Overview

overview

10

Static

static

3

JaffaCakes...22.dll

windows7-x64

10

JaffaCakes...22.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2024 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_017b4ac769b9974ed13369628c61fe22.dll

  • Size

    1.3MB

  • MD5

    017b4ac769b9974ed13369628c61fe22

  • SHA1

    79d831636d907bf0dc307de55f54e2204965d99f

  • SHA256

    91d2541d318fb264fad336bc2749717b9eb3daed2ac689213c669e975bf7ac90

  • SHA512

    cd643aa6f4f59811dd939dde388a39b801109a84757ee65d316169db30aff797fa9bdff0610933b5ca44c8b86e1bf1d8f69b82aa26e47add1d570d9e3eff885a

  • SSDEEP

    12288:4VgTshBl6L55p615Xw9sJwgApyUhsRbE8X7xYL0yeYiJh0T:XgxI/c5g6JpAcUIbEN0y4

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_017b4ac769b9974ed13369628c61fe22.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:916
  • C:\Windows\system32\Dxpserver.exe
    C:\Windows\system32\Dxpserver.exe
    1⤵
      PID:2856
    • C:\Users\Admin\AppData\Local\cT6kzt3qD\Dxpserver.exe
      C:\Users\Admin\AppData\Local\cT6kzt3qD\Dxpserver.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2236
    • C:\Windows\system32\DevicePairingWizard.exe
      C:\Windows\system32\DevicePairingWizard.exe
      1⤵
        PID:3416
      • C:\Users\Admin\AppData\Local\DaWrk\DevicePairingWizard.exe
        C:\Users\Admin\AppData\Local\DaWrk\DevicePairingWizard.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2520
      • C:\Windows\system32\ie4ushowIE.exe
        C:\Windows\system32\ie4ushowIE.exe
        1⤵
          PID:2860
        • C:\Users\Admin\AppData\Local\O0RrEQ5\ie4ushowIE.exe
          C:\Users\Admin\AppData\Local\O0RrEQ5\ie4ushowIE.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3248

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\DaWrk\DevicePairingWizard.exe
          Filesize

          93KB

          MD5

          d0e40a5a0c7dad2d6e5040d7fbc37533

          SHA1

          b0eabbd37a97a1abcd90bd56394f5c45585699eb

          SHA256

          2adaf3a5d3fde149626e3fef0e943c7029a135c04688acf357b2d8d04c81981b

          SHA512

          1191c2efcadd53b74d085612025c44b6cd54dd69493632950e30ada650d5ed79e3468c138f389cd3bc21ea103059a63eb38d9d919a62d932a38830c93f57731f

          Download Submit

        • C:\Users\Admin\AppData\Local\DaWrk\MFC42u.dll
          Filesize

          1.3MB

          MD5

          620ad781d514ddbe3329417804d31dba

          SHA1

          aa805679a41af677d3b1ff62cbddfbc98d7f8992

          SHA256

          361bc7527b8a647d40c71fc52c59fe382eb74fb3de094e86df3708e8467b7733

          SHA512

          bd9bbdfea0ccbf3e632e1c2ba63ac9da9f1b5d97a4d6896e1740a6d0b9ae4520133eecbd432ca0962419afdc112d8b81f32b09b22ea8ea4ee1daac322708e18c

          Download Submit

        • C:\Users\Admin\AppData\Local\O0RrEQ5\VERSION.dll
          Filesize

          1.3MB

          MD5

          79a07e315f7b9873a8252dac0e3d8534

          SHA1

          bd9b7dd4e6a9d3060afdda513c252c4c5dc7cd34

          SHA256

          cb34ba8a51893be6cea3ee0b4cc077b30875d6d805fa0b699e20c6c0fe29bbdf

          SHA512

          2c847047e6d99e045c394cf154e036c23cba6b6732c71812f2bbb99293b7cb33b13ce2898801678f76ef4796e83c157773cb0a71c7726c983e9cef6106b2292a

