Overview

overview

10

Static

static

3

049096c316...18.dll

windows7-x64

10

049096c316...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-10-2024 05:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    049096c3169d8d3df37231056cc1ddc5_JaffaCakes118.dll

  • Size

    1.3MB

  • MD5

    049096c3169d8d3df37231056cc1ddc5

  • SHA1

    a11b8d2b9144cfd9d15bb696ac117ab725484e86

  • SHA256

    221471dd6a3b6edc506fd5e9e0d32c3bd5fb95f631ef02bb2dfa56ff04a9e248

  • SHA512

    1c63495a42cf214e9a475877e94fe51994efa724c1f189209e7ed4503d3e52da46dcf34d4bbea055534db6b1fee9f5c8f1ebe42da60d4c2fa375688ec83fa9a2

  • SSDEEP

    12288:cdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:uMIJxSDX3bqjhcfHk7MzH6z

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\049096c3169d8d3df37231056cc1ddc5_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1300
  • C:\Windows\system32\sigverif.exe
    C:\Windows\system32\sigverif.exe
    1⤵
      PID:2276
    • C:\Users\Admin\AppData\Local\gJEy\sigverif.exe
      C:\Users\Admin\AppData\Local\gJEy\sigverif.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4644
    • C:\Windows\system32\usocoreworker.exe
      C:\Windows\system32\usocoreworker.exe
      1⤵
        PID:2200
      • C:\Users\Admin\AppData\Local\fzg61G\usocoreworker.exe
        C:\Users\Admin\AppData\Local\fzg61G\usocoreworker.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1556
      • C:\Windows\system32\consent.exe
        C:\Windows\system32\consent.exe
        1⤵
          PID:4004
        • C:\Users\Admin\AppData\Local\XSRDN\consent.exe
          C:\Users\Admin\AppData\Local\XSRDN\consent.exe
          1⤵
          • Executes dropped EXE
          PID:4680
        • C:\Windows\system32\msconfig.exe
          C:\Windows\system32\msconfig.exe
          1⤵
            PID:4044
          • C:\Users\Admin\AppData\Local\Dc5rw\msconfig.exe
            C:\Users\Admin\AppData\Local\Dc5rw\msconfig.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:1344

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Dc5rw\MFC42u.dll
            Filesize

            1.3MB

            MD5

            0684b4290c475356aa4e931c79a9bc47

            SHA1

            d3f75064ace6b009339071a0b8c5291d632eb576

            SHA256

            dede4595822c83328fc932b902f116c76efc11ea9f22b80b814ae4ec0d3ec42f

            SHA512

            74a75cc109705cbded39206d5ec55927e85b50f033ffcb26f6f6d17e6e6224ae416ca267f23a8b2d29f471a693230b5a628c9a70732eb0a9c54cbb80571a5c6c

            Download Submit

          • C:\Users\Admin\AppData\Local\Dc5rw\msconfig.exe
            Filesize

            193KB

            MD5

            39009536cafe30c6ef2501fe46c9df5e

            SHA1

            6ff7b4d30f31186de899665c704a105227704b72

            SHA256

            93d2604f7fdf7f014ac5bef63ab177b6107f3cfc26da6cbd9a7ab50c96564a04

            SHA512

            95c9a8bc61c79108634f5578825544323e3d980ae97a105a325c58bc0e44b1d500637459969602f08d6d23d346baec6acd07d8351803981000c797190d48f03a

            Download Submit

          • C:\Users\Admin\AppData\Local\XSRDN\consent.exe
            Filesize

            162KB

            MD5

            6646631ce4ad7128762352da81f3b030

            SHA1

            1095bd4b63360fc2968d75622aa745e5523428ab

            SHA256

            56b2d516376328129132b815e22379ae8e7176825f059c9374a33cc844482e64

            SHA512

            1c00ed5d8568f6ebd119524b61573cfe71ca828bd8fbdd150158ec8b5db65fa066908d120d201fce6222707bcb78e0c1151b82fdc1dccf3ada867cb810feb6da

