Overview

overview

10

Static

static

3

aa97726c96...18.dll

windows7-x64

10

aa97726c96...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-11-2024 02:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa97726c96275f57ca686d1e95dfdfd9_JaffaCakes118.dll

  • Size

    944KB

  • MD5

    aa97726c96275f57ca686d1e95dfdfd9

  • SHA1

    d2424394c6398a3ea7b69deac9dd41a30091905d

  • SHA256

    d87fbd8fc181f8b1f65f87bf1c20ea1e9862d5d9bd8dd7abcb53966cfe2c38e3

  • SHA512

    a596e347615867a6f6514bf2889af9bc725a8eebb90056c3dea39347ecfb8a8b090e3e5b2334361a239fd564352b54196295fb0108ba03847f89ea1d0d55f7e1

  • SSDEEP

    24576:JKfE4IeyDiRhMnFKO2pS9BDrFYA7CKW5:o3yDiRhYF22B57i5

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa97726c96275f57ca686d1e95dfdfd9_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3192
  • C:\Windows\system32\dccw.exe
    C:\Windows\system32\dccw.exe
    1⤵
      PID:3556
    • C:\Users\Admin\AppData\Local\UMmUCR\dccw.exe
      C:\Users\Admin\AppData\Local\UMmUCR\dccw.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1864
    • C:\Windows\system32\lpksetup.exe
      C:\Windows\system32\lpksetup.exe
      1⤵
        PID:2388
      • C:\Users\Admin\AppData\Local\IMJiaj\lpksetup.exe
        C:\Users\Admin\AppData\Local\IMJiaj\lpksetup.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3048
      • C:\Windows\system32\cttune.exe
        C:\Windows\system32\cttune.exe
        1⤵
          PID:3668
        • C:\Users\Admin\AppData\Local\xmq\cttune.exe
          C:\Users\Admin\AppData\Local\xmq\cttune.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2276

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\IMJiaj\dpx.dll
          Filesize

          948KB

          MD5

          1938459ddf092a07edab6205290f21db

          SHA1

          32b4bc8459e821f0aa1ddc5fae009697e0d741f6

          SHA256

          a266024e15fbd31b2157010966c0b7b959b1db6ad1b4cd61a599226b397e0f98

          SHA512

          3478d12a7c21e98c3b5cbc6e145402a837914879d0e79e6431f7fd6020355fbe06d5496508d795f67d57d907af94699630ee9cb27706f90a213514e925076f88

          Download Submit

        • C:\Users\Admin\AppData\Local\IMJiaj\lpksetup.exe
          Filesize

          728KB

          MD5

          c75516a32e0aea02a184074d55d1a997

          SHA1

          f9396946c078f8b0f28e3a6e21a97eeece31d13f

          SHA256

          cb3cbeaaff7c07b044f70177e2899a87e80840d177238eb7dd25b8d9e20bef22

          SHA512

          92994fdb75b15742e33e6d7a499664b722e45b9c160d8cc42d30bc727044063d589f45853692b5b754df6ff0fd21294dc32fed985b153f93f4bcf9f8c89a5bcc

          Download Submit

        • C:\Users\Admin\AppData\Local\UMmUCR\dccw.exe
          Filesize

          101KB

          MD5

          cb9374911bf5237179785c739a322c0f

          SHA1

          3f4d3dd3d58c9f19dfbb414ded16969ebd9f74b9

          SHA256

          f7f3300b78148a34f6a35796c777a832b638b6d3193e11f4a37f45d4c6dfa845

          SHA512

          9d47521538148b1823c0a17baa86ddf932f06f46d5d8b63fa87b2cc220fb98ce3f933e32d771222937bb8e41c88030839d489d1cd78b062bffeb2980dc6864be

          Download Submit

        • C:\Users\Admin\AppData\Local\UMmUCR\mscms.dll
          Filesize

          952KB

          MD5

          0c7664c22735fb0ff16ab0b21f098cdb

          SHA1

          d902cd604c47674b35debb75ee46add93b30f9c0

          SHA256

          2bd7317cd8229169b4a1a40753ec80ed21192a58faf6cbaf6fe96707aba6a1c1

          SHA512

          8da8c9ee296499f185f9c7146b5ea0919f432bde84fd37c9c0de6ef96b7a22ee0b4dfa366fa5c599553ca53b000321f7039bec7560d25f2f8bf97af1ae9dd145

          Download Submit

        • C:\Users\Admin\AppData\Local\xmq\OLEACC.dll
          Filesize

          948KB

          MD5

          22bb8011b32aa91e04a363e3cb802c86

          SHA1

          165afa443a2219df97d9745f89442bfce83e92ea

          SHA256

          e3e66e347949ee4cb8c2ee96b803a2320f20b0cc0c6204ea393fa55095ec37b8

          SHA512

          796bec287973ed2ca0801578d0c95b18492a95b574c6188f50388ac715c994ee441d560253da659080e2115f7e6f477999703d2ba032993f2daa8360ed3bdf97

          Download Submit

        • C:\Users\Admin\AppData\Local\xmq\cttune.exe
          Filesize

          90KB

          MD5

          fa924465a33833f41c1a39f6221ba460

          SHA1

          801d505d81e49d2b4ffa316245ca69ff58c523c3

          SHA256

          de2d871afe2c071cf305fc488875563b778e7279e57030ba1a1c9f7e360748da

          SHA512

          eef91316e1a679cc2183d4fe9f8f40b5efa6d06f7d1246fd399292e14952053309b6891059da88134a184d9bd0298a45a1bf4bc9f27140b1a31b9523acbf3757

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ehuvmtvuxjwd.lnk
          Filesize

          1KB

          MD5

          823cd391b053fcf13d85623fd31720e2

          SHA1

          c917074a5311d199bc9510d5e495733f6a85bb45

          SHA256

          e1de3a1325d9b475037fb1bec6832718481454ed077cf1ac4f0b7940d2ab0d37

          SHA512

          d72d839741ecf7b4138afc011cdf2bd170bc2418483fc6235c1db25bb6337839c15e4df36a3d88c9e21ba610a63d60323ab9d53cfd6254dadaedfd42594676b5

          Download Submit

        • memory/1864-56-0x00007FFAC2450000-0x00007FFAC253E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/1864-52-0x00007FFAC2450000-0x00007FFAC253E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/1864-51-0x0000021191E90000-0x0000021191E97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2276-87-0x00007FFAC2600000-0x00007FFAC26ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3048-67-0x00000224CFCD0000-0x00000224CFCD7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3048-68-0x00007FFAC2600000-0x00007FFAC26ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3048-72-0x00007FFAC2600000-0x00007FFAC26ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3192-0-0x00000169D9850000-0x00000169D9857000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3192-44-0x00007FFAD1720000-0x00007FFAD180C000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3192-2-0x00007FFAD1720000-0x00007FFAD180C000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-41-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-17-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-11-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-10-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-8-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-7-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-14-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-9-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-6-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-13-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-16-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-12-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-18-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-19-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-21-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-30-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-31-0x00007FFAE0C80000-0x00007FFAE0C90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3464-32-0x00007FFAE0C70000-0x00007FFAE0C80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3464-22-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-29-0x0000000002B00000-0x0000000002B07000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3464-20-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-15-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3464-3-0x00007FFAE08DA000-0x00007FFAE08DB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3464-4-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

          Filesize

          4KB

          Download