Overview

overview

10

Static

static

751aa86b8a...ce.dll

windows7_x64

10

751aa86b8a...ce.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    164s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    17-04-2022 16:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    751aa86b8a60dc64d572b01838e96f9b360f53cb6ec1ccbe50f8fb8a2980c0ce.dll

  • Size

    969KB

  • MD5

    62b5ce1d64dcb1b9f0c825ba62996856

  • SHA1

    5e7eea97f2c31a0ef3b2feb5c9de45a3869f63c0

  • SHA256

    751aa86b8a60dc64d572b01838e96f9b360f53cb6ec1ccbe50f8fb8a2980c0ce

  • SHA512

    fe1698172d163b1c1efe802ec0d573a492aa2c1cbb15b60d2c9b69ca0158205812d875180866e4cff8570dff45663eb85457fb0e48bbec99bbc8c570af87c7e3

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\751aa86b8a60dc64d572b01838e96f9b360f53cb6ec1ccbe50f8fb8a2980c0ce.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2008
  • C:\Windows\system32\omadmclient.exe
    C:\Windows\system32\omadmclient.exe
    1⤵
      PID:4500
    • C:\Users\Admin\AppData\Local\pMLt\omadmclient.exe
      C:\Users\Admin\AppData\Local\pMLt\omadmclient.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4820
    • C:\Windows\system32\MusNotificationUx.exe
      C:\Windows\system32\MusNotificationUx.exe
      1⤵
        PID:4984
      • C:\Users\Admin\AppData\Local\ZL3DJ3Tp\MusNotificationUx.exe
        C:\Users\Admin\AppData\Local\ZL3DJ3Tp\MusNotificationUx.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:5028
      • C:\Windows\system32\ie4uinit.exe
        C:\Windows\system32\ie4uinit.exe
        1⤵
          PID:4352
        • C:\Users\Admin\AppData\Local\CGzsW6\ie4uinit.exe
          C:\Users\Admin\AppData\Local\CGzsW6\ie4uinit.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4976
        • C:\Windows\system32\WFS.exe
          C:\Windows\system32\WFS.exe
          1⤵
            PID:3512
          • C:\Users\Admin\AppData\Local\UX5135pK\WFS.exe
            C:\Users\Admin\AppData\Local\UX5135pK\WFS.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:344

          Network

          MITRE ATT&CK Matrix ATT&CK v6

          Initial Access

          Execution

          Persistence

          Registry Run Keys / Startup Folder

          1
          T1060

          Privilege Escalation

          Defense Evasion

          Modify Registry

          1
          T1112

          Credential Access

          Discovery

          System Information Discovery

          1
          T1082

          Lateral Movement

          Collection

          Exfiltration

          Command and Control

          Impact

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\CGzsW6\VERSION.dll
            Filesize

            970KB

            MD5

            145cf01cdceb857cfcbb5dbec7a7d002

            SHA1

            79e3b10d7c5fbcda2016a752c201eee299ff629f

            SHA256

            b50c2bbe812a5c1e31971d2578e474ad18954dcfe570bb75e53b12e5283c0f12

            SHA512

            7e89ac2e50924a68bd52384923468bac21280a584903f055dc5a07b86a55fd67aa4c97a5dbf67b6705c54b7967a6a1d8efb22dee4f329699b5d413595507ade0

            Download Submit
          • C:\Users\Admin\AppData\Local\CGzsW6\VERSION.dll
            Filesize

            970KB

            MD5

            145cf01cdceb857cfcbb5dbec7a7d002

            SHA1

            79e3b10d7c5fbcda2016a752c201eee299ff629f

            SHA256

            b50c2bbe812a5c1e31971d2578e474ad18954dcfe570bb75e53b12e5283c0f12

            SHA512

            7e89ac2e50924a68bd52384923468bac21280a584903f055dc5a07b86a55fd67aa4c97a5dbf67b6705c54b7967a6a1d8efb22dee4f329699b5d413595507ade0

            Download Submit
          • C:\Users\Admin\AppData\Local\CGzsW6\VERSION.dll
            Filesize

            970KB

            MD5

            145cf01cdceb857cfcbb5dbec7a7d002

            SHA1

            79e3b10d7c5fbcda2016a752c201eee299ff629f

            SHA256

            b50c2bbe812a5c1e31971d2578e474ad18954dcfe570bb75e53b12e5283c0f12

            SHA512

            7e89ac2e50924a68bd52384923468bac21280a584903f055dc5a07b86a55fd67aa4c97a5dbf67b6705c54b7967a6a1d8efb22dee4f329699b5d413595507ade0

            Download Submit
          • C:\Users\Admin\AppData\Local\CGzsW6\VERSION.dll
            Filesize

