Analysis
-
max time kernel
152s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
17-04-2022 07:15
General
-
Target
91a7289739c77592bb9df66d5c071d4db3776f1605f2c424b81d785ebccd4a65.dll
-
Size
884KB
-
MD5
ced02686016fde4bfb16ba8f821108bf
-
SHA1
3a0d57f789e19bc2dd84697f283fb21a49d45800
-
SHA256
91a7289739c77592bb9df66d5c071d4db3776f1605f2c424b81d785ebccd4a65
-
SHA512
9b278ec14d2c3cfb2f5ee3a4a622c37302a6e3573d7364c32f1124a578e98aeb84a576848fffe5f580495841a7bae1ac6fdebba7da1fda26aab5bee08bf13d9a
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 4 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\91a7289739c77592bb9df66d5c071d4db3776f1605f2c424b81d785ebccd4a65.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\quickassist.exeC:\Windows\system32\quickassist.exe1⤵
-
C:\Users\Admin\AppData\Local\eEig\quickassist.exeC:\Users\Admin\AppData\Local\eEig\quickassist.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\dccw.exeC:\Windows\system32\dccw.exe1⤵
-
C:\Users\Admin\AppData\Local\6j18k\dccw.exeC:\Users\Admin\AppData\Local\6j18k\dccw.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\ApplySettingsTemplateCatalog.exeC:\Windows\system32\ApplySettingsTemplateCatalog.exe1⤵
-
C:\Users\Admin\AppData\Local\Ljr\ApplySettingsTemplateCatalog.exeC:\Users\Admin\AppData\Local\Ljr\ApplySettingsTemplateCatalog.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\ie4uinit.exeC:\Windows\system32\ie4uinit.exe1⤵
-
C:\Users\Admin\AppData\Local\dFZQF1V5\ie4uinit.exeC:\Users\Admin\AppData\Local\dFZQF1V5\ie4uinit.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\6j18k\dccw.exeFilesize
101KB
MD5cb9374911bf5237179785c739a322c0f
SHA13f4d3dd3d58c9f19dfbb414ded16969ebd9f74b9
SHA256f7f3300b78148a34f6a35796c777a832b638b6d3193e11f4a37f45d4c6dfa845
SHA5129d47521538148b1823c0a17baa86ddf932f06f46d5d8b63fa87b2cc220fb98ce3f933e32d771222937bb8e41c88030839d489d1cd78b062bffeb2980dc6864be
-
C:\Users\Admin\AppData\Local\6j18k\mscms.dllFilesize
890KB
MD59706e9b6e60060f0973e9b7af7733504
SHA16f8d9e853f129d07729e4c4a4e9e4b1f11a43828
SHA256238b198c1b28cc75825bb559d6e016fb57cf0424911f6797115d4becccb2bfe3
SHA51293325f0e32df110dfc9c164af0145b7ae4aa0ba00caaddbc35e8fea44dc79ac9b3cb160c26c653ff903e041fc0072388c620ccd593c620208693d00d670239fb
-
C:\Users\Admin\AppData\Local\6j18k\mscms.dllFilesize
890KB
MD59706e9b6e60060f0973e9b7af7733504
SHA16f8d9e853f129d07729e4c4a4e9e4b1f11a43828
SHA256238b198c1b28cc75825bb559d6e016fb57cf0424911f6797115d4becccb2bfe3
SHA51293325f0e32df110dfc9c164af0145b7ae4aa0ba00caaddbc35e8fea44dc79ac9b3cb160c26c653ff903e041fc0072388c620ccd593c620208693d00d670239fb
-
C:\Users\Admin\AppData\Local\Ljr\ACTIVEDS.dllFilesize
886KB
MD5813dd3d2c779f5c6de49d7600ba45695
SHA1d9b55f0160e2e7fab2e5ccec2f9deb6bec72dccb
SHA2562ed6e360ccca3d72a8f7483897363ae7dc76a0f5a42ad4c640de19bcb05a24d3
SHA512f317419f80c83eded007bc248129e984d0e107a7b4088cdebc7db8b106c6e1c717878ef0f6040d2646d27024109b2f85c6b8bf9b7390e7189f54253c80c3e598
-
C:\Users\Admin\AppData\Local\Ljr\ACTIVEDS.dllFilesize
886KB
MD5813dd3d2c779f5c6de49d7600ba45695
SHA1d9b55f0160e2e7fab2e5ccec2f9deb6bec72dccb
SHA2562ed6e360ccca3d72a8f7483897363ae7dc76a0f5a42ad4c640de19bcb05a24d3
SHA512f317419f80c83eded007bc248129e984d0e107a7b4088cdebc7db8b106c6e1c717878ef0f6040d2646d27024109b2f85c6b8bf9b7390e7189f54253c80c3e598
-
C:\Users\Admin\AppData\Local\Ljr\ApplySettingsTemplateCatalog.exeFilesize
1.1MB
MD513af41b1c1c53c7360cd582a82ec2093
SHA17425f893d1245e351483ab4a20a5f59d114df4e1
SHA256a462f29efaaa3c30411e76f32608a2ba5b7d21af3b9804e5dda99e342ba8c429
