Overview

overview

10

Static

static

3

JaffaCakes...ba.dll

windows7-x64

10

JaffaCakes...ba.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2025 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_75322c14a10b2b96ce21eda6c19e92ba.dll

  • Size

    1.3MB

  • MD5

    75322c14a10b2b96ce21eda6c19e92ba

  • SHA1

    87a0258a905cb7ce63ccb60070b036d43c2184f4

  • SHA256

    e8ef13ec78a9d82e088ff03b53c6f8c2ff84ba2cbedc1c8b08971f88a68fc44a

  • SHA512

    59a40f743edace4a52514b95b8ce821827a19827a16c0af57704908caebc1d1c0b67a79ff045805b5d5f1040cc75a730d0f19b6a6b14db9d24a2218ba632b3f5

  • SSDEEP

    12288:M9bvAviE6/WFmTsg2t1TxzGIhRR/xSw7aRlVYxrx6:M9bN/Ypgg1TxqkR9xaEx

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 12 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_75322c14a10b2b96ce21eda6c19e92ba.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2168
  • C:\Windows\system32\consent.exe
    C:\Windows\system32\consent.exe
    1⤵
      PID:1588
    • C:\Users\Admin\AppData\Local\TI7M\consent.exe
      C:\Users\Admin\AppData\Local\TI7M\consent.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      PID:1744
    • C:\Windows\system32\Utilman.exe
      C:\Windows\system32\Utilman.exe
      1⤵
        PID:1700
      • C:\Users\Admin\AppData\Local\T1gJJlb1L\Utilman.exe
        C:\Users\Admin\AppData\Local\T1gJJlb1L\Utilman.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1724
      • C:\Windows\system32\fveprompt.exe
        C:\Windows\system32\fveprompt.exe
        1⤵
          PID:1620
        • C:\Users\Admin\AppData\Local\H7BPSIPu2\fveprompt.exe
          C:\Users\Admin\AppData\Local\H7BPSIPu2\fveprompt.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2076

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\T1gJJlb1L\DUI70.dll
          Filesize

          1.5MB

          MD5

          c8b836c2222b4b9e918f04e4ed2de070

          SHA1

          14ba4258071c976f930b93618b214d6c5754b509

          SHA256

          42b358c0a30c4b44000901604b76675e69811a208bb93b5e87fb645808a5d4f7

          SHA512

          6a506cb617411011b7b63226e73f50220de0037b64bf46a8e323a5171d9612ace82e810ae52f7a0ef5aac243a4c8673f96d6ed5b5b592aca9656f04caf00f8ae

          Download Submit

        • C:\Users\Admin\AppData\Local\TI7M\WTSAPI32.dll
          Filesize

          1.3MB

          MD5

          ffc136a3245f954ca560e9a59ea42a95

          SHA1

          ae47d48b925a21ade14d2ff3284cc50ae5dd05da

          SHA256

          d3198d9dace0cd56bf326b1171ec7f412529690b296baac582fe0f332c4d7e10

          SHA512

          6309a442337ebcf30e39dd1d3837939ab5b7fa9be93ad0bd1079699e0ce62e6cd250212aa8de9d5c6ff12bad6ea150fdc49a44091b6682d55a183dd3e3ac65ae

          Download Submit

        • C:\Users\Admin\AppData\Local\TI7M\consent.exe
          Filesize

          109KB

          MD5

          0b5511674394666e9d221f8681b2c2e6

          SHA1

          6e4e720dfc424a12383f0b8194e4477e3bc346dc

          SHA256

          ccad775decb5aec98118b381eeccc6d540928035cfb955abcb4ad3ded390b79b

          SHA512

          00d28a00fd3ceaeae42ba6882ffb42aa4cc8b92b07a10f28df8e1931df4b806aebdcfab1976bf8d5ce0b98c64da19d4ee06a6315734fa5f885ecd1f6e1ff16a7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Adlnwv.lnk
          Filesize

