E2F0000-0x00007FFE9E421000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-28-0x0000000001440000-0x0000000001447000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3492-15-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-10-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-9-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-8-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-12-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-13-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-14-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-4-0x00000000014B0000-0x00000000014B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3492-5-0x00007FFEBB5AA000-0x00007FFEBB5AB000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3492-7-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-11-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-24-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-16-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3492-29-0x00007FFEBC3F0000-0x00007FFEBC400000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3492-35-0x0000000140000000-0x0000000140130000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4440-68-0x00007FFE9E2F0000-0x00007FFE9E421000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4440-63-0x00007FFE9E2F0000-0x00007FFE9E421000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4440-62-0x0000014523E70000-0x0000014523E77000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4444-51-0x00007FFE9E2B0000-0x00007FFE9E426000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/4444-46-0x00007FFE9E2B0000-0x00007FFE9E426000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/4444-45-0x000001EA36B30000-0x000001EA36B37000-memory.dmp

            Filesize

            28KB

            Download