Overview

overview

10

Static

static

3

034426c5bd...18.dll

windows7-x64

10

034426c5bd...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2024 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    034426c5bd525235fcafbbb062e0906c_JaffaCakes118.dll

  • Size

    840KB

  • MD5

    034426c5bd525235fcafbbb062e0906c

  • SHA1

    035feff6c9fd3656aa4e91d9478d78fac9cab06d

  • SHA256

    eeae042764b330ce8fcf47e9f959389658b9babc7d9bf84b9836adc1fec4565d

  • SHA512

    182eefa4e540076bf5d65f193142eb6b15713c2449d2a45c788b6e6fcddb241a542fe763481c5eb6673d6861642efde081d3ee3cbb9421e51d0dba1f4980fc76

  • SSDEEP

    12288:PdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:VMIJxSDX3bqjhcfHk7MzH6z

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 8 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\034426c5bd525235fcafbbb062e0906c_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3772
  • C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
    C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
    1⤵
      PID:4292
    • C:\Users\Admin\AppData\Local\z65mdXshH\SystemPropertiesDataExecutionPrevention.exe
      C:\Users\Admin\AppData\Local\z65mdXshH\SystemPropertiesDataExecutionPrevention.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4400
    • C:\Windows\system32\MDMAppInstaller.exe
      C:\Windows\system32\MDMAppInstaller.exe
      1⤵
        PID:4928
      • C:\Users\Admin\AppData\Local\xlo34J\MDMAppInstaller.exe
        C:\Users\Admin\AppData\Local\xlo34J\MDMAppInstaller.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4036
      • C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
        C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
        1⤵
          PID:1828
        • C:\Users\Admin\AppData\Local\0QZ6V\SystemPropertiesDataExecutionPrevention.exe
          C:\Users\Admin\AppData\Local\0QZ6V\SystemPropertiesDataExecutionPrevention.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:692

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\0QZ6V\SYSDM.CPL
          Filesize

          844KB

          MD5

          fae72987661b7ba83457e57224d7de2b

          SHA1

          098c0d53ede93f257b9006bc729fb21200f87297

          SHA256

          6569b33915463a9e0ca72335ee4ebc7315293cfd93ce225b2efb4fe2ea9443b2

          SHA512

          45924e5abd903cc6de836e49babe53cd57999e241ee42f1b185011ef65d7ad8d04ed432c10eb3ab61e0904762f5c1a700aa800ddd9ca96577304854c703cc40e

          Download Submit

        • C:\Users\Admin\AppData\Local\xlo34J\MDMAppInstaller.exe
          Filesize

          151KB

          MD5

          30e978cc6830b04f1e7ed285cccaa746

          SHA1

          e915147c17e113c676c635e2102bbff90fb7aa52

          SHA256

          dc821931f63117962e2266acd3266e86bf8116d4a14b3adbebfade1d40b84766

          SHA512

          331923fa479f71c4c80b0e86ea238628666f95b6cf61cf4d741ae4a27ea2b8c636864dfac543d14599b4873f3b2ab397d07c4e4c17aca3f3b4e5871e24e50214

          Download Submit

        • C:\Users\Admin\AppData\Local\xlo34J\WTSAPI32.dll
          Filesize

          844KB

          MD5

          9e1a6fe341c45cee5a2ee2def1c3f576

          SHA1

          98d275ed98125ee531acf494dde79411491c7087

          SHA256

          eaa5908be9791215f18089db3cd0e22e7e553f7bc80fc59db2906de5c04c9900

          SHA512

          83fe552c0065ce8d45b493f066eb4587f6dce47045c0daa4aba5068dc412e952d9b08dfc6778be6c43e926b78329fe14c660222b22e102cba6fd445751addc7c

          Download Submit

        • C:\Users\Admin\AppData\Local\z65mdXshH\SYSDM.CPL
          Filesize

          844KB

          MD5

          a787238fe7b9e6af1bd6c6754b930833

          SHA1

          9169c93758c759a2a07d10fb6e970f3169ec7fed

          SHA256

          da6c33078ff6e53b3c5b47dfa73ea1749e9e62a4e00ca194a475a89054b7cf58

          SHA512

          a44028ed5e97f2d30a3af9c03ea5cd0bec906627df033ed3096fe67075d901d9371cd4a1177e273288a1c37fdab0cbdab72759b6ddd6c5b4baa9cd120d9961e5

          Download Submit

        • C:\Users\Admin\AppData\Local\z65mdXshH\SystemPropertiesDataExecutionPrevention.exe
          Filesize

          82KB

          MD5

          de58532954c2704f2b2309ffc320651d

          SHA1

          0a9fc98f4d47dccb0b231edf9a63309314f68e3b

          SHA256

          1f810658969560f6e7d7a14f71d1196382e53b984ca190fa9b178ac4a32acfb3

          SHA512

          d4d57cc30d9079f4e9193ba42631e8e53d86b22e9c655d7a8c25e5be0e5e1d6dfff4714ddc23e3e392809d623b4f8d43c63893f74c325fc77459ac03c7a451ed

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Mcinmsnhewplgza.lnk
          Filesize

          1KB

          MD5

          d1426e70373a10613ecc1126e17f3602

          SHA1

          c7322471f15b24fa6ef362894c8a865e0ab3a298

          SHA256

          2d281d8a5d99df0081a45497ebbdf0f050ef9b9af8bb03cbc06f1345517bf507

          SHA512

          f69235f39321988fe2f94436cfa1d6808b6037fe67761f786681e0a256e7e729c7e639e5c18cc20e51319dd3eefb0e28949967ddf44eb7cbe0f8b5d17c68507b

          Download Submit

        • memory/692-104-0x0000000140000000-0x00000001400D3000-memory.dmp

          Filesize

          844KB

          Download

        • memory/692-101-0x0000024A29770000-0x0000024A29777000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3492-19-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-14-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-47-0x00007FFEBC400000-0x00007FFEBC410000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3492-46-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-35-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-33-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-32-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-31-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-30-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-29-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-28-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-27-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-26-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-25-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-23-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-22-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-21-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-20-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-48-0x00007FFEBC3F0000-0x00007FFEBC400000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3492-18-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-17-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-16-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-15-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-57-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-12-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-11-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-10-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-9-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-24-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-13-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-8-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-7-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-6-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-3-0x00007FFEBB5AA000-0x00007FFEBB5AB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3492-4-0x00000000014B0000-0x00000000014B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3492-34-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-36-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3492-45-0x0000000001440000-0x0000000001447000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3492-37-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3772-60-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3772-1-0x0000000140000000-0x00000001400D2000-memory.dmp

          Filesize

          840KB

          Download

        • memory/3772-0-0x000001CE68B80000-0x000001CE68B87000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4036-85-0x0000020FF94E0000-0x0000020FF94E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4036-88-0x0000000140000000-0x00000001400D3000-memory.dmp

          Filesize

          844KB

          Download

        • memory/4400-67-0x0000000140000000-0x00000001400D3000-memory.dmp

          Filesize

          844KB

          Download

        • memory/4400-69-0x000001569EA00000-0x000001569EA07000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4400-70-0x0000000140000000-0x00000001400D3000-memory.dmp

          Filesize

          844KB

          Download