Analysis
-
max time kernel
150s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-10-2024 01:12
General
-
Target
0832c0c85d04226274463b210f2c0c6c_JaffaCakes118.dll
-
Size
2.0MB
-
MD5
0832c0c85d04226274463b210f2c0c6c
-
SHA1
d999989abbbb6a8df30d61afcfdc9efee292d0ca
-
SHA256
37175ce8db20c813ad2466c36318302a57832598d5896fbf3bfda8d437bc5275
-
SHA512
f8d5b1ecafa4eecf0b2c95b53ead1157fb9628dcb7515e1a9a6821f247bcc89542f61191d972f0644284a2f1bbf1f08313ce2085fd5352dbd6936322341ecbb8
-
SSDEEP
12288:NVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:UfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0832c0c85d04226274463b210f2c0c6c_JaffaCakes118.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\wermgr.exeC:\Windows\system32\wermgr.exe1⤵
-
C:\Users\Admin\AppData\Local\0ugZgx\wermgr.exeC:\Users\Admin\AppData\Local\0ugZgx\wermgr.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\perfmon.exeC:\Windows\system32\perfmon.exe1⤵
-
C:\Users\Admin\AppData\Local\u2iubMF\perfmon.exeC:\Users\Admin\AppData\Local\u2iubMF\perfmon.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\CloudNotifications.exeC:\Windows\system32\CloudNotifications.exe1⤵
-
C:\Users\Admin\AppData\Local\5ky\CloudNotifications.exeC:\Users\Admin\AppData\Local\5ky\CloudNotifications.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4056,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=1044 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD548f41928f3204e9ecf1f86ecd088c0e9
SHA1797d4359e6942d02f16f348a4c327a3030a96933
SHA2563328a52fb50bc3b557708d43c6102fbf896665fcc5952c946f5d028167753df8
SHA51292a37b1473d58a70e8c23a8270791736dad29239ad9893bd4d418cb85622522b0eef3f1b5f41674b7360f9ef535f1a89986f9d18c5fd8d7e236833525770d843
-
Filesize
223KB
MD5f7991343cf02ed92cb59f394e8b89f1f
SHA1573ad9af63a6a0ab9b209ece518fd582b54cfef5
SHA2561c09759dcd31fdc81bcd6685438d7efb34e0229f1096bfd57d41ecfe614d07dc
SHA512fa3cf314100f5340c7d0f6a70632a308fcadb4b48785753310a053a510169979a89637b8b4fedf4d3690db6b8b55146e323cad70d704c4e2ede4edff5284237d
-
Filesize
59KB
MD5b50dca49bc77046b6f480db6444c3d06
SHA1cc9b38240b0335b1763badcceac37aa9ce547f9e
SHA25696e7e1a3f0f4f6fc6bda3527ab8a739d6dfcab8e534aa7a02b023daebb3c0775
SHA5122a0504ca336e86b92b2f5eff1c458ebd9df36c496331a7247ef0bb8b82eabd86ade7559ddb47ca4169e8365a97e80e5f1d3c1fc330364dea2450608bd692b1d3
-
Filesize
2.0MB
MD52c88d798fefefa56985b0f721e5f6d8c
SHA1c6010b0ae7dd849e2b5c3a5737afb8aa91a13586
SHA256fa85155bddd996ca0ec149be2095e4b16a55016824d655a7f408200f82d95164
SHA512510353325f392abe55d4c45cff18d748965c79736891e96067d38b5d72f2468cf0dbd49dacbdb98b3ef082b09600248de988a53d1d114ab263173b7f55ae3dea
-
Filesize
2.0MB
MD56f85151de80e0e6576ca8addf8010ddc
SHA1b4a776a7b4c3acf10ccaa0a54ce77a64a8ebc7ce
SHA256499be665499bd1e599d2e17ced2b64ebefdb1c1301f096e04d4b66603f806fae
SHA512c2674802cacca0b3db7c060e46c0a9e94e48a6a0125670d4c657d6cbc12431ff74ccc5f06324e9c8a363fccdc3c9b008b216063a52be6d7b20607da27176f1dd
-
Filesize
177KB
MD5d38aa59c3bea5456bd6f95c73ad3c964
SHA140170eab389a6ba35e949f9c92962646a302d9ef
SHA2565f041cff346fb37e5c5c9dab3c1272c76f8b5f579205170e97d2248d04a4ea0c
SHA51259fa552a46e5d6237c7244b03d09d60e9489217b4319a212e822c73fe1f31a81837cb906ae7da92072bd3d9263fe0b967e073110ba81da3a90126f25115fff68
-
Filesize
1KB
MD5eef19de0aa93819f47e314ddf726f234
SHA1f8a52365accae10f414c979378cfc3f5b3756a95
SHA2564dbeadcfc8d48e88a206c7c951e3afef5943db7ebead7e7fd3f441e94dc89d41
SHA512d3cae20de932c8f3bd8dd45b516193a2f93437df36b18a4445f2accc13668f44e2861553463404d9251eace21c665437c7d4fdd7853af70fe57c46c1da1e6d84
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
28KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
28KB
-
Filesize
2.0MB
-
Filesize
28KB
-
Filesize
2.0MB