Overview

overview

10

Static

static

3

e8b8a00279...18.dll

windows7-x64

10

e8b8a00279...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2024 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8b8a0027996e15a3fd8e3bb55f082f6_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    e8b8a0027996e15a3fd8e3bb55f082f6

  • SHA1

    fa6157e38d9e14774b12b52d599b516e05ba3ed6

  • SHA256

    77ccaeda8a23dc24a8d57f41db284d1cadac6c9ba46781728fb31e0102eb874d

  • SHA512

    b8cdb6f404cf34f05afcb5a948b9ba1c3e7f615cf9f1beaddb6ff3632e0d00187ed97967a56eada005c2862368c50f4aeb08185ca8c0136bbfbaa7b85305f242

  • SSDEEP

    24576:PuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NMt:x9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e8b8a0027996e15a3fd8e3bb55f082f6_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4612
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3956,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=3988 /prefetch:8
    1⤵
      PID:3344
    • C:\Windows\system32\dpapimig.exe
      C:\Windows\system32\dpapimig.exe
      1⤵
        PID:4592
      • C:\Users\Admin\AppData\Local\W3ijm3d\dpapimig.exe
        C:\Users\Admin\AppData\Local\W3ijm3d\dpapimig.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2796
      • C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
        C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
        1⤵
          PID:3296
        • C:\Users\Admin\AppData\Local\aFqptdISu\SystemPropertiesDataExecutionPrevention.exe
          C:\Users\Admin\AppData\Local\aFqptdISu\SystemPropertiesDataExecutionPrevention.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2180
        • C:\Windows\system32\MusNotificationUx.exe
          C:\Windows\system32\MusNotificationUx.exe
          1⤵
            PID:4220
          • C:\Users\Admin\AppData\Local\IhNa\MusNotificationUx.exe
            C:\Users\Admin\AppData\Local\IhNa\MusNotificationUx.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:3516

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\IhNa\MusNotificationUx.exe
            Filesize

            615KB

            MD5

            869a214114a81712199f3de5d69d9aad

            SHA1

            be973e4188eff0d53fdf0e9360106e8ad946d89f

            SHA256

            405c2df9a36d7cfb5c8382c96f04792eb88c11a6cfa36b1d2ec3e0bec8d17361

            SHA512

            befcdeb8de6e68b9ee0bacd4cbc80f7393a0213d4039b239c98585e0cd5db1755c75559a62372374cbfb7132b6a7973ea9e6a31952e0e0ba007079c56e6d9012

            Download Submit

          • C:\Users\Admin\AppData\Local\IhNa\XmlLite.dll
            Filesize

            1.2MB

            MD5

            3c0766433248fd28e1b781aad3854c2b

            SHA1

            fea48611ecc4fc6ab1d5ab94e993dbc382a58620

            SHA256

            e2321ab5dc250e98f155f9cd10942117ceee1030d522b8f95dfb96fa7e703afc

            SHA512

            bf30511c31dc3763859b7c07477e7efa58e8b92305c763aea9ee2ef05165d54ead5d9a718a7f09be4f1928e378af86db04e45ad83327a4a4b8462d95e960293c

            Download Submit

          • C:\Users\Admin\AppData\Local\W3ijm3d\DUI70.dll
            Filesize

            1.4MB

            MD5

            73f4c08f5337a81f04bedae34b4516ad

            SHA1

            d6d1c28c471621bd50e4b83f22f1b7b2d227353b

            SHA256

            9ea508ba664f587d816e922af9937b9543bff0dda61a9c5cbd6f5e068b4f10f4

            SHA512

            8b1239d327bc39f951d1872843234b33540567e23fa26acfd3389d8d3155cc8fa304fd244b160086a4c3a03d79b8b29637e8cab4d2687298e0914d78d17e9517

            Download Submit

          • C:\Users\Admin\AppData\Local\W3ijm3d\dpapimig.exe
            Filesize

            76KB

            MD5

            b6d6477a0c90a81624c6a8548026b4d0

            SHA1

            e6eac6941d27f76bbd306c2938c0a962dbf1ced1

            SHA256

            a8147d08b82609c72d588a0a604cd3c1f2076befcc719d282c7cbd6525ae89eb

            SHA512

            72ec8b79e3438f0f981129a323ad39db84df7dd14a796a820bdbc74ea8fa13eee843d1ea030a0c1caeda2e2d69952f14a821a73825b38dd9415047aca597b1fe

            Download Submit

          • C:\Users\Admin\AppData\Local\aFqptdISu\SYSDM.CPL
            Filesize

            1.2MB

            MD5

            39c548897ca4b80c53d229c413fcd53c

            SHA1

            8d46a79ffa8cf921085f24c2cd807b41e4e3fb11

            SHA256

            6ef31105dd9bb75b3682154dcc63c8c61ad065de57dfc406fcb02b304dcc09f5

            SHA512

            37daf79d4e09cd9e61b135d8f96d54e620b376d1318245deb25000e274595c5b03c6d583054fe91fc04235e79639c2d8bc0b4bb4b3365ffd3a0de61de3a8347d

            Download Submit

          • C:\Users\Admin\AppData\Local\aFqptdISu\SystemPropertiesDataExecutionPrevention.exe
            Filesize

            82KB

            MD5

            de58532954c2704f2b2309ffc320651d

            SHA1

            0a9fc98f4d47dccb0b231edf9a63309314f68e3b

            SHA256

            1f810658969560f6e7d7a14f71d1196382e53b984ca190fa9b178ac4a32acfb3

            SHA512

            d4d57cc30d9079f4e9193ba42631e8e53d86b22e9c655d7a8c25e5be0e5e1d6dfff4714ddc23e3e392809d623b4f8d43c63893f74c325fc77459ac03c7a451ed

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Jmybglakcar.lnk
            Filesize

            1KB

            MD5

            7e4984f6996ecd70719f5bb6f7a7d590

            SHA1

            cc18bac9d6f846f838f8eb084b6fb432a82be2f9

            SHA256

            e3d768ae442c7629de4779c964813479ca5d9f1a8f875613afce57ff283f7399

            SHA512

            cccdc854a11f4070010484e375dbb4eb0a53de93fd36e1860e62c838cdad07d583caa162569121ed0aef93f104588da64a73f197f39e7c6255a8997e24eb856c

            Download Submit

          • memory/2180-63-0x000001F3C83A0000-0x000001F3C83A7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2180-64-0x00007FFC74E60000-0x00007FFC74F92000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2180-69-0x00007FFC74E60000-0x00007FFC74F92000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2796-52-0x00007FFC74E20000-0x00007FFC74F97000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/2796-46-0x00007FFC74E20000-0x00007FFC74F97000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/2796-49-0x0000013636350000-0x0000013636357000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3428-36-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-14-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-10-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-9-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-8-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-7-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-6-0x00007FFC924FA000-0x00007FFC924FB000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3428-12-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-13-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-15-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-17-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-25-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-4-0x00000000029D0000-0x00000000029D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3428-29-0x0000000001110000-0x0000000001117000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3428-30-0x00007FFC92E70000-0x00007FFC92E80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3428-16-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3428-11-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3516-80-0x00000221E3D90000-0x00000221E3D97000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3516-86-0x00007FFC74E60000-0x00007FFC74F92000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4612-3-0x000001A5D0D00000-0x000001A5D0D07000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4612-39-0x00007FFC83FB0000-0x00007FFC840E1000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4612-0-0x00007FFC83FB0000-0x00007FFC840E1000-memory.dmp

            Filesize

            1.2MB

            Download