            Download Submit

          • C:\Users\Admin\AppData\Local\fzg61G\XmlLite.dll
            Filesize

            1.3MB

            MD5

            376c96194147ce3a52ecde8574e2bdc0

            SHA1

            e8275f7b6f6bc2bdf39f86bb74826378e37a0fee

            SHA256

            59464d077a216668433248fd3db7f1f16beba9c8f18c31a46f25b7124a59cee0

            SHA512

            94117640632c68e673979351b7bf6bbbaf6f183a535e5e11790285c4eb42fa4ccdb8cd987c850ce2ca20bd21c2fd4b9be08937c84bb1e177d22885c8812d6e40

            Download Submit

          • C:\Users\Admin\AppData\Local\fzg61G\usocoreworker.exe
            Filesize

            1.3MB

            MD5

            2c5efb321aa64af37dedc6383ce3198e

            SHA1

            a06d7020dd43a57047a62bfb443091cd9de946ba

            SHA256

            0fb6688a32340036f3eaab4a09a82dee533bfb2ca266c36f6142083134de6f0e

            SHA512

            5448ea01b24af7444505bda80064849a2efcc459011d32879e021e836fd573c9b1b9d3b37291d3f53ff536c691ac13a545b12f318a16c8a367421986bbf002ed

            Download Submit

          • C:\Users\Admin\AppData\Local\gJEy\VERSION.dll
            Filesize

            1.3MB

            MD5

            e6a196f7994e1d46f8d3da0d93a54f22

            SHA1

            226d957bcc93691db438c7bc7f2607cd958012a6

            SHA256

            fbb116def4149bafc9b4956198002d7b25a278436a24cddc12054a04818bb8ac

            SHA512

            43a2606a8e6600737957663bf395c1383127fcd382d338ca435158030a0e96f1d3eec34ff6a7c5ecaae0403df52985d9bf839896b3d92b94964e32f62261b3c2

            Download Submit

          • C:\Users\Admin\AppData\Local\gJEy\sigverif.exe
            Filesize

            77KB

            MD5

            2151a535274b53ba8a728e542cbc07a8

            SHA1

            a2304c0f2616a7d12298540dce459dd9ccf07443

            SHA256

            064de47877b00dc35886e829a697e4adb3d3cfdf294ddba13b6009a0f415b1bd

            SHA512

            e6fd520ee1bd80a5fe8a7c2ae6446dcaabd4e335a602c36356f85305abef751b7dffa7eaac1ec13c105ccd8c3e9070bd32ed4b14bc8a9e52dc5f47b936d69a9f

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Mihblavoyj.lnk
            Filesize

            1KB

            MD5

            d9f00ef223e7ed93e06618ea4a36bf69

            SHA1

            af7b4ab261faf972ad8be8e8317d3c388e2a5940

            SHA256

            d1c5044ec73d72d32f8cf1925f99538a157645cc729d37d905cb7d5047af72d6

            SHA512

            ebfea1b9baa3a1fd9add35d0b0057d8fa6c407b34d52e31a1b97831eefa6e7b594270c490567aa92c0e55eb2e853554323b4eae14d4c30bcab79abdd26157653

            Download Submit

          • memory/1300-55-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/1300-1-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/1300-0-0x000001F1FD050000-0x000001F1FD057000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1344-104-0x0000000140000000-0x0000000140153000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/1344-106-0x0000000140000000-0x0000000140153000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/1556-83-0x0000000140000000-0x000000014014D000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/1556-80-0x000001B42F520000-0x000001B42F527000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3608-18-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-9-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-29-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-28-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-27-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-26-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-24-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-23-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-21-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-20-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-19-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-41-0x00007FFA68200000-0x00007FFA68210000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3608-17-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-16-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-15-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-14-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-13-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-12-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-10-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-40-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-8-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-7-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-30-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-31-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-25-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-6-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-3-0x00000000008C0000-0x00000000008C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3608-42-0x00007FFA681F0000-0x00007FFA68200000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3608-46-0x00000000006D0000-0x00000000006D7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3608-52-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-32-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-22-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-11-0x0000000140000000-0x000000014014C000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3608-4-0x00007FFA674FA000-0x00007FFA674FB000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4644-64-0x0000020CE4780000-0x0000020CE4787000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4644-62-0x0000000140000000-0x000000014014D000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/4644-67-0x0000000140000000-0x000000014014D000-memory.dmp

            Filesize

            1.3MB

            Download