Overview

overview

10

Static

static

3

fd3e806f43...18.dll

windows7-x64

10

fd3e806f43...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd3e806f4332bfcfa93533beca89df80_JaffaCakes118.dll

  • Size

    1.2MB

  • MD5

    fd3e806f4332bfcfa93533beca89df80

  • SHA1

    d11032403375abd3d628e983a64ab2d80ab476c7

  • SHA256

    2804e639a5387ba5851a66fd0aca15bec2e3e20fcedbe56b93136828af8e933b

  • SHA512

    ed0bd11263b65dda4794aba95bbfa621c83377230ef333e89e245ec96befb231fa513b43937e0814d54591bef0faceeba7ffe11915e90191a0fb0cb74e7c4d0f

  • SSDEEP

    12288:lVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:8fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd3e806f4332bfcfa93533beca89df80_JaffaCakes118.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2780
  • C:\Windows\system32\SystemPropertiesPerformance.exe
    C:\Windows\system32\SystemPropertiesPerformance.exe
    1⤵
      PID:2584
    • C:\Users\Admin\AppData\Local\45M1QyOKW\SystemPropertiesPerformance.exe
      C:\Users\Admin\AppData\Local\45M1QyOKW\SystemPropertiesPerformance.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1848
    • C:\Windows\system32\MpSigStub.exe
      C:\Windows\system32\MpSigStub.exe
      1⤵
        PID:1464
      • C:\Users\Admin\AppData\Local\6Cne\MpSigStub.exe
        C:\Users\Admin\AppData\Local\6Cne\MpSigStub.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1612
      • C:\Windows\system32\ComputerDefaults.exe
        C:\Windows\system32\ComputerDefaults.exe
        1⤵
          PID:796
        • C:\Users\Admin\AppData\Local\Pd6\ComputerDefaults.exe
          C:\Users\Admin\AppData\Local\Pd6\ComputerDefaults.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1092

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\45M1QyOKW\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          43e65e1a392418e986eac0c8b38d308e

          SHA1

          008c33d1086f0f0f9eb2769ac1901e0d103e1b76

          SHA256

          e878b49abc261bd5b58d398ab602e2a0fd8b05eb2e7172215c07c7875114337b

          SHA512

          76468c41dd7e9772c4138ba8261fd3d0df854bcf6491e81680dcf81e45115a86b37b450b69f53a95fbceeb136f5e541a0c3c191631cd20fccf90e5d07155f7a5

          Download Submit

        • C:\Users\Admin\AppData\Local\45M1QyOKW\SystemPropertiesPerformance.exe
          Filesize

          80KB

          MD5

          870726cdcc241a92785572628b89cc07

          SHA1

          63d47cc4fe9beb75862add1abca1d8ae8235710a

          SHA256

          1ab77fa1ee0cbe59ca185c228c3c11abeba2b2008a162c91a06d3c40542e7fc6

          SHA512

          89b961c2a2716fe0800e54e0206c8b349a26f1bc2a463ec9bd12f3ab22bfcb13e6402b4c20ddcf284d838a3c66e73335af8f6dc4554d76646382e387242c6f72

          Download Submit

        • C:\Users\Admin\AppData\Local\6Cne\MpSigStub.exe
          Filesize

          264KB

          MD5

          2e6bd16aa62e5e95c7b256b10d637f8f

          SHA1

          350be084477b1fe581af83ca79eb58d4defe260f

          SHA256

          d795968b8067bb610033fa4a5b21eb2f96cef61513aba62912b8eb5c6a5ff7b3

          SHA512

          1f37150f6bcbe0df54bb85a5ad585824cea9332baa9be1649a95c1dfb41723de85c09d98fb2ca8261a49c2184d3bda638b84b2b7b60b97fe42a15ab1620a2542

          Download Submit

        • C:\Users\Admin\AppData\Local\6Cne\VERSION.dll
          Filesize

          1.2MB

          MD5

          0cf1ae4c01eda77f5920a062a1e5d512

          SHA1

          c58e2dbf27322b4f11be5be42c81373ee83b6ecb

          SHA256

          8d3a03a9346fd21d32ed13e363d617bf65e8742a0271bb1e26288b7b94d680b9

          SHA512

          4e6a1e57b43b3238a16dada5092167da66673ed6ac6fe2c23f5ab8fdf5ba6612c624684b94140fc4c919cc72719a808eae38deab7a54e3a557aea8defbd2e492

          Download Submit

        • C:\Users\Admin\AppData\Local\Pd6\ComputerDefaults.exe
          Filesize

          36KB

          MD5

          86bd981f55341273753ac42ea200a81e

          SHA1

          14fe410efc9aeb0a905b984ac27719ff0dd10ea7

          SHA256

          40b194be2bad2d3d4d1b69f9aec2853c8b663130810a11607ff72a9e3a06d5b3

          SHA512

          49bb6d4bf7a9356fadde7f6165af6973630827d28b69db10ad477a84d98b08fb82e4daae777166e1ddddb5b5efcdf634e4e9bd34b255dae87462ba32e8bba143

          Download Submit

        • C:\Users\Admin\AppData\Local\Pd6\appwiz.cpl
          Filesize

          1.2MB

          MD5

          d352335c432da40a27e049813a4be4cf

          SHA1

          c852750a6ebbc02ec31aad08f980142b6600d6e5

          SHA256

          a75134e2a3618a2da67031328b95fab8b33306cc2a484c0789f4a7c2b0985cc7

          SHA512

          6430b5dbfcabbae2684b1c21701edd30ec80fb98b69c864f4876c839b9cc9806e23a8b19719151e937e74a653559e4d244f26d1faa0e0dc4c6226b776581f3b1

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ukatmrkmywz.lnk
          Filesize

          1KB

          MD5

          5d07eed25c9bf3ab32cabe21240d6f38

          SHA1

          9af5336abac23f9d514539425fe468e242c5a65d

          SHA256

          5950bc2eafcd766ce69c9ba7ee4210c4262e5ecee8ccebb312e87e3de5fefc87

          SHA512

          14fdd85b316ab422626cf2cd25a7cfd8949eb783d72f0dad1771404540aa2e325d1773409140454137403467331bcde81cb6d5e15e247fdfb7d39aaea68a991c

          Download Submit

        • memory/1092-110-0x0000000000280000-0x0000000000287000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1180-19-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-27-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-14-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-21-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-28-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-36-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-51-0x0000000002470000-0x0000000002477000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1180-128-0x00000000772B6000-0x00000000772B7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1180-43-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-55-0x0000000077620000-0x0000000077622000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1180-56-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-59-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-54-0x00000000774C1000-0x00000000774C2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1180-50-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-42-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-41-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-40-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-39-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-38-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-37-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-35-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-34-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-33-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-32-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-31-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-30-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-29-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-15-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-26-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-25-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-24-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-23-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-22-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-20-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-18-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-13-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-65-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-16-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-17-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-12-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-4-0x00000000772B6000-0x00000000772B7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1180-5-0x0000000002490000-0x0000000002491000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1180-8-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-7-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-9-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1180-10-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1612-92-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1848-75-0x0000000140000000-0x000000014012D000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1848-80-0x0000000140000000-0x000000014012D000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1848-74-0x0000000000220000-0x0000000000227000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2780-11-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2780-3-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2780-0-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download