Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
17-04-2022 16:34
General
-
Target
ebcba394786cc603974e26ec590d690cda189e984aa284c09004906686986e11.dll
-
Size
621KB
-
MD5
7fc2c7a96f7e298e44f3ed49955089b3
-
SHA1
673e01731046d838398fed7a6a7806bc2541097f
-
SHA256
ebcba394786cc603974e26ec590d690cda189e984aa284c09004906686986e11
-
SHA512
722516043cd0b491680c0fbc6054cc8b999b822a0bb6f18c26ff5affcb20a53210788c166736450ed5271fa98095b13f8ce9fbc2efab9a9183b09b8020de0d6f
Score
10/10
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Payload 1 IoCs
Detects Dridex x64 core DLL in memory.
-
Modifies Installed Components in the registry 2 TTPs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 16 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 21 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ebcba394786cc603974e26ec590d690cda189e984aa284c09004906686986e11.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5981⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/784-54-0x0000000140000000-0x00000001400A4000-memory.dmpFilesize
656KB
-
memory/784-57-0x0000000001AC0000-0x0000000001AC7000-memory.dmpFilesize
28KB
-
memory/1992-58-0x000007FEFB281000-0x000007FEFB283000-memory.dmpFilesize
8KB