Overview

overview

10

Static

static

3

JaffaCakes...ba.dll

windows7-x64

10

JaffaCakes...ba.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2025 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_75322c14a10b2b96ce21eda6c19e92ba.dll

  • Size

    1.3MB

  • MD5

    75322c14a10b2b96ce21eda6c19e92ba

  • SHA1

    87a0258a905cb7ce63ccb60070b036d43c2184f4

  • SHA256

    e8ef13ec78a9d82e088ff03b53c6f8c2ff84ba2cbedc1c8b08971f88a68fc44a

  • SHA512

    59a40f743edace4a52514b95b8ce821827a19827a16c0af57704908caebc1d1c0b67a79ff045805b5d5f1040cc75a730d0f19b6a6b14db9d24a2218ba632b3f5

  • SSDEEP

    12288:M9bvAviE6/WFmTsg2t1TxzGIhRR/xSw7aRlVYxrx6:M9bN/Ypgg1TxqkR9xaEx

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_75322c14a10b2b96ce21eda6c19e92ba.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3736
  • C:\Windows\system32\cmstp.exe
    C:\Windows\system32\cmstp.exe
    1⤵
      PID:2740
    • C:\Users\Admin\AppData\Local\PbItoxX\cmstp.exe
      C:\Users\Admin\AppData\Local\PbItoxX\cmstp.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3684
    • C:\Windows\system32\tcmsetup.exe
      C:\Windows\system32\tcmsetup.exe
      1⤵
        PID:4664
      • C:\Users\Admin\AppData\Local\FtxXGm8\tcmsetup.exe
        C:\Users\Admin\AppData\Local\FtxXGm8\tcmsetup.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2924
      • C:\Windows\system32\DevicePairingWizard.exe
        C:\Windows\system32\DevicePairingWizard.exe
        1⤵
          PID:4816
        • C:\Users\Admin\AppData\Local\aEA1cxZUP\DevicePairingWizard.exe
          C:\Users\Admin\AppData\Local\aEA1cxZUP\DevicePairingWizard.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1736

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\FtxXGm8\TAPI32.dll
          Filesize

          1.3MB

          MD5

          faeffac157db691e66fde540cfc9f803

          SHA1

          311b2f7e6f4348e3bda088e7dbbfd8f64e5e4e3a

          SHA256

          06fc41664acdc9039b83c1a88ffc27533bd2921cb28d61fef76b6466866102ef

          SHA512

          dfcb8161d4f013bcfe38b8d2efa862eca0af51483238b9ee71b5e3dbf447b360753be3056a92d6edec6b8bf17846cdeca6afbccbd1f0e6077f67b954d7fef34c

          Download Submit

        • C:\Users\Admin\AppData\Local\FtxXGm8\tcmsetup.exe
          Filesize

          16KB

          MD5

          58f3b915b9ae7d63431772c2616b0945

          SHA1

          6346e837da3b0f551becb7cac6d160e3063696e9

          SHA256

          e243501ba2ef7a6f04f51410bb916faffe0ec23450a4d030ce6bfe747e544b39

          SHA512

          7b09192af460c502d1a94989a0d06191c8c7a058ce3a4541e3f45960a1e12529d0cdaff9da3d5bacfdceed57aeb6dc9a159c6c0a95675c438f99bf7e418c6dc5

          Download Submit

        • C:\Users\Admin\AppData\Local\PbItoxX\VERSION.dll
          Filesize

          1.3MB

          MD5

          7695bbc70b3ef2199f121f5910fdcc07

          SHA1

          b1c5c3d6cb2fbacdf17e2b7dfad05ba0216b64a2

          SHA256

          53aa33e9179c0453a16dbbe15b8b817b5db1e834035a30fb974a25005649a0a0

          SHA512

          2599bcea2897096927f24e57bc019fa9e2e41a5977d547890f644a8408e33c7755390ccefe84786d33570f4eed0fde5efc68e91b7c016f5bec20173de0c0f94a

