Overview

overview

10

Static

static

668f015f20...ed.dll

windows7_x64

10

668f015f20...ed.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    153s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    17-04-2022 16:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    668f015f2009a05024a99c756f684e3f1056c9b5a49e241379934daa27f031ed.dll

  • Size

    1003KB

  • MD5

    218d477824d47647d4b594fba6c72d16

  • SHA1

    e1321bb45459d5a414d8816eb354a55ac4dd7610

  • SHA256

    668f015f2009a05024a99c756f684e3f1056c9b5a49e241379934daa27f031ed

  • SHA512

    96674362aff08b3de475809fddf3a918d23da6ed34202975e6c268b417bacd98c097fe9455aa45443296f20e1ca16095bf47a8d36e90d53eb48fb427dfe30503

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\668f015f2009a05024a99c756f684e3f1056c9b5a49e241379934daa27f031ed.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:568
  • C:\Windows\system32\InfDefaultInstall.exe
    C:\Windows\system32\InfDefaultInstall.exe
    1⤵
      PID:1616
    • C:\Users\Admin\AppData\Local\bC1\InfDefaultInstall.exe
      C:\Users\Admin\AppData\Local\bC1\InfDefaultInstall.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2656
    • C:\Windows\system32\DeviceEnroller.exe
      C:\Windows\system32\DeviceEnroller.exe
      1⤵
        PID:5020
      • C:\Users\Admin\AppData\Local\rJZI8YK\DeviceEnroller.exe
        C:\Users\Admin\AppData\Local\rJZI8YK\DeviceEnroller.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3700
      • C:\Windows\system32\GamePanel.exe
        C:\Windows\system32\GamePanel.exe
        1⤵
          PID:3736
        • C:\Users\Admin\AppData\Local\vILbe1w\GamePanel.exe
          C:\Users\Admin\AppData\Local\vILbe1w\GamePanel.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4324

        Network

        MITRE ATT&CK Matrix ATT&CK v6

        Initial Access

        Execution

        Persistence

        Registry Run Keys / Startup Folder

        1
        T1060

        Privilege Escalation

        Defense Evasion

        Modify Registry

        1
        T1112

        Credential Access

        Discovery

        System Information Discovery

        1
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\bC1\InfDefaultInstall.exe
          Filesize

          13KB

          MD5

          ee18876c1e5de583de7547075975120e

          SHA1

          f7fcb3d77da74deee25de9296a7c7335916504e3

          SHA256

          e59127b5fe82714956c7a1f10392a8673086a8e1f609e059935c7da1fa015a5d

          SHA512

          08bc4d28b8f528582c58175a74871dd33ac97955c3709c991779fc34b5ba4b2ba6ff40476d9f59345b61b0153fd932b0ea539431a67ff5012cb2ac8ab392f73c

          Download Submit
        • C:\Users\Admin\AppData\Local\bC1\newdev.dll
          Filesize

          1005KB

          MD5

          c945743e98bdec9eea3be42eeed955be

          SHA1

          df3ecea11e7d20f731ae2026ff02d67dea4bea0d

          SHA256

          278054d2d846deeb309a0f59217d5ce4952490f70027dc474777cfbadb0ba53a

          SHA512

          c491262942adf3d411f285b12a73f6b1e75d26d1c2e48e2fb7304804cc03fbfa515ec9ac6fb6ad60cb9107ffa51a18f101fee2fade0814c38f8f476d7cea225a

          Download Submit
        • C:\Users\Admin\AppData\Local\bC1\newdev.dll
          Filesize

          1005KB

          MD5

          c945743e98bdec9eea3be42eeed955be

          SHA1

          df3ecea11e7d20f731ae2026ff02d67dea4bea0d

          SHA256

          278054d2d846deeb309a0f59217d5ce4952490f70027dc474777cfbadb0ba53a

          SHA512

          c491262942adf3d411f285b12a73f6b1e75d26d1c2e48e2fb7304804cc03fbfa515ec9ac6fb6ad60cb9107ffa51a18f101fee2fade0814c38f8f476d7cea225a

          Download Submit
        • C:\Users\Admin\AppData\Local\rJZI8YK\DeviceEnroller.exe
          Filesize

          448KB

          MD5

          946d9474533f58d2613078fd14ca7473

          SHA1

          c2620ac9522fa3702a6a03299b930d6044aa5e49

          SHA256

          cf5f5fe084f172e9c435615c1dc6ae7d3bd8c5ec8ea290caa0627c2f392760cb

          SHA512

          3653d41a0553ee63a43490f682c9b528651a6336f28adafc333d4d148577351122db8279ff83ee59bb0a9c17bb384e9f6c9c78677c8c5ed671a42036dec1f8c1

          Download Submit
        • C:\Users\Admin\AppData\Local\rJZI8YK\XmlLite.dll
          Filesize

