Overview

overview

10

Static

static

bf9ad9586d...3d.dll

windows7_x64

10

bf9ad9586d...3d.dll

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    15-09-2021 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf9ad9586d3a1594e627b0e4c13615cc806d8f73be0ac8fa8b79e08436ac503d.dll

  • Size

    1.7MB

  • MD5

    0d4820d7d8af4fd62be7375b1529f047

  • SHA1

    6bdbde14cf1bfc55c70c1e6c75e4290f11676f3f

  • SHA256

    bf9ad9586d3a1594e627b0e4c13615cc806d8f73be0ac8fa8b79e08436ac503d

  • SHA512

    7e647cf441b51898c4ee3e1cc6047b7cae3e6cfe1f09b4034cb7628869b8b1288617b65a76a517d3580b42f8214eb0acb6ab4b6edea031c47bfb46da3ded99c8

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf9ad9586d3a1594e627b0e4c13615cc806d8f73be0ac8fa8b79e08436ac503d.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1924
  • C:\Windows\system32\AdapterTroubleshooter.exe
    C:\Windows\system32\AdapterTroubleshooter.exe
    1⤵
      PID:628
    • C:\Users\Admin\AppData\Local\Vm4ut\AdapterTroubleshooter.exe
      C:\Users\Admin\AppData\Local\Vm4ut\AdapterTroubleshooter.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1504
    • C:\Windows\system32\BdeUISrv.exe
      C:\Windows\system32\BdeUISrv.exe
      1⤵
        PID:920
      • C:\Users\Admin\AppData\Local\17o\BdeUISrv.exe
        C:\Users\Admin\AppData\Local\17o\BdeUISrv.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1740
      • C:\Windows\system32\dvdupgrd.exe
        C:\Windows\system32\dvdupgrd.exe
        1⤵
          PID:1076
        • C:\Users\Admin\AppData\Local\iJMan\dvdupgrd.exe
          C:\Users\Admin\AppData\Local\iJMan\dvdupgrd.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1084

        Network

        MITRE ATT&CK Matrix ATT&CK v6

        Initial Access

        Execution

        Persistence

        Registry Run Keys / Startup Folder

        1
        T1060

        Privilege Escalation

        Defense Evasion

        Modify Registry

        1
        T1112

        Credential Access

        Discovery

        System Information Discovery

        1
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\17o\BdeUISrv.exe
          MD5

          1da6b19be5d4949c868a264bc5e74206

          SHA1

          d5ee86ba03a03ef8c93d93accafe40461084c839

          SHA256

          00330a0e0eb1dbb6ee84997963f8e15c7c15c1df787f1c7f109609d7b31bd35c

          SHA512

          9cee858c55eb0852e5bad53a675a094ae591b46b07afe9fb4224cac32e0be577fe36c1ed3e9f6bda4d4eb0c924a773d00e3181cd97f07e24c6c68c70f2b002c6

          Download Submit
        • C:\Users\Admin\AppData\Local\17o\WTSAPI32.dll
          MD5

          6c6e812a428ae0a2dcb4b29c83a15474

          SHA1

          15102796e1ad7e1b37a2d8e5c8992c11a67f3f6e

          SHA256

          ba4680b377407575bd0a2b93992fdbff5345d93aed15743483b1e4c343d59698

          SHA512

          327fba142edb591a4c07eb83a16ca790f4e9f96fd685ceac852e67bb5f299acc8cf057780592d85ce0da08facbc4d7faa7b68cc4a95706c6704e91663e75e56d

          Download Submit
        • C:\Users\Admin\AppData\Local\Vm4ut\AdapterTroubleshooter.exe
          MD5

          d4170c9ff5b2f85b0ce0246033d26919

          SHA1

          a76118e8775e16237cf00f2fb79718be0dc84db1

          SHA256

          d05e010a2570cdd5a67f62c99483aeeecb6a8d5ecc523cd49b158a460c9be5da

          SHA512

          9c85a9ea4002bd55cf9c51e470dd1bec527ff04b5d0d6f83094a998c541416cd47c9f42c6ca7e35ffa2842877f79e3c2e989489b9bf81644c5c57bb406b89608