SHA512c7c82acef623d964c520f1a458dbfe34099981de0b781fb56e14b1f82632e3a8437db6434e7c20988aa3b39efde47aab8d188e80845e841a13e74b079285706a
-
C:\Users\Admin\AppData\Local\dFZQF1V5\VERSION.dllFilesize
886KB
MD5f03c7a0357c28b317ee5ad199cf9aa34
SHA1faab825816bada8e0e7cf4974cb27af23917d1c6
SHA256ec95c722351ec6ee486592deb6301de065ac71af7d7ec19234fe56b29ea6ea5f
SHA512ac4d6051950c8e5951a0e2907a18728d1aea67bb9a2e789c5279ec1856368e0e8a163b054efeaf438f6666b4b5c70cd0e800e9aad802b86f4d12338bbcb1d8a5
-
C:\Users\Admin\AppData\Local\dFZQF1V5\VERSION.dllFilesize
886KB
MD5f03c7a0357c28b317ee5ad199cf9aa34
SHA1faab825816bada8e0e7cf4974cb27af23917d1c6
SHA256ec95c722351ec6ee486592deb6301de065ac71af7d7ec19234fe56b29ea6ea5f
SHA512ac4d6051950c8e5951a0e2907a18728d1aea67bb9a2e789c5279ec1856368e0e8a163b054efeaf438f6666b4b5c70cd0e800e9aad802b86f4d12338bbcb1d8a5
-
C:\Users\Admin\AppData\Local\dFZQF1V5\ie4uinit.exeFilesize
262KB
MD5a2f0104edd80ca2c24c24356d5eacc4f
SHA18269b9fd9231f04ed47419bd565c69dc677fab56
SHA2565d85c4d62cc26996826b9d96a9153f7e05a2260342bd913b3730610a1809203c
SHA512e7bb87f9f6c82cb945b95f62695be98b3fa827a24fa8c4187fe836d4e7d3e7ae3b95101edd3c41d65f6cb684910f5954a67307d450072acd8d475212db094390
-
C:\Users\Admin\AppData\Local\eEig\UxTheme.dllFilesize
888KB
MD50b4b2b2cc0b20fcba4cc8c9139161f20
SHA141fed08f550e6bc39155de9e985798fceef8d85b
SHA256cd4630dbe3b275ddd517c467906956feeb335459ea7a0b6ea86a8219bbd5c28d
SHA5120a928cc45112ab5724de738ab93d72a58d98ca5ce54cac29da0b9e06efac2bda5b41348e42bb3260b646296746e7ac97dd9b5c46d0c463e2e7598c76a3cf5225
-
C:\Users\Admin\AppData\Local\eEig\UxTheme.dllFilesize
888KB
MD50b4b2b2cc0b20fcba4cc8c9139161f20
SHA141fed08f550e6bc39155de9e985798fceef8d85b
SHA256cd4630dbe3b275ddd517c467906956feeb335459ea7a0b6ea86a8219bbd5c28d
SHA5120a928cc45112ab5724de738ab93d72a58d98ca5ce54cac29da0b9e06efac2bda5b41348e42bb3260b646296746e7ac97dd9b5c46d0c463e2e7598c76a3cf5225
-
C:\Users\Admin\AppData\Local\eEig\quickassist.exeFilesize
665KB
MD5d1216f9b9a64fd943539cc2b0ddfa439
SHA16fad9aeb7780bdfd88a9a5a73b35b3e843605e6c
SHA256c1e8fda00da574e8759ba262d76b6edc1d5f4a80620730ef0be7527e0d803db2
SHA512c5fd7d81d1d478056fcbed0ba887ce551832f0104e7c31753c3c8760b4d63f38324f74e996684042acc8f9682fce8a8c85172741a868257e87d5e0f988c4e567
-
memory/2448-146-0x0000000000000000-mapping.dmp
-
memory/2516-158-0x0000000000000000-mapping.dmp
-
memory/3116-139-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-130-0x0000000000920000-0x0000000000921000-memory.dmpFilesize
4KB
-
memory/3116-144-0x00007FFFB7E8C000-0x00007FFFB7E8D000-memory.dmpFilesize
4KB
-
memory/3116-143-0x00007FFFB7EBC000-0x00007FFFB7EBD000-memory.dmpFilesize
4KB
-
memory/3116-141-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-142-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-132-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-140-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-137-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-145-0x00007FFFB7DD0000-0x00007FFFB7DE0000-memory.dmpFilesize
64KB
-
memory/3116-133-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-138-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-136-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-135-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-131-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/3116-134-0x0000000140000000-0x00000001400E1000-memory.dmpFilesize
900KB
-
memory/4872-150-0x0000000000000000-mapping.dmp
-
memory/4972-154-0x0000000000000000-mapping.dmp