Overview

overview

10

Static

static

3

f0f02efa00...18.dll

windows7-x64

10

f0f02efa00...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-09-2024 00:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f0f02efa0024435c1edf094743b7cdf6_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    f0f02efa0024435c1edf094743b7cdf6

  • SHA1

    57dfa6f63f794f897e53b0eb582ef76e1a646ae0

  • SHA256

    f5c4a8d100074c8177cd39eb29e743cc48d5cc1b9eb17773c79b1465c0f0278d

  • SHA512

    196c9db8e6c57c7c6680869c4099c10b844cea7d73b6f9eb489e3948344a0870f498a7f64750bd60251496195a11ccd99359250fee16b8ea424fb2c93b51cece

  • SSDEEP

    24576:NyTonNVlKTt/Q5ECvVP7hpJMvjtKpvPf9+m6kLRqgSyI:NyWRKTt/QlPVp3h9

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f0f02efa0024435c1edf094743b7cdf6_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3104
  • C:\Windows\system32\CameraSettingsUIHost.exe
    C:\Windows\system32\CameraSettingsUIHost.exe
    1⤵
      PID:2036
    • C:\Users\Admin\AppData\Local\GLpMm7m\CameraSettingsUIHost.exe
      C:\Users\Admin\AppData\Local\GLpMm7m\CameraSettingsUIHost.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2020
    • C:\Windows\system32\SystemSettingsAdminFlows.exe
      C:\Windows\system32\SystemSettingsAdminFlows.exe
      1⤵
        PID:3568
      • C:\Users\Admin\AppData\Local\EwWU\SystemSettingsAdminFlows.exe
        C:\Users\Admin\AppData\Local\EwWU\SystemSettingsAdminFlows.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1100
      • C:\Windows\system32\ApplySettingsTemplateCatalog.exe
        C:\Windows\system32\ApplySettingsTemplateCatalog.exe
        1⤵
          PID:1228
        • C:\Users\Admin\AppData\Local\86Xjgih\ApplySettingsTemplateCatalog.exe
          C:\Users\Admin\AppData\Local\86Xjgih\ApplySettingsTemplateCatalog.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4764

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\86Xjgih\ACTIVEDS.dll
          Filesize

          1.2MB

          MD5

          8400b2e19900a49ac94a86dd8b934a47

          SHA1

          e36bd7ff3fc7b059302883705bccfbfa922af75b

          SHA256

          82c6bd49095593eeab037f5068ddc04ab57693d2153809ea7d9026875edbd34d

          SHA512

          f28744e475df960ce6c7358b677bbda026eb7e57ac79211b9fa61bfce85715a4159fea43e2bf6a9716a34db96972e5f10a1214da6217fb4e697d1f9fd94d3345

          Download Submit

        • C:\Users\Admin\AppData\Local\86Xjgih\ApplySettingsTemplateCatalog.exe
          Filesize

          1.1MB

          MD5

          13af41b1c1c53c7360cd582a82ec2093

          SHA1

          7425f893d1245e351483ab4a20a5f59d114df4e1

          SHA256

          a462f29efaaa3c30411e76f32608a2ba5b7d21af3b9804e5dda99e342ba8c429

          SHA512

          c7c82acef623d964c520f1a458dbfe34099981de0b781fb56e14b1f82632e3a8437db6434e7c20988aa3b39efde47aab8d188e80845e841a13e74b079285706a

          Download Submit

        • C:\Users\Admin\AppData\Local\EwWU\DUI70.dll
          Filesize

          1.5MB

          MD5

          bdeaeadd9a41fbe291f14b706736c081

          SHA1

          1ef618710cc05b96b40bd5852bfe0303875b7ea5

          SHA256

          32ef75d8e2490fff60fe1d9aada1ecb0978623f42977a162133e2a455c7f3a42

          SHA512

          41fa5696a934cfd01c5e2ee3e74d8f9ffeab46a14fa21ec0435835d88b8df157fdcf1320ae36c0f0f7cc87b1896437dfa0047de06b1d5980bf07c6ef49cf8702

          Download Submit

        • C:\Users\Admin\AppData\Local\EwWU\SystemSettingsAdminFlows.exe
          Filesize

          506KB

          MD5

          50adb2c7c145c729b9de8b7cf967dd24

          SHA1

          a31757f08da6f95156777c1132b6d5f1db3d8f30

          SHA256

          a7a2e7122d27308df37b7ab718ef3ac239e4216669f51331e34e205f59fb0aec

          SHA512

          715b4c93e79e896da1cf86cf4455a84cba1aeac34b6fd72d2afdf203a2034f6f8fac1d6501f0dd277a17bd1d7ab73ddd1887e01a99f2d26f39efeb94d0aac9b0

          Download Submit

        • C:\Users\Admin\AppData\Local\GLpMm7m\CameraSettingsUIHost.exe
          Filesize

          31KB

          MD5

          9e98636523a653c7a648f37be229cf69

          SHA1

          bd4da030e7cf4d55b7c644dfacd26b152e6a14c4

          SHA256

          3bf20bc5a208dfa1ea26a042fd0010b1268dcfedc94ed775f11890bc1d95e717

          SHA512

          41966166e2ddfe40e6f4e6da26bc490775caac9997465c6dd94ba6a664d3a797ffc2aa5684c95702e8657e5cea62a46a75aee3e7d5e07a47dcaaa5c4da565e78

          Download Submit

        • C:\Users\Admin\AppData\Local\GLpMm7m\DUI70.dll
          Filesize

          1.5MB

          MD5

          09b17bd66a1176dfa825abea67e7bf10

          SHA1

          a6134664d494b9f9b127e5e5be18a0326d76fe70

          SHA256

          9fa35e0973be475daaa07195bbcf414fb61b5f51950f510f8cf7bb9894076fc6

          SHA512

          e0886fe5742512e809e239f878caae9d6d4ca032b2a651c35ac849b9d1f4fe93684915f986b5cf8b571092131e17a12afa040ea446ba9c8905021611aabd5835

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Plbydas.lnk
          Filesize

          1KB

          MD5

          73b6903ae261fa6dceccaa646d1b3039

          SHA1

          70be39d30ea1fd58552370f5f886b66c8787fa8e

          SHA256

          e71053417df0623d133c2fb24e8ab3a2d47b2933a268103dba46c72c4c258683

          SHA512

          a89fb8b79be55f7bbb80f2518317284ab3006477203c782cb33ff550ebcd76586b23458fc5a05ee9a22065d62fc4d1fe691231694454703ced0cbbcd1b36738b

          Download Submit

        • memory/1100-68-0x0000000140000000-0x0000000140189000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1100-62-0x00000230DA2A0000-0x00000230DA2A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2020-51-0x0000000140000000-0x0000000140189000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2020-48-0x0000010186930000-0x0000010186937000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2020-45-0x0000000140000000-0x0000000140189000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3104-1-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3104-0-0x000001F548E20000-0x000001F548E27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3104-38-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-34-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-37-0x00007FF8A8010000-0x00007FF8A8020000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3380-14-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-15-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-8-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-9-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-10-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-11-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-33-0x0000000001110000-0x0000000001117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3380-7-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-24-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-13-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-12-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3380-4-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3380-6-0x00007FF8A696A000-0x00007FF8A696B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4764-79-0x0000022679600000-0x0000022679607000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4764-85-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4764-80-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download