Overview

overview

10

Static

static

3

f963cdd13e...18.dll

windows7-x64

10

f963cdd13e...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2024 00:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f963cdd13e8a02e085ad96942c7b697e_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    f963cdd13e8a02e085ad96942c7b697e

  • SHA1

    c45bbdcfa0d01b667a899c580eaf672c17f6476e

  • SHA256

    d2b8767e0bc73b401800438a4249a81a7fc998d126f98ee574779b3629569e9c

  • SHA512

    442f9c643485bece188752fbac53aa9c2bfbbefc273c1b60e37d0e9625fdda2caf3ade1ebef99acb0964f015203c9ecea72cdb4250cf328b88b5ca8419a0701d

  • SSDEEP

    24576:iVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8v:iV8hf6STw1ZlQauvzSq01ICe6zvmU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f963cdd13e8a02e085ad96942c7b697e_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2192
  • C:\Windows\system32\mfpmp.exe
    C:\Windows\system32\mfpmp.exe
    1⤵
      PID:2536
    • C:\Users\Admin\AppData\Local\6b2e3jPeB\mfpmp.exe
      C:\Users\Admin\AppData\Local\6b2e3jPeB\mfpmp.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2928
    • C:\Windows\system32\cttune.exe
      C:\Windows\system32\cttune.exe
      1⤵
        PID:992
      • C:\Users\Admin\AppData\Local\4Ah\cttune.exe
        C:\Users\Admin\AppData\Local\4Ah\cttune.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1420
      • C:\Windows\system32\cttune.exe
        C:\Windows\system32\cttune.exe
        1⤵
          PID:1788
        • C:\Users\Admin\AppData\Local\RbgV7L\cttune.exe
          C:\Users\Admin\AppData\Local\RbgV7L\cttune.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2820

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\4Ah\UxTheme.dll
          Filesize

          1.2MB

          MD5

          b835baa7b54f65ad2407823ff1f47ae7

          SHA1

          228b9a098caadeff9ba979ce299bdf3753de7c79

          SHA256

          b57c8e94a14d8be57ab4df91a4b866c08b34e9beb6c47e8f0ca58ee864b78ce0

          SHA512

          3dcf6039842929bceb5b2d9300661f1466019bff33cd98ac9e1eb8c358d3a18172430a0d5c8dbfbddd78a8c82027f21d2aeb25b15d4231892d530c54820c6695

          Download Submit

        • C:\Users\Admin\AppData\Local\6b2e3jPeB\MFPlat.DLL
          Filesize

          1.2MB

          MD5

          87885032159e359dae8da1ce27a9741a

          SHA1

          1ec7dbfae0618219fdd3819512261a3b6a50809d

          SHA256

          7207e8a76586af0672f9b85098c4793b336f2827fa1c66031ebe47cecfe3eae7

          SHA512

          e637e036abf6be5ea84577aa1b557d75b90ba3060bdf378bcffc7f73006eaa51293302d40ad4bca1e57fbd8d6577bc85c55f39745d0016c52c12c6c73a279c8a

          Download Submit

        • C:\Users\Admin\AppData\Local\RbgV7L\UxTheme.dll
          Filesize

          1.2MB

          MD5

          eff4bc05d382b983792b094de44a7a2a

          SHA1

          447a25706408decf8d00de36b40cdc5d4cb40c40

          SHA256

          96649e5ce7372632bd60edbb061305def127a40f91896443815b3c8fd0b2c0a2

          SHA512

          50deb631097fc9e78b05dd5b728d4dba2f463d728131e0abd20dfd4c29b291a961c4ee84d4b07d4b8046dee408e5e92566d40811831fbe13bd2d5f599e8c33e4

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Lcuygmmobxhxaxh.lnk
          Filesize

          1KB

          MD5

          825dcc2d6f7e62882e288fec96a5683e

          SHA1

          e617e50fb151643436f9449499e9ff5b84805a0c

          SHA256

          4909154b4654a48d12154791d6789632490d562627012a5bda2c77a6058bfb3a

          SHA512

          210246a60b83bfe7b2dd76eea6761c6a405c65274df7927b46b4a64eb22ef8a94b38d121091db1345e425edd061c9a0dd1d1051f875f50fa6d12717e783dc1e3

          Download Submit

        • \Users\Admin\AppData\Local\4Ah\cttune.exe
          Filesize

          314KB

          MD5

          7116848fd23e6195fcbbccdf83ce9af4

          SHA1

          35fb16a0b68f8a84d5dfac8c110ef5972f1bee93

          SHA256

          39937665f72725bdb3b82389a5dbd906c63f4c14208312d7f7a59d6067e1cfa6

          SHA512

          e38bf57eee5836b8598dd88dc3d266f497d911419a8426f73df6dcaa503611a965aabbd746181cb19bc38eebdb48db778a17f781a8f9e706cbd7a6ebec38f894

          Download Submit

        • \Users\Admin\AppData\Local\6b2e3jPeB\mfpmp.exe
          Filesize

          24KB

          MD5

          2d8600b94de72a9d771cbb56b9f9c331

          SHA1

          a0e2ac409159546183aa45875497844c4adb5aac

          SHA256

          7d8d8918761b8b6c95758375a6e7cf7fb8e43abfdd3846476219883ef3f8c185

          SHA512

          3aaa6619f29434c294b9b197c3b86fdc5d88b0254c8f35f010c9b5f254fd47fbc3272412907e2a5a4f490bda2acfbbd7a90f968e25067abf921b934d2616eafc

          Download Submit

        • memory/1176-30-0x0000000077E60000-0x0000000077E62000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1176-47-0x0000000077BC6000-0x0000000077BC7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1176-27-0x0000000077CD1000-0x0000000077CD2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1176-4-0x0000000077BC6000-0x0000000077BC7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1176-25-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-26-0x0000000002ED0000-0x0000000002ED7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1176-15-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-14-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-13-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-12-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-10-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-9-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-38-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-37-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-5-0x0000000003060000-0x0000000003061000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1176-16-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-11-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-7-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1176-8-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1420-73-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1420-74-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1420-79-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2192-46-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2192-0-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2192-3-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2820-91-0x0000000000520000-0x0000000000527000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2820-97-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2928-56-0x0000000140000000-0x0000000140145000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2928-61-0x0000000140000000-0x0000000140145000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2928-55-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download