Overview

overview

10

Static

static

73541b82ca...da.dll

windows7_x64

10

73541b82ca...da.dll

windows10_x64

10

Analysis

  • max time kernel
    153s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    28-09-2021 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73541b82ca26c8c60a84354c657c42bd2ece5cfad3f49437a927b4265234b9da.dll

  • Size

    1.3MB

  • MD5

    d49772c85d426ce5fe41cf8c5529a5ff

  • SHA1

    4eaa4a005cd6825706634cf5fb9b95c4f546778e

  • SHA256

    73541b82ca26c8c60a84354c657c42bd2ece5cfad3f49437a927b4265234b9da

  • SHA512

    ac76de00fd7f4cfaaac884990f02ff26883500d4a7c1c37e13a173de04b7228847527bca4737aa32e9498a05f473ac1a27ce98f35dead85fcc95e9c54efc924e

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Payload 3 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\73541b82ca26c8c60a84354c657c42bd2ece5cfad3f49437a927b4265234b9da.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4648
  • C:\Windows\system32\PasswordOnWakeSettingFlyout.exe
    C:\Windows\system32\PasswordOnWakeSettingFlyout.exe
    1⤵
      PID:3912
    • C:\Users\Admin\AppData\Local\jkxJ8bpPi\PasswordOnWakeSettingFlyout.exe
      C:\Users\Admin\AppData\Local\jkxJ8bpPi\PasswordOnWakeSettingFlyout.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2024
    • C:\Windows\system32\GamePanel.exe
      C:\Windows\system32\GamePanel.exe
      1⤵
        PID:4196
      • C:\Users\Admin\AppData\Local\fQ3yCPd\GamePanel.exe
        C:\Users\Admin\AppData\Local\fQ3yCPd\GamePanel.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4184
      • C:\Windows\system32\OptionalFeatures.exe
        C:\Windows\system32\OptionalFeatures.exe
        1⤵
          PID:508
        • C:\Users\Admin\AppData\Local\Qhd2wC\OptionalFeatures.exe
          C:\Users\Admin\AppData\Local\Qhd2wC\OptionalFeatures.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:640

        Network

        MITRE ATT&CK Matrix ATT&CK v6

        Initial Access

        Execution

        Persistence

        Registry Run Keys / Startup Folder

        1
        T1060

        Privilege Escalation

        Defense Evasion

        Modify Registry

        1
        T1112

        Credential Access

        Discovery

        System Information Discovery

        1
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Qhd2wC\OptionalFeatures.exe
          MD5

          47f9c258008c97e6cdf2b59e7f852eb5

          SHA1

          22bb97914981444e3d82938f98d780fe0e1cb4b0

          SHA256

          ff511c1d4813039bd2b43766d9499fca0b908b713671e5fd18c1f323c8cef0d5

          SHA512

          1794b0c70bae38f7ab0b3907287542eacbd3bbfb17017e6548b1be8e9f198e14efa47d1752bb6ffd7ad29111faa58f5b3e5986cc63ea6130866bebd7e6649c4b

          Download Submit
        • C:\Users\Admin\AppData\Local\Qhd2wC\appwiz.cpl
          MD5

          5fccab19cebb84c306ebaab1268d8e64

          SHA1

          b139e1af5d3b8bf72abd1d114e5fd172a1c129c1

          SHA256

          6719ae126aa1ded97564cb28b75e82f673af78df5df52f5e070ce05e87261599

          SHA512

          ee74d63c9b49dbee6dd3c0670647f2c449059cb3ac2839036aa236b753f240ed1b2534c58181e6046557cf21b5100de0016d48ba2b0e720fd8e35f6a1887324f

          Download Submit
        • C:\Users\Admin\AppData\Local\fQ3yCPd\GamePanel.exe
          MD5

          70b308b5c56bdb82ee671af9e2793c6d

          SHA1

          b08e228abd182dd2a803a2518a172a26818cd054

          SHA256

          8c797165a555aa739fe7967b4a5494c4479417982705ee3a443420c705635686

          SHA512

          6857b4cc384f9165bb7964f2f152963f43e2dfa7042c9cfed084da83d443731cac802324de7d4eb9f9effa1a2a975202cee0d1721b2e62353be589f5e8002c9e

          Download Submit
        • C:\Users\Admin\AppData\Local\fQ3yCPd\dwmapi.dll
          MD5

