Overview

overview

10

Static

static

3

fdf4a24f88...18.dll

windows7-x64

10

fdf4a24f88...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-09-2024 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fdf4a24f88214b0a4f02a8669a7c5ff8_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    fdf4a24f88214b0a4f02a8669a7c5ff8

  • SHA1

    d187ad8ffee9d34bbb8dafc787dd3858fe47cfcf

  • SHA256

    a151a8221a96d0ae5359b263a82cdcaf6bc4be7e3272f8c2edcecd8691b7df7f

  • SHA512

    771d54ff126bff1ebc52614c9f62f639f6fa212cf95da56b6bb07df228b88eef30ba7ff2b0d9bc45209b946dec201b47436508b5cd60c21a486fdf2f33854822

  • SSDEEP

    24576:vVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8j3:vV8hf6STw1ZlQauvzSq01ICe6zvme

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fdf4a24f88214b0a4f02a8669a7c5ff8_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4928
  • C:\Windows\system32\isoburn.exe
    C:\Windows\system32\isoburn.exe
    1⤵
      PID:4804
    • C:\Users\Admin\AppData\Local\1wzid\isoburn.exe
      C:\Users\Admin\AppData\Local\1wzid\isoburn.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4320
    • C:\Windows\system32\dialer.exe
      C:\Windows\system32\dialer.exe
      1⤵
        PID:4816
      • C:\Users\Admin\AppData\Local\BrAc17fu\dialer.exe
        C:\Users\Admin\AppData\Local\BrAc17fu\dialer.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4736
      • C:\Windows\system32\WindowsActionDialog.exe
        C:\Windows\system32\WindowsActionDialog.exe
        1⤵
          PID:1904
        • C:\Users\Admin\AppData\Local\7rFE9gQf\WindowsActionDialog.exe
          C:\Users\Admin\AppData\Local\7rFE9gQf\WindowsActionDialog.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1736

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\1wzid\UxTheme.dll
          Filesize

          1.2MB

          MD5

          941f00a702554955669f1051f39405f0

          SHA1

          e914aa2f40cc067f336dc922724f9cbbe5854fbe

          SHA256

          8ee0cceeeb050bedd3b46f7fe0214721a4fea3f372c2b41c65e5a47fdb85b2d9

          SHA512

          c39e759730ebb8a4be0177686482fee00ac1398c49a98e8378d1eda6ba06d2782bc7e2efaaf3d72409c3905aeba36fb75435b5ee37408932949c24426f449285

          Download Submit

        • C:\Users\Admin\AppData\Local\1wzid\isoburn.exe
          Filesize

          119KB

          MD5

          68078583d028a4873399ae7f25f64bad

          SHA1

          a3c928fe57856a10aed7fee17670627fe663e6fe

          SHA256

          9478c095afe212bce91d2de1a3c3647109f2d54e46b9bf70843e839324458567

          SHA512

          25503a47c53fe83eeb56726b5a5eec5cb01bc783e866306f92242a7a8cbafa20a3209217e0f4561febfec78d2f64f1725727a6b2d3ee6da512618984d0bb0bc1

          Download Submit

        • C:\Users\Admin\AppData\Local\7rFE9gQf\DUI70.dll
          Filesize

          1.4MB

          MD5

          cd49b021bf125907efaa1a90eb5a43ff

          SHA1

          58aa77617902befa318ba24ba4df3f336d6dddc4

          SHA256

          81df7880798a8df70a998b3c9d4be22e1be472aa7c89327a428adaaa68392023

          SHA512

          96b5b300a4c61c5c5a2db102b5426f4bbb155d4da8f3a1e671b95aaf8d699dfcd48056514a02054a08dff9af48642c279196b75c10bac6b5a0b5366d7668d1ce

          Download Submit

        • C:\Users\Admin\AppData\Local\7rFE9gQf\WindowsActionDialog.exe
          Filesize

          61KB

          MD5

          73c523b6556f2dc7eefc662338d66f8d

          SHA1

          1e6f9a1d885efa4d76f1e7a8be2e974f2b65cea5

          SHA256

          0c6397bfbcd7b1fcefb6de01a506578e36651725a61078c69708f1f92c41ea31

          SHA512

          69d0f23d1abaad657dd4672532936ef35f0e9d443caf9e19898017656a66ed46e75e7e05261c7e7636799c58feccd01dc93975d6a598cbb73242ddb48c6ec912

          Download Submit

        • C:\Users\Admin\AppData\Local\BrAc17fu\TAPI32.dll
          Filesize

          1.2MB

          MD5

          2e8d78141d5766bdb55e7ed3fc4cb50b

          SHA1

          f43fda501ab6f36f767dfaee3cac0f0ca19cd48f

          SHA256

          a5bfc7d1e514014d510197244cfea7c4c3f7fbfce868eeb10a0ba820530600b7

          SHA512

          3fb289cac9f3fba6bfb3235585ce45abb89b35f72fee2a9e61550a5c7a61ebaf503f2017108b65670314182a2563c047d54f6ecaacf54047e36864e854983c22

          Download Submit

        • C:\Users\Admin\AppData\Local\BrAc17fu\dialer.exe
          Filesize

          39KB

          MD5

          b2626bdcf079c6516fc016ac5646df93

          SHA1

          838268205bd97d62a31094d53643c356ea7848a6

          SHA256

          e3ac5e6196f3a98c1946d85c653866c318bb2a86dd865deffa7b52f665d699bb

          SHA512

          615cfe1f91b895513c687906bf3439ca352afcadd3b73f950af0a3b5fb1b358168a7a25a6796407b212fde5f803dd880bcdc350d8bac7e7594090d37ce259971

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ppmzgvduo.lnk
          Filesize

          1KB

          MD5

          dbdca524f89bb08fda83631ed52e33e1

          SHA1

          874a02ca3f5e6c08f5ba977588ff58ee31e77fcf

          SHA256

          50d5698106f1de9ee9e80aaab78667e85f48da7c0f1c928a9120d01987a5086e

          SHA512

          7924116892d551a23c04cf5903844ea78d5bd08f9fa3acde7913b87693fc22866cb83dbb9c925ad66e3debb938896db7c1ecf7662d6c395cd4005e869d3c6f5d

          Download Submit

        • memory/1736-84-0x0000000140000000-0x0000000140175000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1736-78-0x0000000140000000-0x0000000140175000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1736-81-0x0000020A2A0E0000-0x0000020A2A0E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3348-25-0x00007FFF167D0000-0x00007FFF167E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3348-13-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3348-11-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3348-10-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3348-9-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3348-8-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3348-14-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3348-23-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3348-24-0x0000000000A60000-0x0000000000A67000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3348-5-0x00007FFF162EA000-0x00007FFF162EB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3348-4-0x0000000002850000-0x0000000002851000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3348-7-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3348-34-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3348-12-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4320-48-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4320-45-0x0000000140000000-0x0000000140130000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4320-44-0x000001C9B7BC0000-0x000001C9B7BC7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4736-64-0x0000024BB7AE0000-0x0000024BB7AE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4736-67-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4736-61-0x0000000140000000-0x0000000140131000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4928-0-0x0000020A34290000-0x0000020A34297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4928-37-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4928-1-0x0000000140000000-0x000000014012F000-memory.dmp

          Filesize

          1.2MB

          Download