Overview

overview

10

Static

static

3

f75490824e...18.dll

windows7-x64

10

f75490824e...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-09-2024 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f75490824ea7885a46cfa2189a6cf3dc_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    f75490824ea7885a46cfa2189a6cf3dc

  • SHA1

    d423fd6f9fa55cfcca264b2d945ed51a3a2c4460

  • SHA256

    b8cb3e56aee18f41870fc969d549df5364002f4ce1a6192694d2e2acb9b06754

  • SHA512

    e6329b4ec086e3a19d144ac70a499b23409e2ebee762e66dc65104cdad9057ca420360c26e4340b9c22bcc396e0255e593cf6a01787a3fd3ca811eedfeb4e3e8

  • SSDEEP

    24576:HVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:HV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f75490824ea7885a46cfa2189a6cf3dc_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:220
  • C:\Windows\system32\msra.exe
    C:\Windows\system32\msra.exe
    1⤵
      PID:3624
    • C:\Users\Admin\AppData\Local\jg1A76y7e\msra.exe
      C:\Users\Admin\AppData\Local\jg1A76y7e\msra.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2908
    • C:\Windows\system32\mblctr.exe
      C:\Windows\system32\mblctr.exe
      1⤵
        PID:3236
      • C:\Users\Admin\AppData\Local\OA0\mblctr.exe
        C:\Users\Admin\AppData\Local\OA0\mblctr.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4720
      • C:\Windows\system32\unregmp2.exe
        C:\Windows\system32\unregmp2.exe
        1⤵
          PID:3616
        • C:\Users\Admin\AppData\Local\BV6aqmDX\unregmp2.exe
          C:\Users\Admin\AppData\Local\BV6aqmDX\unregmp2.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4904

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\BV6aqmDX\VERSION.dll
          Filesize

          1.2MB

          MD5

          baae7917baa177189049966e9a52e71c

          SHA1

          671081e02b340b3057d7f6d5769041c04a83b6eb

          SHA256

          1d6e6aac9eb85e521afc702e9e41e332b5ff088977df09041a537e6b55a55b00

          SHA512

          f1cb16acaccd1b4694383d65089eab98da8e3749d8cba4255abc7e0fd28e04ce849c628b9a330d058749dfe52edb6883af5067bbaab158b2bab23dae20ad470a

          Download Submit

        • C:\Users\Admin\AppData\Local\BV6aqmDX\unregmp2.exe
          Filesize

          259KB

          MD5

          a6fc8ce566dec7c5873cb9d02d7b874e

          SHA1

          a30040967f75df85a1e3927bdce159b102011a61

          SHA256

          21f41fea24dddc8a32f902af7b0387a53a745013429d8fd3f5fa6916eadc839d

          SHA512

          f83e17dd305eb1bc24cca1f197e2440f9b501eafb9c9d44ede7c88b1520030a87d059bdcb8eadeac1eaedabcbc4fe50206821965d73f0f6671e27edd55c01cbc

          Download Submit

        • C:\Users\Admin\AppData\Local\OA0\WINMM.dll
          Filesize

          1.2MB

          MD5

          a9fca37be4ceeaac5b44f24708891f53

          SHA1

          e908cdb5e572f9b2a9fcad0ebf3ad041d18a6023

          SHA256

          3925cbafd431d076c88f7df60d37921e59d0de5eeffb48bc55304a5fde067cae

          SHA512

          7d75ed93b21552c335e9456ef54a4bac3d2c0c901b3f4c310133d0e5f67de858ebe8c15e27593ce00220ac334aa2254d1166e3e5a7cddd6015a51e4cb6ed543f

          Download Submit

        • C:\Users\Admin\AppData\Local\OA0\mblctr.exe
          Filesize

          790KB

          MD5

          d3db14eabb2679e08020bcd0c96fa9f6

          SHA1

          578dca7aad29409634064579d269e61e1f07d9dd

          SHA256

          3baa1dc0756ebb0c2c70a31be7147863d8d8ba056c1aa7f979307f8790d1ff69

          SHA512

          14dc895ae458ff0ca13d9c27aa5b4cfc906d338603d43389bb5f4429be593a587818855d1fe938f9ebebf46467fb0c1ab28247e8f9f5357098e8b822ecd8fffe

          Download Submit

        • C:\Users\Admin\AppData\Local\jg1A76y7e\NDFAPI.DLL
          Filesize

          1.2MB

          MD5

          b0b0375e3e2b996818cb06c8679bdda3

          SHA1

          7e9fafd2a9725ee96fcdd49ee1d15c97b976c74e

          SHA256

          45074673e2656025dc8077b3fa500ebe75442a41d4835a9ba7b110ba5ab4db33

          SHA512

          4200039703175c12f0d116518f045675923fee10e9f17ee197f587728272f3ed1b1710408f75eae41a751c2e9e20b6c42778256563f7b7431249e4be0052e497

          Download Submit

        • C:\Users\Admin\AppData\Local\jg1A76y7e\msra.exe
          Filesize

          579KB

          MD5

          dcda3b7b8eb0bfbccb54b4d6a6844ad6

          SHA1

          316a2925e451f739f45e31bc233a95f91bf775fa

          SHA256

          011e1decd6683afe5f1e397fe9697f2cf592ae21766a7629e234682f721658ae

          SHA512

          18e8c99f8b86375627aba0d2b10cf4db24ee5ac61a3d6a73d382a83ec63217c7e455570d4fa7dcdbb188dcc73988689661f8cab2337ae8c615fa6bc9a08f71f5

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Wyfsbgf.lnk
          Filesize

          1KB

          MD5

          20b334707f8b30ac0adcc21b355e4ccd

          SHA1

          6066096040ea664678312181a4a62627658797e1

          SHA256

          2d77a9c1857e6afd38f718125792cdc8d789b6881573618ccfffe70f991a947f

          SHA512

          77df6e059124a5b8d69eaf946ffbd9c396358f2398501aa1f9d69937fdfdd8860eef78f142b7ad3e7ba99ef572aa1a684ec83c995428e49a54be1bfc700863f2

          Download Submit

        • memory/220-1-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/220-39-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/220-0-0x000002A9157F0000-0x000002A9157F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2908-52-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2908-49-0x000002228E500000-0x000002228E507000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2908-46-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-35-0x00007FFDA3C90000-0x00007FFDA3CA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3388-25-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-10-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-8-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-7-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-12-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-13-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-14-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-16-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-34-0x0000000002C30000-0x0000000002C37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3388-36-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-11-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-15-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3388-6-0x00007FFDA1F8A000-0x00007FFDA1F8B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3388-4-0x0000000002C50000-0x0000000002C51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3388-9-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4720-69-0x0000000140000000-0x0000000140145000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4720-64-0x0000000140000000-0x0000000140145000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4720-63-0x0000025D9B780000-0x0000025D9B787000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4904-83-0x00000246168C0000-0x00000246168C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4904-86-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download