          Download Submit

        • C:\Users\Admin\AppData\Local\PbItoxX\cmstp.exe
          Filesize

          96KB

          MD5

          4cc43fe4d397ff79fa69f397e016df52

          SHA1

          8fd6cf81ad40c9b123cd75611860a8b95c72869c

          SHA256

          f2d3905ee38b2b5c0b724d582f14eb1db7621ffb8f3826df686a20784341614c

          SHA512

          851ef9fa5a03ec8b9fea0094c6e4bfa0b9e71cee3412ee86b2dfc34682aa5fb6455fefe7fc0092b711956d7c880cf8a5761b63ee990aa8e72f3473086ac0f157

          Download Submit

        • C:\Users\Admin\AppData\Local\aEA1cxZUP\DevicePairingWizard.exe
          Filesize

          93KB

          MD5

          d0e40a5a0c7dad2d6e5040d7fbc37533

          SHA1

          b0eabbd37a97a1abcd90bd56394f5c45585699eb

          SHA256

          2adaf3a5d3fde149626e3fef0e943c7029a135c04688acf357b2d8d04c81981b

          SHA512

          1191c2efcadd53b74d085612025c44b6cd54dd69493632950e30ada650d5ed79e3468c138f389cd3bc21ea103059a63eb38d9d919a62d932a38830c93f57731f

          Download Submit

        • C:\Users\Admin\AppData\Local\aEA1cxZUP\MFC42u.dll
          Filesize

          1.3MB

          MD5

          3b1ffa458d4cf4f7002ec38ed839f2f9

          SHA1

          3c729fcac0a1f011a4e0a7175a65d39cd085951d

          SHA256

          05f94110cf6b2c37fba1fc5378adb4196c8d6a9ffc27b9dc2a3b6bb1e33c87c6

          SHA512

          887078cc927ad86deafec6215a8aec956055343795ed7e2404611ac61dd5a7af86cc99bd73d245a08136d4c40c844302cb168dcfa51af7c02aa4a612bb3be1a7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ybgihhkn.lnk
          Filesize

          1KB

          MD5

          a3ed02fa0e9f63b608641d6b473ae0d2

          SHA1

          38079aa87d83c3a4fc1321a87bca62e0e1d5e250

          SHA256

          15e726645e7f1cfa55e555adab3f1b0afcd784cc20448a79ad9a1229491231ea

          SHA512

          29e94120985ec18432cc25349397a74b5d9fb824cea22000d6f6ba4ef30e512c2b104e3d7ad22b4a97611d54bcdbba36d682a85ff0e205db3d2715bc1a082e98

          Download Submit

        • memory/1736-96-0x00007FF8DF6C0000-0x00007FF8DF80B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1736-92-0x00007FF8DF6C0000-0x00007FF8DF80B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2924-81-0x00007FF8DF6C0000-0x00007FF8DF806000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2924-77-0x00007FF8DF6C0000-0x00007FF8DF806000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2924-76-0x000001F279290000-0x000001F279297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3516-38-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-8-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-27-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-26-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-25-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-24-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-23-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-22-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-21-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-19-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-18-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-17-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-16-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-15-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-14-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-12-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-11-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-10-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-9-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-28-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-7-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-6-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-4-0x0000000002630000-0x0000000002631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3516-3-0x00007FF8FCE2A000-0x00007FF8FCE2B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3516-39-0x00007FF8FDB60000-0x00007FF8FDB70000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3516-13-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-20-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-30-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-49-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-40-0x00007FF8FDB50000-0x00007FF8FDB60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3516-29-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3516-37-0x0000000000440000-0x0000000000447000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3684-65-0x00007FF8DF6C0000-0x00007FF8DF805000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3684-61-0x00007FF8DF6C0000-0x00007FF8DF805000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3684-60-0x000001D7BD870000-0x000001D7BD877000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3736-1-0x00007FF8EE250000-0x00007FF8EE394000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3736-52-0x00007FF8EE250000-0x00007FF8EE394000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3736-2-0x000001DB7C370000-0x000001DB7C377000-memory.dmp

          Filesize

          28KB

          Download