Overview

overview

10

Static

static

3

e8b8a00279...18.dll

windows7-x64

10

e8b8a00279...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8b8a0027996e15a3fd8e3bb55f082f6_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    e8b8a0027996e15a3fd8e3bb55f082f6

  • SHA1

    fa6157e38d9e14774b12b52d599b516e05ba3ed6

  • SHA256

    77ccaeda8a23dc24a8d57f41db284d1cadac6c9ba46781728fb31e0102eb874d

  • SHA512

    b8cdb6f404cf34f05afcb5a948b9ba1c3e7f615cf9f1beaddb6ff3632e0d00187ed97967a56eada005c2862368c50f4aeb08185ca8c0136bbfbaa7b85305f242

  • SSDEEP

    24576:PuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NMt:x9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e8b8a0027996e15a3fd8e3bb55f082f6_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1660
  • C:\Windows\system32\SystemPropertiesHardware.exe
    C:\Windows\system32\SystemPropertiesHardware.exe
    1⤵
      PID:2428
    • C:\Users\Admin\AppData\Local\M4vvG\SystemPropertiesHardware.exe
      C:\Users\Admin\AppData\Local\M4vvG\SystemPropertiesHardware.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2476
    • C:\Windows\system32\sigverif.exe
      C:\Windows\system32\sigverif.exe
      1⤵
        PID:864
      • C:\Users\Admin\AppData\Local\DgmhMs7\sigverif.exe
        C:\Users\Admin\AppData\Local\DgmhMs7\sigverif.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1808
      • C:\Windows\system32\SndVol.exe
        C:\Windows\system32\SndVol.exe
        1⤵
          PID:672
        • C:\Users\Admin\AppData\Local\wb6j9bl\SndVol.exe
          C:\Users\Admin\AppData\Local\wb6j9bl\SndVol.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2332

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\DgmhMs7\VERSION.dll
          Filesize

          1.2MB

          MD5

          0aef8f583c95e75a152d2d7484172872

          SHA1

          6c1d47bdbafcd6e42172e652f7920dd6a7caf662

          SHA256

          fdee08ee4515ac76aa5c2e84eef6403741d4b93ec0db3068bf8ac333a78e78f9

          SHA512

          9bf4eb8fb667828f0444dbda2cbdd9b23b9173721a6fd46435345ce8aa7c5db4cdb0b41d6133d864905c04b4dd9687f5f2c08e41ee3c99fc64ec2e8911cb1e78

          Download Submit

        • C:\Users\Admin\AppData\Local\DgmhMs7\sigverif.exe
          Filesize

          73KB

          MD5

          e8e95ae5534553fc055051cee99a7f55

          SHA1

          4e0f668849fd546edd083d5981ed685d02a68df4

          SHA256

          9e107fd99892d08b15c223ac17c49af75a4cbca41b5e939bb91c9dca9f0d0bec

          SHA512

          5d3c32d136a264b6d2cfba4602e4d8f75e55ba0e199e0e81d7a515c34d8b9237db29647c10ab79081173010ff8e2c6a59b652c0a9cfa796433aed2d200f02da6

          Download Submit

        • C:\Users\Admin\AppData\Local\M4vvG\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          ac6e78eacb7b38de582a03adb76938d0

          SHA1

          73fc0de5b7c274de4d6e788a1eeacdbf2bbe1c10

          SHA256

          b2cd9cec961599e5e7c5460fa0cb528eecbe6155519af242ae8ee926df5146f9

          SHA512

          dab0377e28529b5ba0d773396b2546f6809cf51a7c5116600e70124ef40585ba9df887479554cca6d0b5af6410f10acfc7d4ec630956eec21689e5df654debb6

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Adlnwv.lnk
          Filesize

          1KB

          MD5

          b155bfea12ace40e84b80290cf0b2804

          SHA1

          2d703cf90cbd26e15403c9e2d7a3592ffe39c667

          SHA256

          b4c4802719d90e5908e561d9cbfbbfce8311ecfa2b3356960c07f5c859377de0

          SHA512

          8fa947034e3a1d750cf8838a9ced8c13288622561ee82335bc56fd606c6274fd5f6fa31a4992d8285bf86d5b86e9ba262b4e522bfe87126a4e0d1a95bee02e20

          Download Submit

        • \Users\Admin\AppData\Local\M4vvG\SystemPropertiesHardware.exe
          Filesize

          80KB

          MD5

          c63d722641c417764247f683f9fb43be

          SHA1

          948ec61ebf241c4d80efca3efdfc33fe746e3b98

          SHA256

          4759296b421d60c80db0bb112a30425e04883900374602e13ed97f7c03a49df2

          SHA512

          7223d1c81a4785ed790ec2303d5d9d7ebcae9404d7bf173b3145e51202564de9977e94ac10ab80c6fe49b5f697af3ec70dfd922a891915e8951b5a1b5841c8be

          Download Submit

        • \Users\Admin\AppData\Local\wb6j9bl\SndVol.exe
          Filesize

          267KB

          MD5

          c3489639ec8e181044f6c6bfd3d01ac9

          SHA1

          e057c90b675a6da19596b0ac458c25d7440b7869

          SHA256

          a632ef1a1490d31d76f13997ee56f4f75796bf9e366c76446857e9ae855f4103

          SHA512

          63b96c8afb8c3f5f969459531d3a543f6e8714d5ca1664c6bbb01edd9f5e850856931d7923f363c9dc7d8843deeaad69722d15993641d04e786e02184446c0c9

          Download Submit

        • \Users\Admin\AppData\Local\wb6j9bl\UxTheme.dll
          Filesize

          1.2MB

          MD5

          6af8e31475096e41634faf8635654b4a

          SHA1

          4d6c5931e6dbb6afc0372c5fd0db2f42d0979fb0

          SHA256

          6e75e5c265810c2afa412768a21daa47dff160a5511be62255d7712356693f0c

          SHA512

          ccf4c48a73e38c6aa58abbcf36ca4f99048e3e3aa9dbdad8fc2c14213d2368d98be2163a206455d8f4f5eeb2597556b990368a3e3c19e4ebf0ebd6209f88ad48

          Download Submit

        • memory/1200-28-0x0000000077CA0000-0x0000000077CA2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-47-0x0000000077A06000-0x0000000077A07000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-23-0x0000000002D80000-0x0000000002D87000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1200-26-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-27-0x0000000077B11000-0x0000000077B12000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-4-0x0000000077A06000-0x0000000077A07000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-38-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-5-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1200-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1660-46-0x000007FEF7D70000-0x000007FEF7EA1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1660-0-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1660-1-0x000007FEF7D70000-0x000007FEF7EA1000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1808-73-0x000007FEF7D80000-0x000007FEF7EB2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1808-78-0x000007FEF7D80000-0x000007FEF7EB2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2332-93-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2332-96-0x000007FEF7D80000-0x000007FEF7EB2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2476-61-0x000007FEF7EB0000-0x000007FEF7FE2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2476-56-0x000007FEF7EB0000-0x000007FEF7FE2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2476-55-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download