Overview

overview

10

Static

static

3

93fc422ef8...18.dll

windows7-x64

10

93fc422ef8...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2024 10:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93fc422ef8eef071e16c5b12310f6b36_JaffaCakes118.dll

  • Size

    1.1MB

  • MD5

    93fc422ef8eef071e16c5b12310f6b36

  • SHA1

    f1761280479126762632211380de0969d9295315

  • SHA256

    9fe73d5332d83d76ee254a477355e48040194e781fd5c12b34f729a999e2554c

  • SHA512

    c41316986dcc2359bff2eafb7f4d83403b792110a8257be28c706463957a785ac9c24aee033a02d10fc36b7a2327b655ecc751d3bc489aad4e73165390add566

  • SSDEEP

    12288:idMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:UMIJxSDX3bqjhcfHk7MzH6z

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\93fc422ef8eef071e16c5b12310f6b36_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4944
  • C:\Windows\system32\mstsc.exe
    C:\Windows\system32\mstsc.exe
    1⤵
      PID:3112
    • C:\Users\Admin\AppData\Local\JKQ\mstsc.exe
      C:\Users\Admin\AppData\Local\JKQ\mstsc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4436
    • C:\Windows\system32\EhStorAuthn.exe
      C:\Windows\system32\EhStorAuthn.exe
      1⤵
        PID:1772
      • C:\Users\Admin\AppData\Local\laaX4rl\EhStorAuthn.exe
        C:\Users\Admin\AppData\Local\laaX4rl\EhStorAuthn.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3152
      • C:\Windows\system32\BdeUISrv.exe
        C:\Windows\system32\BdeUISrv.exe
        1⤵
          PID:4396
        • C:\Users\Admin\AppData\Local\areJlR1O7\BdeUISrv.exe
          C:\Users\Admin\AppData\Local\areJlR1O7\BdeUISrv.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4476

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\JKQ\WINMM.dll
          Filesize

          1.1MB

          MD5

          c8f912ab72a940a6c3aabe22fb3ffe18

          SHA1

          517439d8ca2878ecf1f075c62bbfcac87bb9dd47

          SHA256

          d06abcd8c54ac1dfecdb2a96b8ce6cd0b34f441ddcab7b89318c9c4c6b59cc03

          SHA512

          d9a0beb2a033a5a6f0e0296ee8377f163f9b759a5b68ec7b62b22ffa0af146f3e4ee804dc04e919bd11644223e96fbad4e6f51a9e0a8c952f0eba0c3ceae9f58

          Download Submit

        • C:\Users\Admin\AppData\Local\JKQ\mstsc.exe
          Filesize

          1.5MB

          MD5

          3a26640414cee37ff5b36154b1a0b261

          SHA1

          e0c28b5fdf53a202a7543b67bbc97214bad490ed

          SHA256

          1d1b6b2edac7ac6494c9eecda3afb804f679d7190f4d1a80929380e85743823f

          SHA512

          76fc70ead57ddacd3dbcec1a4772bd46924d30b30018a36b13052d2f7272cc86b63bf85d5e4ec04aac08630d4b2637ca6e7d35c08ce6b675d63ed011f7d95ba2

          Download Submit

        • C:\Users\Admin\AppData\Local\areJlR1O7\BdeUISrv.exe
          Filesize

          54KB

          MD5

          8595075667ff2c9a9f9e2eebc62d8f53

          SHA1

          c48b54e571f05d4e21d015bb3926c2129f19191a

          SHA256

          20b05c77f898be08737082e969b39f54fa39753c8c0a06142eb7ad5e0764a2db

          SHA512

          080dbcdd9234c07efe6cea4919ffa305fdc381ccebed9d1020dd6551b54e20e52387e62a344502fa4a85249defd0f9b506528b8dd34675bc9f51f664b8fc4d88

          Download Submit

        • C:\Users\Admin\AppData\Local\areJlR1O7\WTSAPI32.dll
          Filesize

          1.1MB

          MD5

          780e3daef13f14835b610375bd168d41

          SHA1

          4c24c11eaa550787ff2837ceb624523ef4a2e96f

          SHA256

          cc4a967046deaffdb793a1e54e24b7ca8da6ebe57e4ec2df88a4305b48c4619b

          SHA512

          3f3eb659fe3c4b3daa99929a2f3c52f61a56092514c7a1f4b5519422fd1ff0ef53cf87273c3e636c998b492cf59754495ef9fc1ff7490bc3388cd94008d33e03

          Download Submit

        • C:\Users\Admin\AppData\Local\laaX4rl\EhStorAuthn.exe
          Filesize

          128KB

          MD5

          d45618e58303edb4268a6cca5ec99ecc

          SHA1

          1f8049fc5ea8b57bb68e19fb55cb9dc1e18e9513

          SHA256

          d527323643be9df4d174c3169c6f2c7854a59b781654bcaebd154cb51fb4219c

          SHA512

          5d7ae663dcfedfaf00836dc018131851e5a40778bd582b417b9f0bbd4bb6d1b2eb8f37f7f5a01cd2beed78b6037ef6eb2a3290248d5e901173b1407990a202bd

          Download Submit

        • C:\Users\Admin\AppData\Local\laaX4rl\UxTheme.dll
          Filesize

          1.1MB

          MD5

          a6b0c066a9701a129217f7c1a8833ef2

          SHA1

          30436c43f835a1631fe60aadac84430012daa332

          SHA256

          6bb41dd45de1d0802c9fba85c676557c1176bd468299df27b9b92315074787e6

          SHA512

          a6f2f58ffe51725c709ce62823d6fe61b36bc6f27ce887fc8d8077401670817a544d9a24d42c7cf284a0b8d226fe91edb5b5de1dfad965e58689b777857ed357

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rasxaa.lnk
          Filesize

          1KB

          MD5

          f17666e9ca9b32f3efdd6ac303f1a535

          SHA1

          3282c3bd9e6e0df563f8ad766328534c52256f60

          SHA256

          49a81dc0c8f45a52e3eea4f548d29209750e35b36379b843da41111afb57333a

          SHA512

          f226301c6ad4a05255edd5817d3433660bf1c1caa1e071be8e974aa42791e215dcdd77348c777371b38b8bbddf9af67d899eeb4c664d8e7296d90f235c2f4f86

          Download Submit

        • memory/3152-83-0x0000000140000000-0x000000014010E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3152-80-0x0000020AFEE50000-0x0000020AFEE57000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3152-78-0x0000000140000000-0x000000014010E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-13-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-8-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-30-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-27-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-28-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-26-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-25-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-24-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-23-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-22-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-21-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-19-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-18-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-15-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-16-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-14-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-40-0x0000000000370000-0x0000000000377000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3376-12-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-11-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-10-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-9-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-31-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-7-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-29-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-6-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-53-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-4-0x00007FFE0C98A000-0x00007FFE0C98B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3376-3-0x00000000024D0000-0x00000000024D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3376-17-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-41-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-42-0x00007FFE0CD80000-0x00007FFE0CD90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3376-43-0x00007FFE0CD70000-0x00007FFE0CD80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3376-32-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3376-20-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4436-67-0x0000000140000000-0x000000014010F000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4436-63-0x0000000140000000-0x000000014010F000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4436-62-0x000001FC93710000-0x000001FC93717000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4476-94-0x0000022B6B0F0000-0x0000022B6B0F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4476-99-0x0000000140000000-0x000000014010E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4944-0-0x0000018D804E0000-0x0000018D804E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4944-1-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4944-51-0x0000000140000000-0x000000014010D000-memory.dmp

          Filesize

          1.1MB

          Download