Overview

overview

10

Static

static

3

f2f48dd5ca...18.dll

windows7-x64

10

f2f48dd5ca...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-09-2024 19:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2f48dd5ca9402eba590e53b11d21a44_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    f2f48dd5ca9402eba590e53b11d21a44

  • SHA1

    cf4bc280cd7180d4fbb2dd42a6bc55b7d5ff7bd3

  • SHA256

    67a2f9c4d270e4a3a0d138c9942ffefcc2880639439886a18ba9de001a15d808

  • SHA512

    9c6ed03e708ee060e54b07b0ccf475169701a3858866639e02774a4172cfc1b9a5610b668acc9cd36f88cebf8d1827f07e5f55a8945344e09b3bb9b9be3a4503

  • SSDEEP

    24576:yuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:a9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f48dd5ca9402eba590e53b11d21a44_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2904
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4212,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:8
    1⤵
      PID:5048
    • C:\Windows\system32\MusNotificationUx.exe
      C:\Windows\system32\MusNotificationUx.exe
      1⤵
        PID:1888
      • C:\Users\Admin\AppData\Local\6KHesE3\MusNotificationUx.exe
        C:\Users\Admin\AppData\Local\6KHesE3\MusNotificationUx.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3024
      • C:\Windows\system32\shrpubw.exe
        C:\Windows\system32\shrpubw.exe
        1⤵
          PID:3636
        • C:\Users\Admin\AppData\Local\zIp319w\shrpubw.exe
          C:\Users\Admin\AppData\Local\zIp319w\shrpubw.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2476
        • C:\Windows\system32\GamePanel.exe
          C:\Windows\system32\GamePanel.exe
          1⤵
            PID:4360
          • C:\Users\Admin\AppData\Local\nXEH\GamePanel.exe
            C:\Users\Admin\AppData\Local\nXEH\GamePanel.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:916

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\6KHesE3\MusNotificationUx.exe
            Filesize

            615KB

            MD5

            869a214114a81712199f3de5d69d9aad

            SHA1

            be973e4188eff0d53fdf0e9360106e8ad946d89f

            SHA256

            405c2df9a36d7cfb5c8382c96f04792eb88c11a6cfa36b1d2ec3e0bec8d17361

            SHA512

            befcdeb8de6e68b9ee0bacd4cbc80f7393a0213d4039b239c98585e0cd5db1755c75559a62372374cbfb7132b6a7973ea9e6a31952e0e0ba007079c56e6d9012

            Download Submit

          • C:\Users\Admin\AppData\Local\6KHesE3\XmlLite.dll
            Filesize

            1.2MB

            MD5

            672763f142780be47a1adaf4b99ea9de

            SHA1

            6cbe89c5a463d413e7aecbcf5ad6a5f848448af9

            SHA256

            3bedf391a5d2e505ee99b7d464427ea0ea4e993c403961084a93d7ce41ebc491

            SHA512

            455bd57d081b5180e6c75da19f5f9b8cf02784b1281ddf4aabfb1cc00f47da579511b51e7484345a03fa4ba464c26c8f668591ec3f2b94ad5a9f9e2b5a04a9bb

            Download Submit

          • C:\Users\Admin\AppData\Local\nXEH\GamePanel.exe
            Filesize

            1.2MB

            MD5

            266f6a62c16f6a889218800762b137be

            SHA1

            31b9bd85a37bf0cbb38a1c30147b83671458fa72

            SHA256

            71f8f11f26f3a7c1498373f20f0f4cc960513d0383fe24906eeb1bc9678beecd

            SHA512

            b21d9b0656ab6bd3b158922722a332f07096ddd4215c802776c5807c9cf6ece40082dd986ea6867bdc8d22878ce035a5c8dfcc26cfae94aeee059701b6bf1e68

            Download Submit

          • C:\Users\Admin\AppData\Local\nXEH\dxgi.dll
            Filesize

            1.2MB

            MD5

            9532f9ddc3a72516f08198451332edbb

            SHA1

            ba6b6298e5f78b2e90ff8f1e1a61da5371d2478a

            SHA256

            636e81ac1a794d3cb28844ac5b61d9a103a85a3f3e6bd90c2ba3c7ab1b1cb617

            SHA512

            c68e01688164e0682f9f7ef23b766a524231742ae00fb9148e8a97eea45baa35945ebb3f87310b4235bfc0cc5b56a44f0c4a07eb300f53ffdd10a2cc025837db

            Download Submit

          • C:\Users\Admin\AppData\Local\zIp319w\MFC42u.dll
            Filesize

            1.2MB

            MD5

            b1888f4386abc3a8ca496e514e8a9623

            SHA1

            594b2c5d4212bdb1cc14b0526877811965279271

            SHA256

            e169313f2e9a5f6200d971e47ada50904a023ae7e18b83d53576b66af5d67262

            SHA512

            3bfa844c9b4e0c81c600efbbe7773f8e62ed14e1746ed15d551e91f0d5bc6338f9f1c539879892e89d4b260116352918b6ec0466e69015048ae0a900a40d5df1

            Download Submit

          • C:\Users\Admin\AppData\Local\zIp319w\shrpubw.exe
            Filesize

            59KB

            MD5

            9910d5c62428ec5f92b04abf9428eec9

            SHA1

            05f27d7515e8ae1fa3bc974ec65b864ec4c9ac8b

            SHA256

            6b84e6e55d8572d7edf0b6243d00abb651fcb0cddddac8461de5f9bb80035a2e

            SHA512

            01be043f7ff879a683e53962eec58456ba200d6787ea66581bb62669ae65d5e58a5577cdf23441165f7a535fce1dec933e3ad2465c72172b4a1488b24ce722cb

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Jmybglakcar.lnk
            Filesize

            1KB

            MD5

            45a77a979783c20651a05d5c1b9e73d3

            SHA1

            3ddc8df2671285fdb7a0aba3765ab1bffe822a9f

            SHA256

            c88f59359d175e560a401ea241c4352df525f9e2993715efd211d10bce37e102

            SHA512

            8e8327324906beadda3d8d9a8ada1547166570caa01737eb4f08ade3ddcc7b3d46fca3a1ef298c7be4845b6e5c5decab7c9b0886533c8a29dc42919bc6fc1a4e

            Download Submit

          • memory/916-85-0x00007FFBEE980000-0x00007FFBEEAB2000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2476-69-0x00007FFBEE980000-0x00007FFBEEAB8000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2476-66-0x00000189EA500000-0x00000189EA507000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2476-63-0x00007FFBEE980000-0x00007FFBEEAB8000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2904-0-0x000001CDEB290000-0x000001CDEB297000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2904-39-0x00007FFBFE580000-0x00007FFBFE6B1000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/2904-1-0x00007FFBFE580000-0x00007FFBFE6B1000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3024-52-0x00007FFBEE980000-0x00007FFBEEAB2000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3024-46-0x00007FFBEE980000-0x00007FFBEEAB2000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3024-49-0x000001DC1B290000-0x000001DC1B297000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3420-36-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-4-0x0000000002800000-0x0000000002801000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3420-8-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-10-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-11-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-12-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-13-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-14-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-15-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-16-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-26-0x00000000027E0000-0x00000000027E7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3420-25-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-30-0x00007FFC0D1B0000-0x00007FFC0D1C0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3420-17-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-9-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-7-0x0000000140000000-0x0000000140131000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3420-6-0x00007FFC0D11A000-0x00007FFC0D11B000-memory.dmp

            Filesize

            4KB

            Download