Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
31-12-2024 12:29
General
-
Target
JaffaCakes118_1b5fc75cf7f17eb8d9d318b771073b45.dll
-
Size
1.4MB
-
MD5
1b5fc75cf7f17eb8d9d318b771073b45
-
SHA1
8c25138e7db9e384da66bcf7fdb1697ab9efafbc
-
SHA256
82288b7e8104a0143320ded6d208837fdacbd5046c0a1e064297a7055b5b8f8e
-
SHA512
15af9016735a827ca76c0c874641043d3782f9eb3c8c65f08cf37d007188a9af78bc32b526db164981dc6c750fbb751d58180a38636c6c94ebe1c8aa59dc512e
-
SSDEEP
12288:LdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:JMIJxSDX3bqjhcfHk7MzH6z
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Dridex payload 10 IoCs
Detects Dridex x64 core DLL in memory.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1b5fc75cf7f17eb8d9d318b771073b45.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\unregmp2.exeC:\Windows\system32\unregmp2.exe1⤵
-
C:\Users\Admin\AppData\Local\XrYGOFlzK\unregmp2.exeC:\Users\Admin\AppData\Local\XrYGOFlzK\unregmp2.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\rstrui.exeC:\Windows\system32\rstrui.exe1⤵
-
C:\Users\Admin\AppData\Local\wTG28i\rstrui.exeC:\Users\Admin\AppData\Local\wTG28i\rstrui.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\mfpmp.exeC:\Windows\system32\mfpmp.exe1⤵
-
C:\Users\Admin\AppData\Local\Cly\mfpmp.exeC:\Users\Admin\AppData\Local\Cly\mfpmp.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD54e8f0cc2fdf346c14b5e61a723decec8
SHA1ae6f65ded1de9e9b7e5ffe6cbfd4cc6fb0649fae
SHA256798194b7006bdbb91917ae7522a307c52d66491723a62b52291c739ffae4902b
SHA512575beacc99cda54f8ab50bfcad5ca8335378b7552d4a8fe66cda4e0a573a74cd75d15553040d51c5dc98c5d3099b39cce3dedb7dff9ee908d56e07386fd0be33
-
Filesize
46KB
MD58f8fd1988973bac0c5244431473b96a5
SHA1ce81ea37260d7cafe27612606cf044921ad1304c
SHA25627287ac874cef86be03aee7b6d34fdc3bd208070ed20e44621a305865fb7579e
SHA512a91179e1561168b3b58f5ca893bce425d35f4a02aec20ac3d6fb944f5eb3c06b0a1b9d9f3fb9ea87869d65671d2b89b4ae19acf794372bdbd27f5e9756c5a8ab
-
Filesize
1.4MB
MD5867172c56ad20831e542f029abcce6e9
SHA1f722558a58cb0df0a33fd2390b68f8f1c412de54
SHA2562211ea3e179df93bae60e8d10979a58e84a2bc7c68b03d179792462135d3c475
SHA5122b121f80893d67edf1d919e6a09b702cdcc2cbae598ac8834685b689485fe27ce0c3e047bfbee962cee148f4fe1711fd95df20faff412c0cb22a67cc6224be50
-
Filesize
259KB
MD5a6fc8ce566dec7c5873cb9d02d7b874e
SHA1a30040967f75df85a1e3927bdce159b102011a61
SHA25621f41fea24dddc8a32f902af7b0387a53a745013429d8fd3f5fa6916eadc839d
SHA512f83e17dd305eb1bc24cca1f197e2440f9b501eafb9c9d44ede7c88b1520030a87d059bdcb8eadeac1eaedabcbc4fe50206821965d73f0f6671e27edd55c01cbc
-
Filesize
1.4MB
MD523d93bdcc67bfae1d367281ae62caa8a
SHA1c0fd964d75cadb40359bc080a3541c496e68f8ff
SHA2565b0aaa24fcce54b3d57be830989c98647e58176f15269cd61bae80ab6e676b75
SHA512efa02f88eae1c7b93fdd575fa311fb7079f3332f4f3aa1524289be69462cb758b768501b9d9c7baaa29016ffc013e43183029b9ad5457681749b43fb85c1ffb0
-
Filesize
268KB
MD54cad10846e93e85790865d5c0ab6ffd9
SHA18a223f4bab28afa4c7ed630f29325563c5dcda1a
SHA2569ddcfcaf2ebc810cc2e593446681bc4ccbad39756b1712cf045db8dee6310b4b
SHA512c0db44de0d35a70277f8621a318c5099378da675376e47545cfbfa7412e70a870fd05c92e0d6523ea2e0139d54d9eeaed14973762341fa3154406ae36f4ce7c6
-
Filesize
1KB
MD56dd2757c1fde6010b5c6be0ead6e4b95
SHA14508b4d04f4b2a0bd33e8e1e315209603ff7bb73
SHA256be0a85767764d236035d15c32cb70cec9ac75cdaeb01e77524a5a31e871a1aad
SHA51225b78fc3bf77d294371836066b453ecedaf782be815dd5b7041c72a876113a43b23cb96b66397041d521c299189bca125e673251099a8be3aed109229439f62d
-
Filesize
1.4MB
-
Filesize
28KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
64KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
28KB
-
Filesize
1.4MB
-
Filesize
64KB
-
Filesize
1.4MB
-
Filesize
28KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
28KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
28KB