Overview

overview

10

Static

static

3

JaffaCakes...65.dll

windows7-x64

10

JaffaCakes...65.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2024 06:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_09024a26ea677d735c4a1e3041f73765.dll

  • Size

    1.4MB

  • MD5

    09024a26ea677d735c4a1e3041f73765

  • SHA1

    f624aa4dc24cd5df1546737fed4da1bee587a279

  • SHA256

    92a1adc462adbf747ec142eeeab2dc55aa0e809c678116fad23ea8c8a80ad1cf

  • SHA512

    cfe7cc6a44a331b23eecc95af148e9f220b9ac5eb2b0dc241c29499f9f8d16124ff096c56161d824786034fc11ac054ca37e513494d5522505708fc7c3aa5160

  • SSDEEP

    12288:ddMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:TMIJxSDX3bqjhcfHk7MzH6z

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_09024a26ea677d735c4a1e3041f73765.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2916
  • C:\Windows\system32\ApplicationFrameHost.exe
    C:\Windows\system32\ApplicationFrameHost.exe
    1⤵
      PID:4896
    • C:\Users\Admin\AppData\Local\zrRx\ApplicationFrameHost.exe
      C:\Users\Admin\AppData\Local\zrRx\ApplicationFrameHost.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1268
    • C:\Windows\system32\phoneactivate.exe
      C:\Windows\system32\phoneactivate.exe
      1⤵
        PID:4016
      • C:\Users\Admin\AppData\Local\3PIgK\phoneactivate.exe
        C:\Users\Admin\AppData\Local\3PIgK\phoneactivate.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4736
      • C:\Windows\system32\sethc.exe
        C:\Windows\system32\sethc.exe
        1⤵
          PID:3016
        • C:\Users\Admin\AppData\Local\Ytwp\sethc.exe
          C:\Users\Admin\AppData\Local\Ytwp\sethc.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1616

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\3PIgK\SLC.dll
          Filesize

          1.4MB

          MD5

          940fe0c8646986308870352e39a09eac

          SHA1

          25fd8a4cc95c8cb4763de5f4f3cc897dbcdfa976

          SHA256

          c11263df72a1324857ab3b0a9f4dbecf81178df8a48092d78fa2caad3bb6ecff

          SHA512

          2c07e49e831c28e754213719d4c97c1533d31c9ff2fe3b73fe99350d6a8624168bc832fc48a4c96a92da4ec21102f11b23184431b8daafb68ff860900aabbdcb

          Download Submit

        • C:\Users\Admin\AppData\Local\3PIgK\phoneactivate.exe
          Filesize

          107KB

          MD5

          32c31f06e0b68f349f68afdd08e45f3d

          SHA1

          e4b642f887e2c1d76b6b4777ade91e3cb3b9e27c

          SHA256

          cea83eb34233fed5ebeef8745c7c581a8adbefbcfc0e30e2d30a81000c821017

          SHA512

          fe61764b471465b164c9c2202ed349605117d57ceb0eca75acf8bda44e8744c115767ee0caed0b7feb70ba37b477d00805b3fdf0d0fa879dd4c8e3c1dc1c0d26

          Download Submit

        • C:\Users\Admin\AppData\Local\Ytwp\DUI70.dll
          Filesize

          1.7MB

          MD5

          b268a61fe3208005bc02716c39d814b2

          SHA1

          818c043a4418eb4f44f1ee63ef2b9a41a3cd3371

          SHA256

          d749925b87a5fd6b19e866843839c924f7ab71950848ac39fa3109f4c79d6a5b

          SHA512

          ce330cc0791456ef9481cd899331f90579128643d6e6a9f6d3275480ff22c9262f3d8820a7b4396c9f5d850f97faf9833e2aa41ea53f66742a9ce7782c6b93b6

          Download Submit

        • C:\Users\Admin\AppData\Local\Ytwp\sethc.exe
          Filesize

          104KB

          MD5

          8ba3a9702a3f1799431cad6a290223a6

          SHA1

          9c7dc9b6830297c8f759d1f46c8b36664e26c031

          SHA256

          615b2f2d7e3fce340839a9b54bdc3445eb2333d0fafee477d6113379e90935b8

          SHA512

          680c216d54f4fd2a14f0398e4461c8340ac15acdca75c36a42083625e1081d5e7d262c4c12296b6f21ba2f593f92816edf1c9a0cf4cbee23588e590713b87746

          Download Submit

        • C:\Users\Admin\AppData\Local\zrRx\ApplicationFrameHost.exe
          Filesize

          76KB

          MD5

          d58a8a987a8dafad9dc32a548cc061e7

          SHA1

          f79fc9e0ab066cad530b949c2153c532a5223156

          SHA256

          cf58e424b86775e6f2354291052126a646f842fff811b730714dfbbd8ebc71a4

          SHA512

          93df28b65af23a5f82124ba644e821614e2e2074c98dbb2bd7319d1dfe9e2179b9d660d7720913c79a8e7b2f8560440789ad5e170b9d94670589885060c14265

          Download Submit

        • C:\Users\Admin\AppData\Local\zrRx\dxgi.dll
          Filesize

          1.4MB

          MD5

          d8869ae3f88cfa6cf329021615f5ca50

          SHA1

          6784f93a48ab96c93224443fbeff01b88edde98a

          SHA256

          8c090ad1a31d636519ec6d634039714c9879f266f8ef4843e8ec226375c4c322

          SHA512

          4bb7d601dc85042ba6a0b0bba8539945d3605c64b02052abb91df648447711ff1392ed0223691df5e9b86f726949ba470dab7badb14c27fc786fe8ed8c01c41f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ehuvmtvuxjwd.lnk
          Filesize

          1KB

          MD5

          15102e74ba9ccae411cf0c160b26a7e2

          SHA1

          52dfe3117fb4b66a11a045217c10a7611aea22da

          SHA256

          7edcf2ac3b5cd13b2629c6edb615a1c165377efc9802fcace6fd04bcd012f926

          SHA512

          b76b78d24022b7b5090701477df10254191e2d74964ec1eaa878948a263e2e2087930f540c3862b85f1199dded6fc73374ae914165b558582bd2167e6ac1b839

          Download Submit

        • memory/1268-74-0x0000000140000000-0x0000000140164000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1268-72-0x0000000140000000-0x0000000140164000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1268-75-0x000001EEF6C10000-0x000001EEF6C17000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1268-79-0x0000000140000000-0x0000000140164000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1616-111-0x000002597B5A0000-0x000002597B5A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1616-114-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1616-110-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1616-108-0x0000000140000000-0x00000001401A9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2916-1-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2916-65-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2916-0-0x000001F300AD0000-0x000001F300AD7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3452-37-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-9-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-32-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-31-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-29-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-30-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-28-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-24-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-26-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-25-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-23-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-22-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-21-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-20-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-19-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-18-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-16-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-15-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-14-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-13-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-12-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-11-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-10-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-34-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-8-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-7-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-41-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-33-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-35-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-36-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-38-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-39-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-40-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-50-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-51-0x00007FFE153A0000-0x00007FFE153B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3452-52-0x00007FFE15390000-0x00007FFE153A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3452-56-0x0000000000CC0000-0x0000000000CC7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3452-3-0x00007FFE1345A000-0x00007FFE1345B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3452-4-0x00000000029D0000-0x00000000029D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3452-62-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-42-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-27-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-6-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3452-17-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/4736-95-0x0000000140000000-0x0000000140164000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/4736-92-0x000001A31FF40000-0x000001A31FF47000-memory.dmp

          Filesize

          28KB

          Download