Analysis
-
max time kernel
154s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
17-04-2022 16:33
General
-
Target
f8e491e0b4830499f16eaa2dc20b483a1b07cd0a0129f8bfdb27329da1fe9d25.dll
-
Size
1.0MB
-
MD5
13af4c70983e18808bfcf66c108d268f
-
SHA1
144ef35edd26bdf5aba2ebcf8c4dfaf9dd7ef070
-
SHA256
f8e491e0b4830499f16eaa2dc20b483a1b07cd0a0129f8bfdb27329da1fe9d25
-
SHA512
25e725ce5c9cda3f6104bf7fa1779af3a40d5635e8ffbc413aa32ab9f0edd0760eb147f40891eb0e82cf1edeb4fe3a29636114ed1c5defbe44c5cc64e904fda2
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\f8e491e0b4830499f16eaa2dc20b483a1b07cd0a0129f8bfdb27329da1fe9d25.dll1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\MusNotifyIcon.exeC:\Windows\system32\MusNotifyIcon.exe1⤵
-
C:\Users\Admin\AppData\Local\Jpd8\MusNotifyIcon.exeC:\Users\Admin\AppData\Local\Jpd8\MusNotifyIcon.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\slui.exeC:\Windows\system32\slui.exe1⤵
-
C:\Users\Admin\AppData\Local\6PGP\slui.exeC:\Users\Admin\AppData\Local\6PGP\slui.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\usocoreworker.exeC:\Windows\system32\usocoreworker.exe1⤵
-
C:\Users\Admin\AppData\Local\fxBMe\usocoreworker.exeC:\Users\Admin\AppData\Local\fxBMe\usocoreworker.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\6PGP\SLC.dllFilesize
1.0MB
MD5c4901b52c53c48060e969692ba98b4f7
SHA178200f3de458b171d65277aec30c47801295adba
SHA256c7d85d36b8e9b7a22d882cbdf0b69f6cd84145e52fdb981a716e5d4a61c5a9e3
SHA51244356ad94bca7891db5cc1e829af207befc5c0629424f174a1f78d5babb7256c24e62a35336bfc9ce41f8becce0a6174f9acbba6412e613d41aec970bb12783b
-
C:\Users\Admin\AppData\Local\6PGP\SLC.dllFilesize
1.0MB
MD5c4901b52c53c48060e969692ba98b4f7
SHA178200f3de458b171d65277aec30c47801295adba
SHA256c7d85d36b8e9b7a22d882cbdf0b69f6cd84145e52fdb981a716e5d4a61c5a9e3
SHA51244356ad94bca7891db5cc1e829af207befc5c0629424f174a1f78d5babb7256c24e62a35336bfc9ce41f8becce0a6174f9acbba6412e613d41aec970bb12783b
-
C:\Users\Admin\AppData\Local\6PGP\slui.exeFilesize
534KB
MD5eb725ea35a13dc18eac46aa81e7f2841
SHA1c0b3304c970324952e18c4a51073e3bdec73440b
SHA25625e7624d469a592934ab8c509d12c153c2799e604c2a4b8a83650a7268577dff
SHA51239192a1fad29654b3769f007298eff049d0688a3cb51390833ec563f44f9931cd3f6f8693db37b649b061b5aab379b166c15dade56d0fc414375243320375b26
-
C:\Users\Admin\AppData\Local\Jpd8\MusNotifyIcon.exeFilesize
629KB
MD5c54b1a69a21e03b83ebb0aeb3758b6f7
SHA1b32ee7e5b813554c4b8e8f96f176570e0f6e8b6c
SHA256ac3e12011b70144cc84539bbccacdfae35bd4ea3ee61b4a9fca5f082d044d8bf
SHA5122680ab501ffe7d40fed28eb207d812880c8a71d71a29d59ba3da27c0bae98c74893e04807d93fba7b5e673c3e13a1ad21bfaab10bdb871d83349ff4e7c614b19
-
C:\Users\Admin\AppData\Local\Jpd8\UxTheme.dllFilesize
1.0MB
MD51fb5fd7d75bcdc022d2d35dcd5cab41e
SHA1a33cfd52e78608e637cb4f981a16ac1581e8d58a
SHA25652035ab65a393a49c4d3c28e485e315848e3e5644e94ed2470b1f4548e5a385c
SHA512fdf9f1f863fa8fce42a4bd2de4cd63af4e00d02939956f5769bca58ca3cc0a6b6ee965cbcc386df12aeaf35026677f4e33fc73e265439f955d2d08b6273ec0b7
-
C:\Users\Admin\AppData\Local\Jpd8\UxTheme.dllFilesize
1.0MB