          Download Submit
        • C:\Users\Admin\AppData\Local\Vm4ut\d3d9.dll
          MD5

          fae6b3eb93f380e266a2670a45f45b75

          SHA1

          fd33aee98188597022613cc6f8f48e65d67c26f3

          SHA256

          1164a04f2b8e7183739b08b74d54840bb75898f16fbddd7351dc5a7a25fa3720

          SHA512

          2250f0ce70edeb060ceb6e387096be63ee07b2cdaa492842b256c735c1925c5c6b4dcaf18f46ba8a2b3f9bb14f6a97484bfc6fa7e8c770ecfc0186f5f86acd43

          Download Submit
        • C:\Users\Admin\AppData\Local\iJMan\VERSION.dll
          MD5

          3e85939124d4901a51e082c892df698d

          SHA1

          01a057c35f8ba6513bcc0f537d9f8c3b9207b11a

          SHA256

          f7a8e2b92a632c008f77d77949dd8e680c1585db221c9a12f11f183394869a51

          SHA512

          c3bd59446787e17a10875960f829bd3446a2768edc4a0e8607a7e1670e8f0e7dcb16a1c7ba11192c77fc9facd76e07e51ca614d9afc121ad04fbafe36d84d2b3

          Download Submit
        • C:\Users\Admin\AppData\Local\iJMan\dvdupgrd.exe
          MD5

          75a9b4172eac01d9648c6d2133af952f

          SHA1

          63c7e1af762d2b584e9cc841e8b0100f2a482b81

          SHA256

          18f9f520c7157023b0e7dfe7433a63c4dedd47b04d24aac4038b795893050736

          SHA512

          5a7a2c7f184efd9c84256a1a0a5e7aeb95432d63a567196be54e7a9437a5ada9b922983c5fc0cafb16eab4493665d8e56e2f646f9f6a2d6179986925ffcdf769

          Download Submit
        • \Users\Admin\AppData\Local\17o\BdeUISrv.exe
          MD5

          1da6b19be5d4949c868a264bc5e74206

          SHA1

          d5ee86ba03a03ef8c93d93accafe40461084c839

          SHA256

          00330a0e0eb1dbb6ee84997963f8e15c7c15c1df787f1c7f109609d7b31bd35c

          SHA512

          9cee858c55eb0852e5bad53a675a094ae591b46b07afe9fb4224cac32e0be577fe36c1ed3e9f6bda4d4eb0c924a773d00e3181cd97f07e24c6c68c70f2b002c6

          Download Submit
        • \Users\Admin\AppData\Local\17o\WTSAPI32.dll
          MD5

          6c6e812a428ae0a2dcb4b29c83a15474

          SHA1

          15102796e1ad7e1b37a2d8e5c8992c11a67f3f6e

          SHA256

          ba4680b377407575bd0a2b93992fdbff5345d93aed15743483b1e4c343d59698

          SHA512

          327fba142edb591a4c07eb83a16ca790f4e9f96fd685ceac852e67bb5f299acc8cf057780592d85ce0da08facbc4d7faa7b68cc4a95706c6704e91663e75e56d

          Download Submit
        • \Users\Admin\AppData\Local\Vm4ut\AdapterTroubleshooter.exe
          MD5

          d4170c9ff5b2f85b0ce0246033d26919

          SHA1

          a76118e8775e16237cf00f2fb79718be0dc84db1

          SHA256

          d05e010a2570cdd5a67f62c99483aeeecb6a8d5ecc523cd49b158a460c9be5da

          SHA512

          9c85a9ea4002bd55cf9c51e470dd1bec527ff04b5d0d6f83094a998c541416cd47c9f42c6ca7e35ffa2842877f79e3c2e989489b9bf81644c5c57bb406b89608

