Overview

overview

10

Static

static

3

JaffaCakes...28.dll

windows7-x64

10

JaffaCakes...28.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2025 08:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_979cd2c035dbce6d66b94e537870a428.dll

  • Size

    828KB

  • MD5

    979cd2c035dbce6d66b94e537870a428

  • SHA1

    e58fc8c4ecf4a730ca1f761ec4fcd55c40961b60

  • SHA256

    e269355445b70397f7c8607c12c5010fa25010717851dce4318e120d43aa60e7

  • SHA512

    b10644228a0805909c0343f45ed26066a75c9cc7e19554cd3d31381a2b36ef6369c87d436ae53af5eccb55a9b434ca238fda584952bd229ee6d80328a55f4d2f

  • SSDEEP

    12288:qdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:MMIJxSDX3bqjhcfHk7MzH6z

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 12 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_979cd2c035dbce6d66b94e537870a428.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3012
  • C:\Windows\system32\CameraSettingsUIHost.exe
    C:\Windows\system32\CameraSettingsUIHost.exe
    1⤵
      PID:4840
    • C:\Users\Admin\AppData\Local\edl1UgEYg\CameraSettingsUIHost.exe
      C:\Users\Admin\AppData\Local\edl1UgEYg\CameraSettingsUIHost.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4144
    • C:\Windows\system32\MDMAppInstaller.exe
      C:\Windows\system32\MDMAppInstaller.exe
      1⤵
        PID:2188
      • C:\Users\Admin\AppData\Local\MR1S\MDMAppInstaller.exe
        C:\Users\Admin\AppData\Local\MR1S\MDMAppInstaller.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2432
      • C:\Windows\system32\wextract.exe
        C:\Windows\system32\wextract.exe
        1⤵
          PID:460
        • C:\Users\Admin\AppData\Local\PrhxI\wextract.exe
          C:\Users\Admin\AppData\Local\PrhxI\wextract.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1368

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\MR1S\MDMAppInstaller.exe
          Filesize

          151KB

          MD5

          30e978cc6830b04f1e7ed285cccaa746

          SHA1

          e915147c17e113c676c635e2102bbff90fb7aa52

          SHA256

          dc821931f63117962e2266acd3266e86bf8116d4a14b3adbebfade1d40b84766

          SHA512

          331923fa479f71c4c80b0e86ea238628666f95b6cf61cf4d741ae4a27ea2b8c636864dfac543d14599b4873f3b2ab397d07c4e4c17aca3f3b4e5871e24e50214

          Download Submit

        • C:\Users\Admin\AppData\Local\MR1S\WTSAPI32.dll
          Filesize

          832KB

          MD5

          a312e4b75cdadf04031be82cccf99ebc

          SHA1

          9fc6ad9175be6c2c3134fefec2c9c774c3e82923

          SHA256

          c72a592de1a367dc677d41d2ef023d8ead603de4c51325bcea0f2fbb72937961

          SHA512

          b22ad64015804fadbb252ca51b973d52eb459312c63bb8ccbc48d51dd47c2e220c05b4566f72134bd6a8d873028f95784e3363655a294c6b2eda5817e4326a77

          Download Submit

        • C:\Users\Admin\AppData\Local\PrhxI\VERSION.dll
          Filesize

          832KB

          MD5

          84c6508fccbbe1de05d313c3dcd50ea2

          SHA1

          5e676bb50c7a56f19770b0b5d0a517754df61ded

          SHA256

          45ac7dfdf10208f3e2534334543f308e5b16ca590d72dec661e217a3a9b2f925

          SHA512

          a812857521c092df52d427c36fe4c7d46b3b34648c39d3b8b2cff7170b80a0ae347e2ad612ec03d8b934bdeb9fdcac2dd0637ecb3d55bf5565f8503615d10133

          Download Submit

        • C:\Users\Admin\AppData\Local\PrhxI\wextract.exe
          Filesize

          143KB

          MD5

          56e501e3e49cfde55eb1caabe6913e45

          SHA1

          ab2399cbf17dbee7b302bea49e40d4cee7caea76

          SHA256

          fbb6dc62abeeb222b49a63f43dc6eea96f3d7e9a8da55381c15d57a5d099f3e0

          SHA512

          2b536e86cbd8ab026529ba2c72c0fda97e9b6f0bc4fd96777024155852670cb41d17937cde372a44cdbad3e53b8cd3ef1a4a3ee9b34dfb3c2069822095f7a172

