Overview

overview

10

Static

static

3

f75490824e...18.dll

windows7-x64

10

f75490824e...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-09-2024 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f75490824ea7885a46cfa2189a6cf3dc_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    f75490824ea7885a46cfa2189a6cf3dc

  • SHA1

    d423fd6f9fa55cfcca264b2d945ed51a3a2c4460

  • SHA256

    b8cb3e56aee18f41870fc969d549df5364002f4ce1a6192694d2e2acb9b06754

  • SHA512

    e6329b4ec086e3a19d144ac70a499b23409e2ebee762e66dc65104cdad9057ca420360c26e4340b9c22bcc396e0255e593cf6a01787a3fd3ca811eedfeb4e3e8

  • SSDEEP

    24576:HVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:HV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f75490824ea7885a46cfa2189a6cf3dc_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2340
  • C:\Windows\system32\perfmon.exe
    C:\Windows\system32\perfmon.exe
    1⤵
      PID:3016
    • C:\Users\Admin\AppData\Local\Ewe\perfmon.exe
      C:\Users\Admin\AppData\Local\Ewe\perfmon.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2800
    • C:\Windows\system32\mspaint.exe
      C:\Windows\system32\mspaint.exe
      1⤵
        PID:2116
      • C:\Users\Admin\AppData\Local\aWAvwbJ\mspaint.exe
        C:\Users\Admin\AppData\Local\aWAvwbJ\mspaint.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2224
      • C:\Windows\system32\msinfo32.exe
        C:\Windows\system32\msinfo32.exe
        1⤵
          PID:2024
        • C:\Users\Admin\AppData\Local\aDnvr4w\msinfo32.exe
          C:\Users\Admin\AppData\Local\aDnvr4w\msinfo32.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2192

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Ewe\credui.dll
          Filesize

          1.2MB

          MD5

          f129d2f5010cf0676e3583b2bcd2ed8b

          SHA1

          7a9ecd2f3eb00c138129e43acf5986af18bb0834

          SHA256

          a63d4cde547774598e149bfa452342aa57f60a96f2a4f3fd61232abd0e85f046

          SHA512

          b2d0f54107017acbac89962829c2896d1b8d4a9025d5d0d2dd71d64fb6f405e5652fddd6315f1c786ac0c7a238a134e42890cbf896c9932408858f6b17285c81

          Download Submit

        • C:\Users\Admin\AppData\Local\aDnvr4w\MFC42u.dll
          Filesize

          1.3MB

          MD5

          dd638d7178c7e77a26a7234dc3352b46

          SHA1

          5d643cc59a9b7dd05500d98e314584a6974c8c85

          SHA256

          a82c43d967a34d11434bc41aebdbee91411214f3fe635c2603d343863127060d

          SHA512

          e847d0148daf7f405f9f58b7eb8731ba81b85db6908f756857246ac860fd3ad3c916b75cd9945e77a54f1a1d2111e1f96bd357be6a416bfad199588ce3df2130

          Download Submit

        • C:\Users\Admin\AppData\Local\aWAvwbJ\WINMM.dll
          Filesize

          1.2MB

          MD5

          fa26085d1a229ae694f9f54592678174

          SHA1

          b7d12370e9e161fe0e922d601ad3e2a0256e1af5

          SHA256

          f8cf042da189be0ee5743d213eb1fe92a6186f03e48e93564b9cac0aa6cd065d

          SHA512

          fef49d31746825f4c2531259c9e970cee176afcb98e07f41c3e73b176e12e16620b8db180926081d852b32149e085c4afd0487b64bebac7a23282492dd11b2a5

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Wzkhocxsoqdr.lnk
          Filesize

          1KB

          MD5

          899653bc06c6a7e7df618ee6f8317b98

          SHA1

          df36c9f042f02a4a6b2995408e757ea28e898013

          SHA256

          72a07ce5fb5264810d8039f4de02c6e59e09058993e4a2175e76c7ce312d7bcc

          SHA512

          5cd72e90f19fcfafa723f9cca978d0023b9c80290e30353e22db7f463c507a73dadc8611b00e62aca186c1fc5cf8f9f8628afca39022014c8e338b6a6ee2b5b2

          Download Submit

        • \Users\Admin\AppData\Local\Ewe\perfmon.exe
          Filesize

          168KB

          MD5

          3eb98cff1c242167df5fdbc6441ce3c5

          SHA1

          730b27a1c92e8df1e60db5a6fc69ea1b24f68a69

          SHA256

          6d8d5a244bb5a23c95653853fec3d04d2bdd2df5cff8cffb9848bddeb6adb081

          SHA512

          f42be2a52d97fd1db2ed5a1a1a81a186a0aab41204980a103df33a4190632ba03f3cbb88fcea8da7ed9a5e15f60732d49a924b025fe6d3e623195ec1d37dfb35

          Download Submit

        • \Users\Admin\AppData\Local\aDnvr4w\msinfo32.exe
          Filesize

          370KB

          MD5

          d291620d4c51c5f5ffa62ccdc52c5c13

          SHA1

          2081c97f15b1c2a2eadce366baf3c510da553cc7

          SHA256

          76e959dd7db31726c040d46cfa86b681479967aea36db5f625e80bd36422e8ae

          SHA512

          75f9bcce4c596dae1f4d78e13d9d53b0c31988d2170c3d9f5db352b8c8a1c8ca58f4a002b30a4b328b8f4769008b750b8a1c9fda44a582e11c3adc38345c334b

          Download Submit

        • \Users\Admin\AppData\Local\aWAvwbJ\mspaint.exe
          Filesize

          6.4MB

          MD5

          458f4590f80563eb2a0a72709bfc2bd9

          SHA1

          3f97dc3bd1467c710c6a8d26b97bb6cf47deb4c6

          SHA256

          ff923c051ae380bf30d749ebe9cf310ccab6572d84eb81b76fb1012bcbdf557f

          SHA512

          e34500658dbe105a704fff6988b75d13aa9931adfd585b8ce1f023c61abd573d58067ee1f43e80076729ba99c9a00c17eb8cfcfac9c3d271d76bd251ccab1681

          Download Submit

        • memory/1220-10-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-8-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-4-0x0000000076EC6000-0x0000000076EC7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1220-16-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-15-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-14-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-13-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-11-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-27-0x00000000770D1000-0x00000000770D2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1220-9-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-28-0x0000000077260000-0x0000000077262000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1220-37-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-38-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-5-0x0000000002220000-0x0000000002221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1220-47-0x0000000076EC6000-0x0000000076EC7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1220-26-0x0000000002200000-0x0000000002207000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1220-25-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-7-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1220-12-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2192-109-0x0000000140000000-0x000000014014A000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2192-114-0x0000000140000000-0x000000014014A000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2224-73-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2224-75-0x0000000140000000-0x0000000140145000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2224-78-0x0000000140000000-0x0000000140145000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2340-46-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2340-0-0x0000000000390000-0x0000000000397000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2340-1-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2800-61-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2800-56-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2800-55-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download