          Download Submit
        • \Users\Admin\AppData\Local\Vm4ut\d3d9.dll
          MD5

          fae6b3eb93f380e266a2670a45f45b75

          SHA1

          fd33aee98188597022613cc6f8f48e65d67c26f3

          SHA256

          1164a04f2b8e7183739b08b74d54840bb75898f16fbddd7351dc5a7a25fa3720

          SHA512

          2250f0ce70edeb060ceb6e387096be63ee07b2cdaa492842b256c735c1925c5c6b4dcaf18f46ba8a2b3f9bb14f6a97484bfc6fa7e8c770ecfc0186f5f86acd43

          Download Submit
        • \Users\Admin\AppData\Local\iJMan\VERSION.dll
          MD5

          3e85939124d4901a51e082c892df698d

          SHA1

          01a057c35f8ba6513bcc0f537d9f8c3b9207b11a

          SHA256

          f7a8e2b92a632c008f77d77949dd8e680c1585db221c9a12f11f183394869a51

          SHA512

          c3bd59446787e17a10875960f829bd3446a2768edc4a0e8607a7e1670e8f0e7dcb16a1c7ba11192c77fc9facd76e07e51ca614d9afc121ad04fbafe36d84d2b3

          Download Submit
        • \Users\Admin\AppData\Local\iJMan\dvdupgrd.exe
          MD5

          75a9b4172eac01d9648c6d2133af952f

          SHA1

          63c7e1af762d2b584e9cc841e8b0100f2a482b81

          SHA256

          18f9f520c7157023b0e7dfe7433a63c4dedd47b04d24aac4038b795893050736

          SHA512

          5a7a2c7f184efd9c84256a1a0a5e7aeb95432d63a567196be54e7a9437a5ada9b922983c5fc0cafb16eab4493665d8e56e2f646f9f6a2d6179986925ffcdf769

          Download Submit
        • \Users\Admin\AppData\Roaming\Identities\rlu\dvdupgrd.exe
          MD5

          75a9b4172eac01d9648c6d2133af952f

          SHA1

          63c7e1af762d2b584e9cc841e8b0100f2a482b81

          SHA256

          18f9f520c7157023b0e7dfe7433a63c4dedd47b04d24aac4038b795893050736

          SHA512

          5a7a2c7f184efd9c84256a1a0a5e7aeb95432d63a567196be54e7a9437a5ada9b922983c5fc0cafb16eab4493665d8e56e2f646f9f6a2d6179986925ffcdf769

          Download Submit
        • memory/1084-125-0x0000000000000000-mapping.dmp
          Download
        • memory/1252-90-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-97-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-76-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-77-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-78-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-79-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-80-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-81-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-82-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-83-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-84-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-85-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-86-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-87-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-88-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-89-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-62-0x0000000002AF0000-0x0000000002AF1000-memory.dmp
          Filesize

          4KB

          Download
        • memory/1252-91-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-93-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-92-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-94-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-95-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-96-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-75-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-98-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-100-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-99-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-101-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-102-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-103-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-109-0x0000000077740000-0x0000000077742000-memory.dmp
          Filesize

          8KB

          Download
        • memory/1252-74-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-64-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-73-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-72-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-69-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-63-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-70-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-65-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-71-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-68-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-67-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1252-66-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1504-115-0x0000000140000000-0x00000001401C0000-memory.dmp
          Filesize

          1.8MB

          Download
        • memory/1504-111-0x0000000000000000-mapping.dmp
          Download
        • memory/1740-118-0x0000000000000000-mapping.dmp
          Download
        • memory/1924-59-0x0000000140000000-0x00000001401BF000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/1924-61-0x0000000000110000-0x0000000000117000-memory.dmp
          Filesize

          28KB

          Download