          Download Submit

        • C:\Users\Admin\AppData\Local\edl1UgEYg\CameraSettingsUIHost.exe
          Filesize

          31KB

          MD5

          9e98636523a653c7a648f37be229cf69

          SHA1

          bd4da030e7cf4d55b7c644dfacd26b152e6a14c4

          SHA256

          3bf20bc5a208dfa1ea26a042fd0010b1268dcfedc94ed775f11890bc1d95e717

          SHA512

          41966166e2ddfe40e6f4e6da26bc490775caac9997465c6dd94ba6a664d3a797ffc2aa5684c95702e8657e5cea62a46a75aee3e7d5e07a47dcaaa5c4da565e78

          Download Submit

        • C:\Users\Admin\AppData\Local\edl1UgEYg\DUI70.dll
          Filesize

          1.1MB

          MD5

          9ee7ea9ea170cba5fed46784ee684867

          SHA1

          373f90138189487d5231dfbd71379e8e43dd3f9a

          SHA256

          f2b6c936b87f4b0a8e657522c93d3868f2c3b2d73e24bfa40213580ab6ec978d

          SHA512

          e3a751ea160557c41cfdfcb4d02f4c16bfe6ad3993478f77ddd44475a0ace1b1c446d67fbcd8e48f4e2f10f77c8786993b63ab44f228433f26ba60725637bdbe

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Iyqor.lnk
          Filesize

          1KB

          MD5

          8b825b6fa8b62f02525c7e3bbbb218f1

          SHA1

          f82e7c45725b7f738636fb3aa020b034e6f39b28

          SHA256

          3c667cdbb68ddb4268a2a2b1f0a2e2c5129c8467bbc94b769d84d7cdb3c57a4a

          SHA512

          57924569cb7f796b1200ceb08e1a9b790c641c8c71b4df231c7ded043e8d52f9d0b8fc3c62c0d25dbab4e77a4423ea27806b678a9e0b2114ecbe27b6034cb905

          Download Submit

        • memory/1368-114-0x0000000140000000-0x00000001400D0000-memory.dmp

          Filesize

          832KB

          Download

        • memory/1368-110-0x0000000140000000-0x00000001400D0000-memory.dmp

          Filesize

          832KB

          Download

        • memory/1368-111-0x000001AB5A110000-0x000001AB5A117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2432-97-0x0000000140000000-0x00000001400D0000-memory.dmp

          Filesize

          832KB

          Download

        • memory/2432-90-0x0000000140000000-0x00000001400D0000-memory.dmp

          Filesize

          832KB

          Download

        • memory/2432-93-0x0000024890930000-0x0000024890937000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2432-92-0x0000000140000000-0x00000001400D0000-memory.dmp

          Filesize

          832KB

          Download

        • memory/3012-65-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3012-1-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3012-3-0x0000020F6C930000-0x0000020F6C937000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3012-2-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-26-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-15-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-38-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-37-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-36-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-35-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-34-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-33-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-32-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-31-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-30-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-29-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-28-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-27-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-40-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-24-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-23-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-20-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-21-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-19-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-18-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-17-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-16-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-39-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-14-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-13-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-12-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-11-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-10-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-9-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-8-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-7-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-6-0x00007FFF62AEA000-0x00007FFF62AEB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3500-4-0x0000000002670000-0x0000000002671000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3500-51-0x00007FFF64140000-0x00007FFF64150000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3500-52-0x00007FFF64130000-0x00007FFF64140000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3500-61-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-50-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-49-0x0000000000CE0000-0x0000000000CE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3500-41-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-25-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/3500-22-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/4144-74-0x0000000140000000-0x0000000140115000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4144-75-0x0000022EE8EA0000-0x0000022EE8EA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4144-72-0x0000000140000000-0x0000000140115000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4144-79-0x0000000140000000-0x0000000140115000-memory.dmp

          Filesize

          1.1MB

          Download