            970KB

            MD5

            145cf01cdceb857cfcbb5dbec7a7d002

            SHA1

            79e3b10d7c5fbcda2016a752c201eee299ff629f

            SHA256

            b50c2bbe812a5c1e31971d2578e474ad18954dcfe570bb75e53b12e5283c0f12

            SHA512

            7e89ac2e50924a68bd52384923468bac21280a584903f055dc5a07b86a55fd67aa4c97a5dbf67b6705c54b7967a6a1d8efb22dee4f329699b5d413595507ade0

            Download Submit
          • C:\Users\Admin\AppData\Local\CGzsW6\ie4uinit.exe
            Filesize

            262KB

            MD5

            a2f0104edd80ca2c24c24356d5eacc4f

            SHA1

            8269b9fd9231f04ed47419bd565c69dc677fab56

            SHA256

            5d85c4d62cc26996826b9d96a9153f7e05a2260342bd913b3730610a1809203c

            SHA512

            e7bb87f9f6c82cb945b95f62695be98b3fa827a24fa8c4187fe836d4e7d3e7ae3b95101edd3c41d65f6cb684910f5954a67307d450072acd8d475212db094390

            Download Submit
          • C:\Users\Admin\AppData\Local\UX5135pK\WFS.exe
            Filesize

            944KB

            MD5

            3cbc8d0f65e3db6c76c119ed7c2ffd85

            SHA1

            e74f794d86196e3bbb852522479946cceeed7e01

            SHA256

            e23e4182efe7ed61aaf369696e1ce304c3818df33d1663872b6d3c75499d81f4

            SHA512

            26ae5845a804b9eb752078f1ffa80a476648a8a9508b4f7ba56c94acd4198f3ba59c77add4feb7e0420070222af56521ca5f6334f466d5db272c816930513f0a

            Download Submit
          • C:\Users\Admin\AppData\Local\UX5135pK\WINMM.dll
            Filesize

            974KB

            MD5

            5e1875df461a10c079541df80fb760f5

            SHA1

            24d1945fd758a9dbad172c19f51efc911bd65d07

            SHA256

            b091e1f7994b083294b3de1ba09930591eade2954ba9deed03ad5c4fa0a7feac

            SHA512

            3e3de733fdcbf0478aa674241e8264f1dd8a73c49c065a52f50ff9370a032fe96b8e60ae66a6d103a365384e35c01ffbf6c237dd3541d7315544adf25937a1e6

            Download Submit
          • C:\Users\Admin\AppData\Local\UX5135pK\WINMM.dll
            Filesize

            974KB

            MD5

            5e1875df461a10c079541df80fb760f5

            SHA1

            24d1945fd758a9dbad172c19f51efc911bd65d07

            SHA256

            b091e1f7994b083294b3de1ba09930591eade2954ba9deed03ad5c4fa0a7feac

            SHA512

            3e3de733fdcbf0478aa674241e8264f1dd8a73c49c065a52f50ff9370a032fe96b8e60ae66a6d103a365384e35c01ffbf6c237dd3541d7315544adf25937a1e6

            Download Submit
          • C:\Users\Admin\AppData\Local\ZL3DJ3Tp\MusNotificationUx.exe
            Filesize

            615KB

            MD5

            869a214114a81712199f3de5d69d9aad

            SHA1

            be973e4188eff0d53fdf0e9360106e8ad946d89f

            SHA256

            405c2df9a36d7cfb5c8382c96f04792eb88c11a6cfa36b1d2ec3e0bec8d17361

            SHA512

            befcdeb8de6e68b9ee0bacd4cbc80f7393a0213d4039b239c98585e0cd5db1755c75559a62372374cbfb7132b6a7973ea9e6a31952e0e0ba007079c56e6d9012

            Download Submit
          • C:\Users\Admin\AppData\Local\ZL3DJ3Tp\XmlLite.dll
            Filesize

            970KB

            MD5

            08b7abd12fa89a2a94456c327347a4f0

            SHA1

            b6a6927d4244194c4fcda418cbcc6970c97b6195

            SHA256

            5ac05b57d60653554e57c0ec0ca70d985d1c29fd92112242929f3f8ca27f2589

            SHA512

            8512b935fa60a143932d9470c7246d2cbf7e72cb8771d046ccabd44d1f739c55541e71244e9c077ba79976288c3b6f9d544c5c90c2a7d92612faf71ece09d1b3

            Download Submit
          • C:\Users\Admin\AppData\Local\ZL3DJ3Tp\XmlLite.dll
            Filesize