          1004KB

          MD5

          77a6bb3a88552b0a8317604e5e1290da

          SHA1

          c214e7576b92155eb8d0fa6636dafaf0da66f341

          SHA256

          4484171e4a27510a222f966aa5ddad066af311e19de94fb4dc367b86b20f55fb

          SHA512

          ab6d7f50346f614790ea10936f994d7782297817765b908d4af292ba1c0d0d41ccecc26543cdaa23af95fdcb38ad57e36241a17540045dce1b9a83f7e6691478

          Download Submit
        • C:\Users\Admin\AppData\Local\rJZI8YK\XmlLite.dll
          Filesize

          1004KB

          MD5

          77a6bb3a88552b0a8317604e5e1290da

          SHA1

          c214e7576b92155eb8d0fa6636dafaf0da66f341

          SHA256

          4484171e4a27510a222f966aa5ddad066af311e19de94fb4dc367b86b20f55fb

          SHA512

          ab6d7f50346f614790ea10936f994d7782297817765b908d4af292ba1c0d0d41ccecc26543cdaa23af95fdcb38ad57e36241a17540045dce1b9a83f7e6691478

          Download Submit
        • C:\Users\Admin\AppData\Local\vILbe1w\GamePanel.exe
          Filesize

          1.2MB

          MD5

          266f6a62c16f6a889218800762b137be

          SHA1

          31b9bd85a37bf0cbb38a1c30147b83671458fa72

          SHA256

          71f8f11f26f3a7c1498373f20f0f4cc960513d0383fe24906eeb1bc9678beecd

          SHA512

          b21d9b0656ab6bd3b158922722a332f07096ddd4215c802776c5807c9cf6ece40082dd986ea6867bdc8d22878ce035a5c8dfcc26cfae94aeee059701b6bf1e68

          Download Submit
        • C:\Users\Admin\AppData\Local\vILbe1w\dxgi.dll
          Filesize

          1005KB

          MD5

          21dd1cba4e8fabee97163bac12b95cb9

          SHA1

          bbf21dbbabe4730b64ff3fac08d20e9d3b3a430b

          SHA256

          01ea9653db3edbc7e2782b74251c7091907cc20150607b1bc97036163b60b6a6

          SHA512

          48e4cca0865be17680f96dc17780344b6a51ab45ad16556221da0032db786d86f51bfe91d2127463d92a648ab6729f98681bd48cca9eca3fafb9df143b94c86f

          Download Submit
        • C:\Users\Admin\AppData\Local\vILbe1w\dxgi.dll
          Filesize

          1005KB

          MD5

          21dd1cba4e8fabee97163bac12b95cb9

          SHA1

          bbf21dbbabe4730b64ff3fac08d20e9d3b3a430b

          SHA256

          01ea9653db3edbc7e2782b74251c7091907cc20150607b1bc97036163b60b6a6

          SHA512

          48e4cca0865be17680f96dc17780344b6a51ab45ad16556221da0032db786d86f51bfe91d2127463d92a648ab6729f98681bd48cca9eca3fafb9df143b94c86f

          Download Submit
        • C:\Users\Admin\AppData\Local\vILbe1w\dxgi.dll
          Filesize

          1005KB

          MD5

          21dd1cba4e8fabee97163bac12b95cb9

          SHA1

          bbf21dbbabe4730b64ff3fac08d20e9d3b3a430b

          SHA256

          01ea9653db3edbc7e2782b74251c7091907cc20150607b1bc97036163b60b6a6

          SHA512

          48e4cca0865be17680f96dc17780344b6a51ab45ad16556221da0032db786d86f51bfe91d2127463d92a648ab6729f98681bd48cca9eca3fafb9df143b94c86f

          Download Submit
        • memory/568-130-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/568-134-0x0000025636FB0000-0x0000025636FB7000-memory.dmp
          Filesize

          28KB

          Download
        • memory/2656-167-0x0000025BA2EF0000-0x0000025BA2EF7000-memory.dmp
          Filesize

          28KB

          Download
        • memory/2656-163-0x0000000140000000-0x0000000140103000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/2656-159-0x0000000000000000-mapping.dmp
          Download
        • memory/3276-157-0x00007FF8DED4C000-0x00007FF8DED4D000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3276-144-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3276-158-0x00007FF8DEC90000-0x00007FF8DECA0000-memory.dmp
          Filesize

          64KB

          Download
        • memory/3276-147-0x0000000001180000-0x0000000001187000-memory.dmp
          Filesize

          28KB

          Download
        • memory/3276-146-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3276-136-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3276-145-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3276-138-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3276-143-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3276-156-0x00007FF8DED7C000-0x00007FF8DED7D000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3276-142-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3276-141-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3276-140-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3276-135-0x00000000011B0000-0x00000000011B1000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3276-137-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3276-139-0x0000000140000000-0x0000000140102000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/3700-168-0x0000000000000000-mapping.dmp
          Download
        • memory/3700-176-0x000001CE2E1A0000-0x000001CE2E1A7000-memory.dmp
          Filesize

          28KB

          Download
        • memory/4324-177-0x0000000000000000-mapping.dmp
          Download
        • memory/4324-186-0x00000291F3E70000-0x00000291F3E77000-memory.dmp
          Filesize

          28KB

          Download