Overview

overview

10

Static

static

1

6712500bb0...6f.dll

windows7-x64

10

6712500bb0...6f.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    10-03-2023 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6712500bb0de148a99ec940160d3d61850e2ce3803adca8f39e9fa8621b8ea6f.dll

  • Size

    1.0MB

  • MD5

    369638ac700f3c41ebaba447d4048ff8

  • SHA1

    6c50a1abf9dc992e74a73279d40fb1a09368cdfe

  • SHA256

    6712500bb0de148a99ec940160d3d61850e2ce3803adca8f39e9fa8621b8ea6f

  • SHA512

    5f7a1913e83cd443a3339af0a52c04a4de17c67be480646d9bb02c984196a0a1ec3d7419ee88ca12d219af927aad1859c47372e08ba6a7a35ad956d5dc4ce7f5

  • SSDEEP

    12288:ClORVEAueQmTmQKO2nMlqVaSEwzH7YxiCyJ86azEZy1f11pNxWOLPa:GORVEVNmaDznMlqVNE27dJ8J2inNxn

Score
10/10
dridexbotnetevasionpayloadtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6712500bb0de148a99ec940160d3d61850e2ce3803adca8f39e9fa8621b8ea6f.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2000
  • C:\Windows\system32\sigverif.exe
    C:\Windows\system32\sigverif.exe
    1⤵
      PID:1116
    • C:\Users\Admin\AppData\Local\GvQ3d\sigverif.exe
      C:\Users\Admin\AppData\Local\GvQ3d\sigverif.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      PID:1800
    • C:\Windows\system32\mstsc.exe
      C:\Windows\system32\mstsc.exe
      1⤵
        PID:556
      • C:\Users\Admin\AppData\Local\YIOrc79QF\mstsc.exe
        C:\Users\Admin\AppData\Local\YIOrc79QF\mstsc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1976

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Discovery

      System Information Discovery

      1
      T1082

      Query Registry

      1
      T1012

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\GvQ3d\VERSION.dll
        Filesize

        1.0MB

        MD5

        67d60c541be3c6fe1721fd55510d9286

        SHA1

        93e27b5d98f539b94c0d3e93de2bc31d955da8c4

        SHA256

        43b6eb6c8c0b26bf9df38d077a4715a9fdc0c49e2491ae944e334ae40d58f6c8

        SHA512

        f24ae37b47980be2e2f3d059a42ea3e89f99f999c7a0a3eaf39b0a21630d60da09c6bd16fbc734efbc2ce3cb819bec50c36b92bd00ccde86b4cb7fffedab3ddc

        Download Submit
      • C:\Users\Admin\AppData\Local\GvQ3d\sigverif.exe
        Filesize

        73KB

        MD5

        e8e95ae5534553fc055051cee99a7f55

        SHA1

        4e0f668849fd546edd083d5981ed685d02a68df4

        SHA256

        9e107fd99892d08b15c223ac17c49af75a4cbca41b5e939bb91c9dca9f0d0bec

        SHA512

        5d3c32d136a264b6d2cfba4602e4d8f75e55ba0e199e0e81d7a515c34d8b9237db29647c10ab79081173010ff8e2c6a59b652c0a9cfa796433aed2d200f02da6

        Download Submit
      • C:\Users\Admin\AppData\Local\GvQ3d\sigverif.exe
        Filesize

        73KB

        MD5

        e8e95ae5534553fc055051cee99a7f55

        SHA1

        4e0f668849fd546edd083d5981ed685d02a68df4

        SHA256

        9e107fd99892d08b15c223ac17c49af75a4cbca41b5e939bb91c9dca9f0d0bec

        SHA512

        5d3c32d136a264b6d2cfba4602e4d8f75e55ba0e199e0e81d7a515c34d8b9237db29647c10ab79081173010ff8e2c6a59b652c0a9cfa796433aed2d200f02da6

        Download Submit
      • C:\Users\Admin\AppData\Local\YIOrc79QF\WINMM.dll
        Filesize

        1.0MB

        MD5

        79fe9269b2f80bb828e2484a08fa2069

        SHA1

        8737f638014667c7e0190cdc44b46a523d7a1fb0

        SHA256

        c05f85031ee8bc38d3f071536d5f48f8077036f5fba635024301a6882462d97d

        SHA512

        16d912e25380cc15fb9fd9e59eaaa6a51da7eaa89febcc6a1a81141f6ae23425757469bed34f88fcdea0e86e408246c1c422ed8ee7337d33f30c7b0e9d2b4617

        Download Submit
      • C:\Users\Admin\AppData\Local\YIOrc79QF\mstsc.exe
        Filesize

