Overview

overview

10

Static

static

3

f2f48dd5ca...18.dll

windows7-x64

10

f2f48dd5ca...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-09-2024 19:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2f48dd5ca9402eba590e53b11d21a44_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    f2f48dd5ca9402eba590e53b11d21a44

  • SHA1

    cf4bc280cd7180d4fbb2dd42a6bc55b7d5ff7bd3

  • SHA256

    67a2f9c4d270e4a3a0d138c9942ffefcc2880639439886a18ba9de001a15d808

  • SHA512

    9c6ed03e708ee060e54b07b0ccf475169701a3858866639e02774a4172cfc1b9a5610b668acc9cd36f88cebf8d1827f07e5f55a8945344e09b3bb9b9be3a4503

  • SSDEEP

    24576:yuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:a9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f48dd5ca9402eba590e53b11d21a44_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2212
  • C:\Windows\system32\mmc.exe
    C:\Windows\system32\mmc.exe
    1⤵
      PID:2624
    • C:\Users\Admin\AppData\Local\Fzx\mmc.exe
      C:\Users\Admin\AppData\Local\Fzx\mmc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2620
    • C:\Windows\system32\PresentationSettings.exe
      C:\Windows\system32\PresentationSettings.exe
      1⤵
        PID:1916
      • C:\Users\Admin\AppData\Local\4c2mfuv\PresentationSettings.exe
        C:\Users\Admin\AppData\Local\4c2mfuv\PresentationSettings.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2432
      • C:\Windows\system32\msdtc.exe
        C:\Windows\system32\msdtc.exe
        1⤵
          PID:2836
        • C:\Users\Admin\AppData\Local\Irf4ONKKD\msdtc.exe
          C:\Users\Admin\AppData\Local\Irf4ONKKD\msdtc.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2892

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\4c2mfuv\WINMM.dll
          Filesize

          1.2MB

          MD5

          049e382641475257dece1aadbd8bb662

          SHA1

          8f1a4488e312194b10ea7e4557abcfa80c576132

          SHA256

          51168f350f5a87538f123e7e8ceb4be9d4ba20302ebf007b0329c8945ab5a7ee

          SHA512

          b7c7a12565f7bb9b301679077c79458648f18210f1facb753a8f28eca113811b8c97cd96fc4d81a53bcaedff3760a75ccb5cb8c0b9b2139c6d7cd50de6d0cfa1

          Download Submit

        • C:\Users\Admin\AppData\Local\Fzx\UxTheme.dll
          Filesize

          1.2MB

          MD5

          7352bae716472148d22a90ede44f9df2

          SHA1

          f8c0d00c460813eec50d6d562f60fc8885b563fd

          SHA256

          e5fc7437e12cc9f8398282a7faad420e565c8ec436c052a6ed062ff93315d798

          SHA512

          0c0a67e57418faf555fcd392b7cc261c852906650ed32eb437f8da379e644018d3557005417313f71a1bc5531be256915f1c195d61c55820b48da54e46b82582

          Download Submit

        • C:\Users\Admin\AppData\Local\Fzx\mmc.exe
          Filesize

          2.0MB

          MD5

          9fea051a9585f2a303d55745b4bf63aa

          SHA1

          f5dc12d658402900a2b01af2f018d113619b96b8

          SHA256

          b212e59e4c7fe77f6f189138d9d8b151e50eb83a35d6eadfb1e4bb0b4262c484

          SHA512

          beba79f0b6710929871fbdf378d3c0a41f230ac30cbfa87173f7b77c35e06425f48db42ed3b16d5d9bcb7ef0098dffcd0d2947da8fb7ec1136ea62205f1afc76

          Download Submit

        • C:\Users\Admin\AppData\Local\Irf4ONKKD\VERSION.dll
          Filesize

          1.2MB

          MD5

          4282e29f3a352ba73963d3695300bd46

          SHA1

          5396ed62ad8018f902305dfe1509226072c49946

          SHA256

          436ab40434e002a2e92f50e09f53932af36351d890029afec68d1799178f647d

          SHA512

          76975d9462d1f76b6b133fa87af2ec265e3c55cb8891fe221ef1faba93d79591075689ae606b2f5ef0db23aecd31bae323f7c5f54bc0d34fc6ff0a0ddae39ae1

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Gwifj.lnk
          Filesize

          1KB

          MD5

          d341619bc1f1cde28c45b8e2ddeeb31b

          SHA1

          f0ceb198e36cf9d7f1bc4495e3c981e3aae855be

          SHA256

          e038f0b1c1b0dcd29838d0742bb2369a445be0d54231fa96e07e83a32aeff3cd

          SHA512

          a7c52cf79b2091d93bdfe23b97a699b08f95fb182b971a80920a18f199ef866156e307e3e719bceb525565651994e2c109aecc6741782e321b281887533bbb84

          Download Submit

        • \Users\Admin\AppData\Local\4c2mfuv\PresentationSettings.exe
          Filesize

          172KB

          MD5

          a6f8d318f6041334889481b472000081

          SHA1

          b8cf08ec17b30c8811f2514246fcdff62731dd58

          SHA256

          208b94fd66a6ce266c3195f87029a41a0622fff47f2a5112552cb087adbb1258

          SHA512

          60f70fa8a19e6ea6f08f4907dd7fede3665ad3f2e013d49f6649442ea5871a967b9a53ec4d3328a06cb83b69be1b7af1bb14bf122b568bd1f8432ee1d0bfee69

          Download Submit

        • \Users\Admin\AppData\Local\Irf4ONKKD\msdtc.exe
          Filesize

          138KB

          MD5

          de0ece52236cfa3ed2dbfc03f28253a8

          SHA1

          84bbd2495c1809fcd19b535d41114e4fb101466c

          SHA256

          2fbbec4cacb5161f68d7c2935852a5888945ca0f107cf8a1c01f4528ce407de3

          SHA512

          69386134667626c60c99d941c8ab52f8e5235e3897b5af76965572287afd5dcd42b8207a520587844a57a268e4decb3f3c550e5b7a06230ee677dc5e40c50bb3

          Download Submit

        • memory/1208-15-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-47-0x00000000773A6000-0x00000000773A7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-12-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-14-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-13-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-17-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-30-0x0000000077640000-0x0000000077642000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1208-29-0x00000000774B1000-0x00000000774B2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-26-0x0000000002A90000-0x0000000002A97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1208-25-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-16-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-4-0x00000000773A6000-0x00000000773A7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-37-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-39-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-5-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-11-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-7-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-8-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-10-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1208-9-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2212-46-0x000007FEF6350000-0x000007FEF6481000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2212-0-0x00000000002A0000-0x00000000002A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2212-1-0x000007FEF6350000-0x000007FEF6481000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2432-73-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2432-74-0x000007FEF6350000-0x000007FEF6483000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2432-79-0x000007FEF6350000-0x000007FEF6483000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2620-61-0x000007FEF6290000-0x000007FEF63C2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2620-56-0x000007FEF6290000-0x000007FEF63C2000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2620-55-0x0000000001B30000-0x0000000001B37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2892-91-0x000007FEF6100000-0x000007FEF6232000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2892-96-0x000007FEF6100000-0x000007FEF6232000-memory.dmp

          Filesize

          1.2MB

          Download