            970KB

            MD5

            08b7abd12fa89a2a94456c327347a4f0

            SHA1

            b6a6927d4244194c4fcda418cbcc6970c97b6195

            SHA256

            5ac05b57d60653554e57c0ec0ca70d985d1c29fd92112242929f3f8ca27f2589

            SHA512

            8512b935fa60a143932d9470c7246d2cbf7e72cb8771d046ccabd44d1f739c55541e71244e9c077ba79976288c3b6f9d544c5c90c2a7d92612faf71ece09d1b3

            Download Submit
          • C:\Users\Admin\AppData\Local\pMLt\XmlLite.dll
            Filesize

            970KB

            MD5

            1e8fd8a194cdec0b40300de6bc415e22

            SHA1

            8998500c7a3cd97bbd4f89c28a40494e591a391d

            SHA256

            7913ea30f27489030719ebb42a2ecc243f780a5bb2a9a683742f3d80d694a0bc

            SHA512

            823a40c77b41d325fb0e48d46c4db590ed89882a5c0625ea1efe75af5a88a591e1adfc8015b0b967bcf86e774ff832ec3abe6121de8b19b626046876a90ef4a1

            Download Submit
          • C:\Users\Admin\AppData\Local\pMLt\XmlLite.dll
            Filesize

            970KB

            MD5

            1e8fd8a194cdec0b40300de6bc415e22

            SHA1

            8998500c7a3cd97bbd4f89c28a40494e591a391d

            SHA256

            7913ea30f27489030719ebb42a2ecc243f780a5bb2a9a683742f3d80d694a0bc

            SHA512

            823a40c77b41d325fb0e48d46c4db590ed89882a5c0625ea1efe75af5a88a591e1adfc8015b0b967bcf86e774ff832ec3abe6121de8b19b626046876a90ef4a1

            Download Submit
          • C:\Users\Admin\AppData\Local\pMLt\XmlLite.dll
            Filesize

            970KB

            MD5

            1e8fd8a194cdec0b40300de6bc415e22

            SHA1

            8998500c7a3cd97bbd4f89c28a40494e591a391d

            SHA256

            7913ea30f27489030719ebb42a2ecc243f780a5bb2a9a683742f3d80d694a0bc

            SHA512

            823a40c77b41d325fb0e48d46c4db590ed89882a5c0625ea1efe75af5a88a591e1adfc8015b0b967bcf86e774ff832ec3abe6121de8b19b626046876a90ef4a1

            Download Submit
          • C:\Users\Admin\AppData\Local\pMLt\omadmclient.exe
            Filesize

            425KB

            MD5

            8992b5b28a996eb83761dafb24959ab4

            SHA1

            697ecb33b8ff5b0e73ef29ce471153b368b1b729

            SHA256

            e0c6c1b082c5d61be95b7fad95155b7cb2e516d6dcd51b8e1554a176876699e7

            SHA512

            4ab0d71f6f9e5a5d0870d8e6eaa4b5db74ea6148de0a00603e3e56303d0fec4722172e0207b9678a5bd0136f2d43d43b9d34907183369ab3b9b9c1484034fe3d

            Download Submit
          • memory/344-187-0x0000000140000000-0x00000001400FC000-memory.dmp
            Filesize

            1008KB

            Download
          • memory/344-183-0x0000000000000000-mapping.dmp
            Download
          • memory/2008-134-0x00000241A89F0000-0x00000241A89F7000-memory.dmp
            Filesize

            28KB

            Download
          • memory/2008-130-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-143-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-142-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-158-0x00007FF888690000-0x00007FF8886A0000-memory.dmp
            Filesize

            64KB

            Download
          • memory/2420-135-0x0000000000580000-0x0000000000581000-memory.dmp
            Filesize

            4KB

            Download
          • memory/2420-157-0x00007FF88874C000-0x00007FF88874D000-memory.dmp
            Filesize

            4KB

            Download
          • memory/2420-156-0x00007FF88877C000-0x00007FF88877D000-memory.dmp
            Filesize

            4KB

            Download
          • memory/2420-140-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-137-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-141-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-139-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-145-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-136-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-146-0x0000000000550000-0x0000000000557000-memory.dmp
            Filesize

            28KB

            Download
          • memory/2420-147-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-138-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/2420-144-0x0000000140000000-0x00000001400FA000-memory.dmp
            Filesize

            1000KB

            Download
          • memory/4820-159-0x0000000000000000-mapping.dmp
            Download
          • memory/4820-164-0x0000000140000000-0x00000001400FB000-memory.dmp
            Filesize

            1004KB

            Download
          • memory/4976-177-0x0000000000000000-mapping.dmp
            Download
          • memory/5028-168-0x0000000000000000-mapping.dmp
            Download
          • memory/5028-172-0x00000259AA4C0000-0x00000259AA4C7000-memory.dmp
            Filesize

            28KB

            Download