        1.1MB

        MD5

        50f739538ef014b2e7ec59431749d838

        SHA1

        b439762b8efe8cfb977e7374c11a7e4d8ed05eb3

        SHA256

        85c510c7fa8d64c70886ea01ec99e7b9064594f021a95b4cf88359421e732be3

        SHA512

        02e231ddc4ac012c597b9db42f8a77fbf35ca8253c030d443a0dd4db3d76a9ee1cced600f12d7bb06305e7a4da4a8fda980faad335adcb12738d80d453cb3cc8

        Download Submit
      • C:\Users\Admin\AppData\Local\YIOrc79QF\mstsc.exe
        Filesize

        1.1MB

        MD5

        50f739538ef014b2e7ec59431749d838

        SHA1

        b439762b8efe8cfb977e7374c11a7e4d8ed05eb3

        SHA256

        85c510c7fa8d64c70886ea01ec99e7b9064594f021a95b4cf88359421e732be3

        SHA512

        02e231ddc4ac012c597b9db42f8a77fbf35ca8253c030d443a0dd4db3d76a9ee1cced600f12d7bb06305e7a4da4a8fda980faad335adcb12738d80d453cb3cc8

        Download Submit
      • \Users\Admin\AppData\Local\GvQ3d\VERSION.dll
        Filesize

        1.0MB

        MD5

        67d60c541be3c6fe1721fd55510d9286

        SHA1

        93e27b5d98f539b94c0d3e93de2bc31d955da8c4

        SHA256

        43b6eb6c8c0b26bf9df38d077a4715a9fdc0c49e2491ae944e334ae40d58f6c8

        SHA512

        f24ae37b47980be2e2f3d059a42ea3e89f99f999c7a0a3eaf39b0a21630d60da09c6bd16fbc734efbc2ce3cb819bec50c36b92bd00ccde86b4cb7fffedab3ddc

        Download Submit
      • \Users\Admin\AppData\Local\GvQ3d\sigverif.exe
        Filesize

        73KB

        MD5

        e8e95ae5534553fc055051cee99a7f55

        SHA1

        4e0f668849fd546edd083d5981ed685d02a68df4

        SHA256

        9e107fd99892d08b15c223ac17c49af75a4cbca41b5e939bb91c9dca9f0d0bec

        SHA512

        5d3c32d136a264b6d2cfba4602e4d8f75e55ba0e199e0e81d7a515c34d8b9237db29647c10ab79081173010ff8e2c6a59b652c0a9cfa796433aed2d200f02da6

        Download Submit
      • \Users\Admin\AppData\Local\YIOrc79QF\WINMM.dll
        Filesize

        1.0MB

        MD5

        79fe9269b2f80bb828e2484a08fa2069

        SHA1

        8737f638014667c7e0190cdc44b46a523d7a1fb0

        SHA256

        c05f85031ee8bc38d3f071536d5f48f8077036f5fba635024301a6882462d97d

        SHA512

        16d912e25380cc15fb9fd9e59eaaa6a51da7eaa89febcc6a1a81141f6ae23425757469bed34f88fcdea0e86e408246c1c422ed8ee7337d33f30c7b0e9d2b4617

        Download Submit
      • \Users\Admin\AppData\Local\YIOrc79QF\mstsc.exe
        Filesize

        1.1MB

        MD5

        50f739538ef014b2e7ec59431749d838

        SHA1

        b439762b8efe8cfb977e7374c11a7e4d8ed05eb3

        SHA256

        85c510c7fa8d64c70886ea01ec99e7b9064594f021a95b4cf88359421e732be3

        SHA512

        02e231ddc4ac012c597b9db42f8a77fbf35ca8253c030d443a0dd4db3d76a9ee1cced600f12d7bb06305e7a4da4a8fda980faad335adcb12738d80d453cb3cc8

        Download Submit
      • memory/1248-68-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1248-61-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1248-75-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1248-78-0x0000000002210000-0x0000000002217000-memory.dmp
        Filesize

        28KB

        Download
      • memory/1248-79-0x0000000077470000-0x0000000077472000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1248-80-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1248-84-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1248-67-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1248-69-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1248-59-0x0000000002910000-0x0000000002911000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1248-66-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1248-65-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1248-63-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1248-64-0x0000000140000000-0x0000000140105000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1800-104-0x000007FEFAF80000-0x000007FEFB085000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1800-101-0x0000000000220000-0x0000000000227000-memory.dmp
        Filesize

        28KB

        Download
      • memory/1800-98-0x000007FEFAF80000-0x000007FEFB085000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1976-116-0x000007FEF6770000-0x000007FEF6877000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1976-119-0x00000000001C0000-0x00000000001C7000-memory.dmp
        Filesize

        28KB

        Download
      • memory/1976-122-0x000007FEF6770000-0x000007FEF6877000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/2000-54-0x000007FEF6A40000-0x000007FEF6B45000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/2000-58-0x000007FEF6A40000-0x000007FEF6B45000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/2000-57-0x0000000001B50000-0x0000000001B57000-memory.dmp
        Filesize

        28KB

        Download