Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
06-01-2025 07:54
General
-
Target
JaffaCakes118_1784eed86f9255db0efbd5ddbf4b2560.dll
-
Size
1.2MB
-
MD5
1784eed86f9255db0efbd5ddbf4b2560
-
SHA1
21c51a0ba1ef68404534c414c1fd58f2c4f0825b
-
SHA256
cdde0dfafa869cbf727ef47da712cf20a795006a434065252fa06fd4ab9506a5
-
SHA512
cd5e93ef7b25c30a08f6c1febab3913b89542fbff0f1f4bca55bd54b0b43a6c63b2fa8f152777dfa8bd3236a3d52150f963abe26c58013c29941c6a29c1d46b4
-
SSDEEP
12288:8VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1q:JfP7fWsK5z9A+WGAW+V5SB6Ct4bnbq
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Drops startup file 3 IoCs
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1784eed86f9255db0efbd5ddbf4b2560.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\SystemPropertiesHardware.exeC:\Windows\system32\SystemPropertiesHardware.exe1⤵
-
C:\Users\Admin\AppData\Local\XIl\SystemPropertiesHardware.exeC:\Users\Admin\AppData\Local\XIl\SystemPropertiesHardware.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\BitLockerWizardElev.exeC:\Windows\system32\BitLockerWizardElev.exe1⤵
-
C:\Users\Admin\AppData\Local\pVA9\BitLockerWizardElev.exeC:\Users\Admin\AppData\Local\pVA9\BitLockerWizardElev.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\rdpinput.exeC:\Windows\system32\rdpinput.exe1⤵
-
C:\Users\Admin\AppData\Local\CNFLw82\rdpinput.exeC:\Users\Admin\AppData\Local\CNFLw82\rdpinput.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD590a911ccb74a3096cec3aed7f354e358
SHA1368523cb96e286bb296fb947a10bdcb3abdb09b5
SHA2569a8187e04d7c9c5b69dd7a1cc5fb5a0f5baa8acb16a96385433d4a02c4ec92ad
SHA512a04742bb2fc61b78720dae9c320272a5b1a0f0928de5fbb0e5124c9f21a16d7e9bbdfc5085883f384b92fcd4accd37ef4c5bc2e734ecbc39c30a6362157bb5e7
-
Filesize
180KB
MD5bd99eeca92869f9a3084d689f335c734
SHA1a2839f6038ea50a4456cd5c2a3ea003e7b77688c
SHA25639bfb2214efeed47f4f5e50e6dff05541e29caeb27966520bdadd52c3d5e7143
SHA512355433c3bbbaa3bcb849633d45713d8a7ac6f87a025732fbe83e259ec3a0cb4eabb18239df26609453f9fc6764c7276c5d0472f11cf12d15ef806aa7594d090e
-
Filesize
1.2MB
MD547c89d05126c623811418b74c74ee1fa
SHA199c20cc207f0fe78495e9fa722187dc30e0e276f
SHA2569d5898d8a9722f86784cbecd8e05c4b6afde83d53bb552c268890c51f0229e35
SHA51256616fad1461db53c1ca64f699ff97f9386e68079b69ced3b62fbf50ea8b2e04193c9a46906fb6a5e96ededed7c52ed947600c59bf342075d43415bccd829c13
-
Filesize
82KB
MD5bf5bc0d70a936890d38d2510ee07a2cd
SHA169d5971fd264d8128f5633db9003afef5fad8f10
SHA256c8ebd920399ebcf3ab72bd325b71a6b4c6119dfecea03f25059a920c4d32acc7
SHA5120e129044777cbbf5ea995715159c50773c1818fc5e8faa5c827fd631b44c086b34dfdcbe174b105891ccc3882cc63a8664d189fb6a631d8f589de4e01a862f51
-
Filesize
100KB
MD58ac5a3a20cf18ae2308c64fd707eeb81
SHA131f2f0bdc2eb3e0d2a6cd626ea8ed71262865544
SHA256803eb37617d450704766cb167dc9766e82102a94940a26a988ad26ab8be3f2f5
SHA51285d0e28e4bffec709f26b2f0d20eb76373134af43bcaa70b97a03efa273b77dd4fbd4f6ee026774ce4029ab5a983aea057111efcd234ab1686a9bd0f7202748b
-
Filesize
1.2MB
MD536d5dd9736de1e18b40798906439b408
SHA1bb17157076edb114ee1c51073e686c2a6a7f9b0c
SHA25686e683d7e2ddbb36602f6435ccd9e13174b7ac3c7066f192c8ef4a3b10c0b715
SHA512028adec25fcc4d454a00a995bda6630986be3be4e9348da43b67d5e7fad7e388fadd747a431ce23661287117ae29d9389eb956a548176840bec9deced8e967f6
-
Filesize
1KB
MD59c183efed82721e2e2d8c03dfec22055
SHA1f19c3a7e6bdf0ff65cc2ec7653ed2d50bd718aaf
SHA25604a11a6a864b0818db78674ca99c6b44c0ce2c8ff34a9610115899e3b3b12c1a
SHA51213be75b595b02f7b3521fe4422261f1b1ccb0798d505301b1adfb786e018409631cf84913c688b9aad065f56f01592c51aaf0a83fbaec2d022a282afad1299e3
-
Filesize
28KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
28KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
28KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
28KB
-
Filesize
64KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
28KB