          1KB

          MD5

          15ec5b703ece5083d23c1d62f544c50c

          SHA1

          f743daca30ab758f2ef366109623cf9b9808e767

          SHA256

          f01f1b6b4b531cde535723521eeb508c40b2b31778e9960dc05d66ea0f577b60

          SHA512

          6a2d64d165c91e36845aa2e4ca5a415c977e8ce99861845b41a45bb18dfd492593b925994c50ba53a605d1ada0a662b72e12059d8ebdf91880504d4b9bdf011b

          Download Submit

        • \Users\Admin\AppData\Local\H7BPSIPu2\fveprompt.exe
          Filesize

          104KB

          MD5

          dc2c44a23b2cd52bd53accf389ae14b2

          SHA1

          e36c7b6f328aa2ab2f52478169c52c1916f04b5f

          SHA256

          7f5b19f2c6a94833196ee1929d48094889b33b504d73d3af88dd857ceaf67921

          SHA512

          ff083f74777a9cfc940d4e0cb55886397e27c85f867de9a5dd9ea2c2751d2a77bf75fe0734e424d9678c83e927788d07d0b3072024f7e5a9848c7ff1aa4090dc

          Download Submit

        • \Users\Admin\AppData\Local\H7BPSIPu2\slc.dll
          Filesize

          1.3MB

          MD5

          30121bb22dd58b98c2ae193b632eca80

          SHA1

          3dd3bbe0b40e8e687b0695eff9c8dda3b777ab3f

          SHA256

          df893057e62ebe6f87fc14a29f78fa4f121cd07d7384a03466e6be6b2c59ab9b

          SHA512

          f2e505e39cf9536c71cf989f2903be715e9d8f76ea93c2c9890ee17c75de206a48669f7404d4c2e60c6056f889559b2ec523de95242cc23350aa28b33a6e0f22

          Download Submit

        • \Users\Admin\AppData\Local\T1gJJlb1L\Utilman.exe
          Filesize

          1.3MB

          MD5

          32c5ee55eadfc071e57851e26ac98477

          SHA1

          8f8d0aee344e152424143da49ce2c7badabb8f9d

          SHA256

          7ca90616e68bc851f14658a366d80f21ddb7a7dd8a866049e54651158784a9ea

          SHA512

          e0943efa81f3087c84a5909c72a436671ee8cc3cc80154901430e83ec7966aac800ad4b26f4a174a0071da617c0982ceda584686c6e2056e1a83e864aca6c975

          Download Submit

        • memory/1200-11-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-29-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-30-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-28-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-27-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-26-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-25-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-24-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-23-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-22-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-21-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-20-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-19-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-18-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-17-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-16-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-14-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-13-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-12-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-3-0x0000000077226000-0x0000000077227000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-10-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-9-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-8-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-37-0x0000000002650000-0x0000000002657000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1200-50-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-52-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-59-0x0000000077226000-0x0000000077227000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-39-0x0000000077490000-0x0000000077492000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-40-0x00000000774C0000-0x00000000774C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-4-0x0000000002B10000-0x0000000002B11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-6-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-7-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-38-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1200-15-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1724-85-0x000007FEF6A00000-0x000007FEF6B78000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1724-84-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1724-89-0x000007FEF6A00000-0x000007FEF6B78000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1744-72-0x000007FEF7660000-0x000007FEF77A5000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1744-69-0x0000000000280000-0x0000000000287000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1744-67-0x000007FEF7660000-0x000007FEF77A5000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2076-101-0x000007FEF6A30000-0x000007FEF6B75000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2076-105-0x000007FEF6A30000-0x000007FEF6B75000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2168-2-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2168-1-0x000007FEF75B0000-0x000007FEF76F4000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2168-43-0x000007FEF75B0000-0x000007FEF76F4000-memory.dmp

          Filesize

          1.3MB

          Download