Overview

overview

10

Static

static

3

f286092e8f...18.dll

windows7-x64

10

f286092e8f...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-09-2024 17:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f286092e8fe5d17abc765a52b10751ab_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    f286092e8fe5d17abc765a52b10751ab

  • SHA1

    b61edfebd10a23144d9a57f18ab23793a03e3acb

  • SHA256

    3669fd31aaec1ed1c3de1f93b27b2b662ccc5c02957edca53da6f7a7072488f3

  • SHA512

    75c27d2e52dd9cb29770da557d3360229d213871c70ba84dfab092eaabe1a42c1a363b66207a8b1d0d95ba7cf0a541be95cf40f781455df29be75a7a24ecfed2

  • SSDEEP

    24576:HVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:HV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f286092e8fe5d17abc765a52b10751ab_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2280
  • C:\Windows\system32\Utilman.exe
    C:\Windows\system32\Utilman.exe
    1⤵
      PID:3576
    • C:\Users\Admin\AppData\Local\vGGeHO\Utilman.exe
      C:\Users\Admin\AppData\Local\vGGeHO\Utilman.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4344
    • C:\Windows\system32\rdpinput.exe
      C:\Windows\system32\rdpinput.exe
      1⤵
        PID:4084
      • C:\Users\Admin\AppData\Local\L0mBRes\rdpinput.exe
        C:\Users\Admin\AppData\Local\L0mBRes\rdpinput.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2452
      • C:\Windows\system32\CloudNotifications.exe
        C:\Windows\system32\CloudNotifications.exe
        1⤵
          PID:4224
        • C:\Users\Admin\AppData\Local\a5UD\CloudNotifications.exe
          C:\Users\Admin\AppData\Local\a5UD\CloudNotifications.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:764

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\L0mBRes\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          8349be4942108af497196b1e900488c2

          SHA1

          af783dd7ec4c75a7446b44bd56a626cae190244f

          SHA256

          e974d680e671b54b27a5d84b305fe2458fa9dffc01f68434dc0bc91341517328

          SHA512

          8d9a7ebe5673d7652634edadd22c40a212961206c56ec624e9523d182a5748ed91a70fc6c375a97b475bd410647bad57c82293f0ce5ecd505e685da1d4ac7c7e

          Download Submit

        • C:\Users\Admin\AppData\Local\L0mBRes\rdpinput.exe
          Filesize

          180KB

          MD5

          bd99eeca92869f9a3084d689f335c734

          SHA1

          a2839f6038ea50a4456cd5c2a3ea003e7b77688c

          SHA256

          39bfb2214efeed47f4f5e50e6dff05541e29caeb27966520bdadd52c3d5e7143

          SHA512

          355433c3bbbaa3bcb849633d45713d8a7ac6f87a025732fbe83e259ec3a0cb4eabb18239df26609453f9fc6764c7276c5d0472f11cf12d15ef806aa7594d090e

          Download Submit

        • C:\Users\Admin\AppData\Local\a5UD\CloudNotifications.exe
          Filesize

          59KB

          MD5

          b50dca49bc77046b6f480db6444c3d06

          SHA1

          cc9b38240b0335b1763badcceac37aa9ce547f9e

          SHA256

          96e7e1a3f0f4f6fc6bda3527ab8a739d6dfcab8e534aa7a02b023daebb3c0775

          SHA512

          2a0504ca336e86b92b2f5eff1c458ebd9df36c496331a7247ef0bb8b82eabd86ade7559ddb47ca4169e8365a97e80e5f1d3c1fc330364dea2450608bd692b1d3

          Download Submit

        • C:\Users\Admin\AppData\Local\a5UD\UxTheme.dll
          Filesize

          1.2MB

          MD5

          7b33b8023c41bab6cce6a4bd8940cc0c

          SHA1

          8fad21f05ca23b464c1f8f8dfaeed6ce40e4bb9f

          SHA256

          b8b1f7bb29467f6d55030812b8b576de14ebd5ecdd80610ce438931cf6e3b704

          SHA512

          d8939177680a2634e474cfcb57a85a463fb725fd49b8bdac77da3acd1818aa37b95f03bb4a46d23fd6ff0eac8f178e48d3ae8dcc3c53d2831e2e9fe8442121d2

          Download Submit

        • C:\Users\Admin\AppData\Local\vGGeHO\OLEACC.dll
          Filesize

          1.2MB

          MD5

          6da9ca908979329bb755e2355827c4f4

          SHA1

          6206405900678d3db1e7a35914d17efc54146115

          SHA256

          0f37f39d5bd088fbb4246fb3d08d053ec48d3c2a1a445129fc2914357a402d37

          SHA512

          99f4145ba8dc7f3e3e41c6a45b47da4da7cb4a5d515870229e757b1be61e408363460ef98ed87c27d8761a751745ce820253ecef0d8280673763e3c73be542f4

          Download Submit

        • C:\Users\Admin\AppData\Local\vGGeHO\Utilman.exe
          Filesize

          123KB

          MD5

          a117edc0e74ab4770acf7f7e86e573f7

          SHA1

          5ceffb1a5e05e52aafcbc2d44e1e8445440706f3

          SHA256

          b5bc4fce58403ea554691db678e6c8c448310fe59990990f0e37cd4357567d37

          SHA512

          72883f794ff585fe7e86e818d4d8c54fa9781cab6c3fac6f6956f58a016a91f676e70d14691cbe054ae7b7469c6b4783152fbb694e92b940d9e3595fe3f41d97

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pvdelpvduyz.lnk
          Filesize

          1KB

          MD5

          8e700444da51fb38603721e8394baa31

          SHA1

          fd42798349a2a1a18476c3c274e22aa8a06250cc

          SHA256

          8e86e78751838e4d2d678e1418fa6965757e3f430eeff37976625576c760f296

          SHA512

          451cb77087f0ee9d44bae71e7396349b798671715635c7e2962eec331795b7d198e8c0303a4b07a8c569edd8a42a98176d9a07f95652902d7a0aaf7df53d77a4

          Download Submit

        • memory/764-86-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/764-83-0x000001EF96880000-0x000001EF96887000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2280-0-0x0000019B52AD0000-0x0000019B52AD7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2280-39-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2280-1-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2452-63-0x0000019FFAE10000-0x0000019FFAE17000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2452-69-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-31-0x00007FF8EEEF0000-0x00007FF8EEF00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3404-36-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-9-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-8-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-11-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-12-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-14-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-4-0x0000000003000000-0x0000000003001000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3404-6-0x00007FF8EEA9A000-0x00007FF8EEA9B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3404-7-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-13-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-16-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-30-0x0000000000FF0000-0x0000000000FF7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3404-10-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-25-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3404-15-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4344-52-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4344-47-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4344-46-0x0000016E5DD70000-0x0000016E5DD77000-memory.dmp

          Filesize

          28KB

          Download