          35750979f467cb1302c96de8a7317ae8

          SHA1

          fac513a313a6c1872c73b4b0545392ecb4d225cb

          SHA256

          a8623ef232945f4fe64d11dc28071fa0528de791111a7e26c39fe77320482181

          SHA512

          debbf8329f7fd456c9ead0b08b7ccaa74b5453e913c1d12df0386067e043b199896f1ba55e90443c5fcac71992e1d5b11d9d778c755ae945b074811ac26d50ec

          Download Submit
        • C:\Users\Admin\AppData\Local\jkxJ8bpPi\DUI70.dll
          MD5

          7ff95529c7be4ee142501a8a011158c7

          SHA1

          1642be1852de2a7762f9d6cde2bb82443975d1b6

          SHA256

          8b830f43d1eed4c55ccece6d883c7feafd4d9ab830ce003187f47b5b71d53897

          SHA512

          aed566b1edf2598d09ecf2645863a09132efd13d41adb3784fa139dfe62e1f7fb1da70c668961ae1494e04768256af8490cc526fd7a5285cca27ce8ce0b1a16c

          Download Submit
        • C:\Users\Admin\AppData\Local\jkxJ8bpPi\PasswordOnWakeSettingFlyout.exe
          MD5

          a81fed73da02db15df427da1cd5f4141

          SHA1

          f831fc6377a6264be621e23635f22b437129b2ce

          SHA256

          1afed5b9302a4a4669ac7f966b7cf9fcaab037e94a0b3cabea3631055c97d3a5

          SHA512

          3c4541160f0f69d1c3a9dc4e67643864493eadb0450426f7f323d87fa7b0c81d96ef2201d33b3421a307171274615e90d4ee8bd07107ff4f75beedec0a2bf156

          Download Submit
        • \Users\Admin\AppData\Local\Qhd2wC\appwiz.cpl
          MD5

          5fccab19cebb84c306ebaab1268d8e64

          SHA1

          b139e1af5d3b8bf72abd1d114e5fd172a1c129c1

          SHA256

          6719ae126aa1ded97564cb28b75e82f673af78df5df52f5e070ce05e87261599

          SHA512

          ee74d63c9b49dbee6dd3c0670647f2c449059cb3ac2839036aa236b753f240ed1b2534c58181e6046557cf21b5100de0016d48ba2b0e720fd8e35f6a1887324f

          Download Submit
        • \Users\Admin\AppData\Local\fQ3yCPd\dwmapi.dll
          MD5

          35750979f467cb1302c96de8a7317ae8

          SHA1

          fac513a313a6c1872c73b4b0545392ecb4d225cb

          SHA256

          a8623ef232945f4fe64d11dc28071fa0528de791111a7e26c39fe77320482181

          SHA512

          debbf8329f7fd456c9ead0b08b7ccaa74b5453e913c1d12df0386067e043b199896f1ba55e90443c5fcac71992e1d5b11d9d778c755ae945b074811ac26d50ec

          Download Submit
        • \Users\Admin\AppData\Local\jkxJ8bpPi\DUI70.dll
          MD5

          7ff95529c7be4ee142501a8a011158c7

          SHA1

          1642be1852de2a7762f9d6cde2bb82443975d1b6

          SHA256

          8b830f43d1eed4c55ccece6d883c7feafd4d9ab830ce003187f47b5b71d53897

          SHA512

          aed566b1edf2598d09ecf2645863a09132efd13d41adb3784fa139dfe62e1f7fb1da70c668961ae1494e04768256af8490cc526fd7a5285cca27ce8ce0b1a16c

          Download Submit
        • memory/640-186-0x0000000000000000-mapping.dmp
          Download
        • memory/2024-156-0x0000000000000000-mapping.dmp
          Download
        • memory/2024-160-0x0000000140000000-0x0000000140194000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/3048-130-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-145-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-121-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-133-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-134-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-135-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-136-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-137-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-138-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-139-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-140-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-141-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-142-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-143-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-144-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-132-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-146-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-155-0x00007FFA78544320-0x00007FFA78545320-memory.dmp
          Filesize

          4KB

          Download
        • memory/3048-131-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-120-0x0000000000AA0000-0x0000000000AA1000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3048-129-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-128-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-127-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-122-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-126-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-125-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-124-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/3048-123-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/4184-181-0x0000000140000000-0x000000014014F000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/4184-177-0x0000000000000000-mapping.dmp
          Download
        • memory/4648-114-0x0000000140000000-0x000000014014E000-memory.dmp
          Filesize

          1.3MB

          Download
        • memory/4648-119-0x000001CD723B0000-0x000001CD723B7000-memory.dmp
          Filesize

          28KB

          Download