Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06-01-2025 07:54
General
-
Target
JaffaCakes118_1784eed86f9255db0efbd5ddbf4b2560.dll
-
Size
1.2MB
-
MD5
1784eed86f9255db0efbd5ddbf4b2560
-
SHA1
21c51a0ba1ef68404534c414c1fd58f2c4f0825b
-
SHA256
cdde0dfafa869cbf727ef47da712cf20a795006a434065252fa06fd4ab9506a5
-
SHA512
cd5e93ef7b25c30a08f6c1febab3913b89542fbff0f1f4bca55bd54b0b43a6c63b2fa8f152777dfa8bd3236a3d52150f963abe26c58013c29941c6a29c1d46b4
-
SSDEEP
12288:8VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1q:JfP7fWsK5z9A+WGAW+V5SB6Ct4bnbq
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1784eed86f9255db0efbd5ddbf4b2560.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\msdtc.exeC:\Windows\system32\msdtc.exe1⤵
-
C:\Users\Admin\AppData\Local\d6pUW43rL\msdtc.exeC:\Users\Admin\AppData\Local\d6pUW43rL\msdtc.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\dccw.exeC:\Windows\system32\dccw.exe1⤵
-
C:\Users\Admin\AppData\Local\f79AkzLC\dccw.exeC:\Users\Admin\AppData\Local\f79AkzLC\dccw.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\OptionalFeatures.exeC:\Windows\system32\OptionalFeatures.exe1⤵
-
C:\Users\Admin\AppData\Local\Gpo4Mpa5t\OptionalFeatures.exeC:\Users\Admin\AppData\Local\Gpo4Mpa5t\OptionalFeatures.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD5d87620929616a53672ea3b6fe46449bc
SHA1d22c7a905ac5281d532c6811bef5df4c0f3ea785
SHA2560261d60a32432ebd3e3d95f9bbe06441c68261c926c2fdf1a7f5b069aa8f66a4
SHA512161d05e57fba1b1727f5fa6ac9b4f1342c780d26e266f878fe8acc31115cbb08702f5a765d1d65958a179c304396046e5d1ccff0242c59df894ce31194bdc241
-
Filesize
1.2MB
MD51cdbb68bf0c5d5ecb5c5c1ebef48b0f7
SHA123607874ed9e0b0ea9e8199f8e1839428bf11469
SHA2565d3344e385504de372ea3ef7e7d985f9202c63d19ef926b644a51c636e224396
SHA512a364f408653b7888fbb0702f6cb95e7e3ade6fc5de9e9b86ac2ab8ab162e0e5f53d583824f22d05f6aae32f3ea355246df8f4d395689c4f4a0a6c08ad67b1540
-
Filesize
138KB
MD5de0ece52236cfa3ed2dbfc03f28253a8
SHA184bbd2495c1809fcd19b535d41114e4fb101466c
SHA2562fbbec4cacb5161f68d7c2935852a5888945ca0f107cf8a1c01f4528ce407de3
SHA51269386134667626c60c99d941c8ab52f8e5235e3897b5af76965572287afd5dcd42b8207a520587844a57a268e4decb3f3c550e5b7a06230ee677dc5e40c50bb3
-
Filesize
1.2MB
MD5bbf750ca62550379f93b28f0912614c5
SHA16072e908befd7b5e96e900b46cddbd6f7dd0c2ca
SHA2565ae64ac3da30b6f6b0f3acf1b1790e3c8d1ebb41f143816178b9c6628a815a8e
SHA5120d70272bcb3b327651c4c0c7fabcc24480d866e830452cb8202d9ae4edefb25f486d1880230fbe98c4988b8b1e3794fde61324f5f4019eae7d4f7b56b0f516b7
-
Filesize
1KB
MD533031d2942806641bb3b407eea4143d5
SHA1114fb55b92a52e44a7162016f77c3b68b3731e1a
SHA25643aa25c9ee140d4cbaf7413e68f68c6626a5d3d88733005a8f4982956f38569e
SHA512b27cc5bbf702733b8afba58340dcb5d4b0739d0e85a8d7424cbf769853e2dd04b0d3849d6770b6625b4c28da04907e4ce98bf48f106106543e11e3312c637b37
-
Filesize
95KB
MD5eae7af6084667c8f05412ddf096167fc
SHA10dbe8aba001447030e48e8ad5466fd23481e6140
SHA25601feebd3aca961f31ba4eac45347b105d1c5772627b08f5538047721b61ff9bc
SHA512172a8accaa35a6c9f86713a330c5899dfeeffe3b43413a3d276fc16d45cd62ed9237aa6bff29cc60a2022fba8dcc156959723c041df4b7463436a3bdabef2a9d
-
Filesize
861KB
MD5a46cee731351eb4146db8e8a63a5c520
SHA18ea441e4a77642e12987ac842b36034230edd731
SHA256283526a98a83524d21ff23f9109754c6587380b67f74cc02a9a4cd56fdb720d5
SHA5123573c0ae21406db0c6fdda7c065fabde03235bde7f5589910822500bdfa37144f59f6e58e753e7347b899998db1dcb28050ac5a4e2c611558ae5fa405fbbc5cc
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
28KB
-
Filesize
8KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
28KB