MD51fb5fd7d75bcdc022d2d35dcd5cab41e
SHA1a33cfd52e78608e637cb4f981a16ac1581e8d58a
SHA25652035ab65a393a49c4d3c28e485e315848e3e5644e94ed2470b1f4548e5a385c
SHA512fdf9f1f863fa8fce42a4bd2de4cd63af4e00d02939956f5769bca58ca3cc0a6b6ee965cbcc386df12aeaf35026677f4e33fc73e265439f955d2d08b6273ec0b7
-
C:\Users\Admin\AppData\Local\fxBMe\XmlLite.dllFilesize
1.0MB
MD591db103aa9243e64893e996c11684b03
SHA12e5faa9d9d21cb491ba9ad288caef1de5455b7e2
SHA2562f8274c84e7b46a95949f8d1f5deb9df20830b2a862a27be59c60c519f819235
SHA512110e982d11f7ac415b293b9d37ee5c8e7b609e2c731bce19d68f380a89f3142fa0310fc968dad3b6f84728315d04876eac9b3a216bb179d87ff33c94a4de2e31
-
C:\Users\Admin\AppData\Local\fxBMe\XmlLite.dllFilesize
1.0MB
MD591db103aa9243e64893e996c11684b03
SHA12e5faa9d9d21cb491ba9ad288caef1de5455b7e2
SHA2562f8274c84e7b46a95949f8d1f5deb9df20830b2a862a27be59c60c519f819235
SHA512110e982d11f7ac415b293b9d37ee5c8e7b609e2c731bce19d68f380a89f3142fa0310fc968dad3b6f84728315d04876eac9b3a216bb179d87ff33c94a4de2e31
-
C:\Users\Admin\AppData\Local\fxBMe\usocoreworker.exeFilesize
1.3MB
MD52c5efb321aa64af37dedc6383ce3198e
SHA1a06d7020dd43a57047a62bfb443091cd9de946ba
SHA2560fb6688a32340036f3eaab4a09a82dee533bfb2ca266c36f6142083134de6f0e
SHA5125448ea01b24af7444505bda80064849a2efcc459011d32879e021e836fd573c9b1b9d3b37291d3f53ff536c691ac13a545b12f318a16c8a367421986bbf002ed
-
memory/1064-156-0x00007FFF374DC000-0x00007FFF374DD000-memory.dmpFilesize
4KB
-
memory/1064-135-0x0000000000790000-0x0000000000791000-memory.dmpFilesize
4KB
-
memory/1064-145-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1064-136-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1064-146-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1064-148-0x0000000000760000-0x0000000000767000-memory.dmpFilesize
28KB
-
memory/1064-157-0x00007FFF374AC000-0x00007FFF374AD000-memory.dmpFilesize
4KB
-
memory/1064-140-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1064-158-0x00007FFF373F0000-0x00007FFF37400000-memory.dmpFilesize
64KB
-
memory/1064-144-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1064-143-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1064-142-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1064-141-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1064-138-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1064-139-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1064-137-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/1676-159-0x0000000000000000-mapping.dmp
-
memory/1676-167-0x00000251EA0C0000-0x00000251EA0C7000-memory.dmpFilesize
28KB
-
memory/1676-163-0x0000000140000000-0x0000000140108000-memory.dmpFilesize
1.0MB
-
memory/2092-176-0x00000168ECBB0000-0x00000168ECBB7000-memory.dmpFilesize
28KB
-
memory/2092-168-0x0000000000000000-mapping.dmp
-
memory/3408-130-0x0000000140000000-0x0000000140107000-memory.dmpFilesize
1.0MB
-
memory/3408-134-0x0000000000790000-0x0000000000797000-memory.dmpFilesize
28KB
-
memory/4460-177-0x0000000000000000-mapping.dmp
-
memory/4460-185-0x000001A6620E0000-0x000001A6620E7000-memory.dmpFilesize
28KB