          Download Submit

        • C:\Users\Admin\AppData\Local\O0RrEQ5\ie4ushowIE.exe
          Filesize

          76KB

          MD5

          9de952f476abab0cd62bfd81e20a3deb

          SHA1

          109cc4467b78dad4b12a3225020ea590bccee3e6

          SHA256

          e9cb6336359ac6f71ac75af2836efb28daa3bafd10a1f0b775dcdc2ec8850a6b

          SHA512

          3cbe50a146ca50b0657a78a2d89a34630c69823005668906785b2d2015cc6139c8dbbf7aefa5fe55957ef55ae06e758933b3b41eaf822e49dba3b7700582e2c9

          Download Submit

        • C:\Users\Admin\AppData\Local\cT6kzt3qD\Dxpserver.exe
          Filesize

          310KB

          MD5

          6344f1a7d50da5732c960e243c672165

          SHA1

          b6d0236f79d4f988640a8445a5647aff5b5410f7

          SHA256

          b1081651ac33610824e2088ff64d1655993dd3d6073af1e5ffe0b4a0027f502f

          SHA512

          73f6fa01b880e6619fafa065c171bd0a2b7b2d908762b5aca15f2b8d856b5501b3884e3566ef9b8032c8cbf9bb15116e60c22fded4656c8857c974cda4213d65

          Download Submit

        • C:\Users\Admin\AppData\Local\cT6kzt3qD\XmlLite.dll
          Filesize

          1.3MB

          MD5

          2b49bb1b6f4133b699bf3bbb1983320a

          SHA1

          6335b1ca415c5bbc0e8254a2d148d2dce127b918

          SHA256

          8957a5fa88158d656e495f47cdcc19e01900c30f9e7b040aa2b220fc4f9e13f3

          SHA512

          cf7276697b57373cf580518071c318bf1accfb15e01c9847975600fa0bf291cf67660a0d70d9e8fc6d0638dbcd3b13f326afa9c75df22fee9e7c9808ff520c85

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Zcgcwwxuxxxcbkn.lnk
          Filesize

          1KB

          MD5

          fc0ed89adec1120a1295ce02cc4a8f21

          SHA1

          6878b313e3c12b9edf149cd39d1ae0c87d3a2068

          SHA256

          6302e7a8ac25a8cb7bd9a988db19ef6d72bf1bd5818ce331399b8d0a0b46fda0

          SHA512

          ef97042a3bed8105faaf2ab25156183f53e2d23f53b9b38ce8a16f3351d01c2d8e31eaf57c2b4db42a307d1c55018c845a4d4167b8627e17c9686d07a1854117

          Download Submit

        • memory/916-3-0x000001B3A6600000-0x000001B3A6607000-memory.dmp

          Filesize

          28KB

          Download

        • memory/916-2-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/916-0-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/916-51-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2236-58-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2236-60-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2236-64-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2236-59-0x0000012792880000-0x0000012792887000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2520-76-0x000002867D880000-0x000002867D887000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2520-75-0x0000000140000000-0x0000000140149000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2520-77-0x0000000140000000-0x0000000140149000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2520-82-0x0000000140000000-0x0000000140149000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3248-93-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3248-96-0x000001AA6F080000-0x000001AA6F087000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3248-100-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-37-0x00007FFF5BB80000-0x00007FFF5BB90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3428-22-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-14-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-13-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-11-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-10-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-9-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-8-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-7-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-16-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-17-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-20-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-21-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-15-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-23-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-24-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-26-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-35-0x0000000000670000-0x0000000000677000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3428-36-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-47-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-38-0x00007FFF5BB70000-0x00007FFF5BB80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3428-27-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-25-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-12-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-18-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-19-0x0000000140000000-0x0000000140142000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3428-6-0x00007FFF5AEDA000-0x00007FFF5AEDB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3428-4-0x00000000024E0000-0x00000000024E1000-memory.dmp

          Filesize

          4KB

          Download