Overview

overview

10

Static

static

3

bcd53a03a1...ca.dll

windows7-x64

10

bcd53a03a1...ca.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 14:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bcd53a03a12a4ce08e833fdcdd8d8cca.dll

  • Size

    2.0MB

  • MD5

    bcd53a03a12a4ce08e833fdcdd8d8cca

  • SHA1

    0e84a0c65f7eb5273609ec94a4de8217995726db

  • SHA256

    610801e1516dac10986662e4aa33209c5699069c84322ac8abdcd548a8eb3ea0

  • SHA512

    729335e687444f306acea30cb14569247b3ffda79d935a08163a5d0fc92d2268fa0023249c10789833b4f2202e8c7832617256c9c362585a8bb4afaeee3c6788

  • SSDEEP

    12288:lVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:8fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcd53a03a12a4ce08e833fdcdd8d8cca.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:616
  • C:\Windows\system32\SystemPropertiesProtection.exe
    C:\Windows\system32\SystemPropertiesProtection.exe
    1⤵
      PID:2588
    • C:\Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
      C:\Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2608
    • C:\Windows\system32\notepad.exe
      C:\Windows\system32\notepad.exe
      1⤵
        PID:524
      • C:\Users\Admin\AppData\Local\9TO\notepad.exe
        C:\Users\Admin\AppData\Local\9TO\notepad.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:472
      • C:\Windows\system32\SystemPropertiesPerformance.exe
        C:\Windows\system32\SystemPropertiesPerformance.exe
        1⤵
          PID:604
        • C:\Users\Admin\AppData\Local\CQp8YVLa\SystemPropertiesPerformance.exe
          C:\Users\Admin\AppData\Local\CQp8YVLa\SystemPropertiesPerformance.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2848

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\9TO\VERSION.dll
                Filesize

                241KB

                MD5

                f6df262b8e4f3c3e7e49b82f5b76fa1c

                SHA1

                566351d0f2f29afaa264ebc0e4ac4af805c05041

                SHA256

                e719ac4680dac410537ea95b96ee3bc25081958b846c51d55797117ca0bb0735

                SHA512

                9ff6063b1642bbb00e6e3e93960c4b16834dceb2fb2dc56f29c51bd834031927919f3d6960c992e8eba1b6de44fbb14ecc6188fc47af8869846dd5f27cc41c8c

                Download Submit

              • C:\Users\Admin\AppData\Local\9TO\notepad.exe
                Filesize

                45KB

                MD5

                7e13131ecfad454128b12555a7fd0020

                SHA1

                5d7ef1f3f91912eb83d296c2543519efcc28f9e7

                SHA256

                1d2c480bebbe3e61a1e16b963f7cc691d49133f9f8f963ad2cc3c3dc082ca83d

                SHA512

                dff9bfefb67ced5bfb8ddddf15928c74463a446bf48c10c95f62e8d33d128040be42ea02a0f86ce055ed24c10082e9c5d414468f7f5da0fe95a7c5b43b6d2078

                Download Submit

              • C:\Users\Admin\AppData\Local\CQp8YVLa\SYSDM.CPL
                Filesize

                316KB

                MD5

                3904b2677d8d39bf48515c911647cf34

                SHA1

                38625585fe851be72ab5ef91a34ae1d414c793e0

                SHA256

                7091e8be3c94c74e352dea7e78e44fa8c70dab0afef8e341e6d979718e6b6c44

                SHA512

                7645d983a0dc4739d6eaa15f877a94b195f7f56bd9163546b035089b57b286b14abd3d0c0ef8a3981a5f97fbcb02ba20518e7d36fb1e5ab8d4a184a113fd40c3

                Download Submit

              • C:\Users\Admin\AppData\Local\CQp8YVLa\SystemPropertiesPerformance.exe
                Filesize

                80KB

                MD5

                870726cdcc241a92785572628b89cc07

                SHA1

                63d47cc4fe9beb75862add1abca1d8ae8235710a

                SHA256

                1ab77fa1ee0cbe59ca185c228c3c11abeba2b2008a162c91a06d3c40542e7fc6

                SHA512

                89b961c2a2716fe0800e54e0206c8b349a26f1bc2a463ec9bd12f3ab22bfcb13e6402b4c20ddcf284d838a3c66e73335af8f6dc4554d76646382e387242c6f72

                Download Submit

              • C:\Users\Admin\AppData\Local\TZOn\SYSDM.CPL
                Filesize

                77KB

                MD5

                b4d54088d30e59a692c60d00a9c101ba

                SHA1

                b857004724bc1a50a9df139fa05655100e1cb3a3

                SHA256

                a9dfd85b19d45cec3ea5d00d2dc52e30563e8b49b9a767dfc4cd712d3533e8c5

                SHA512

                25eb309db0ee53c9ef2143b615b660387aa003e43bc4aa26c718a573b0ad5684dc7df0933f250b9856b19a1439297703a73f7259b6d500195bf14c0901e5d97b

                Download Submit

              • C:\Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
                Filesize

                80KB

                MD5

                05138d8f952d3fff1362f7c50158bc38

                SHA1

                780bc59fcddf06a7494d09771b8340acffdcc720

                SHA256

                753a43d8aa74341d06582bd6b3784dc5f8c6f46174c2a306cf284de238a9c6bd

                SHA512

                27fa8c0af3d01f0816852d04693087f3c25d1307d8857a7ea75b0bb3e0ac927d262f5ac5a335afee150142fa3187354d33ebbcf6c3cd5cc33cb4e6cd00c50255

                Download Submit

              • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Zrkibbhbsqvuoso.lnk
                Filesize

                1KB

                MD5

                b43bbe82878099a186f3913d609d7671

                SHA1

                a8d4af4735ff68bce88c2737cf17eee4dabbf4a5

                SHA256

                85c0a3fda502686d418e12ab485d3ea7939bf87ca2c450a84dfad44f3ee5abe7

                SHA512

                c0b32fb735440acdd224b3d0b7c865cf92836d8e14c7cd7c8fba3ef1c59fdbb91e9d97242d308f9a51a20ffcdeda76808e7738f97ead8fc4ce2a60867984e008

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\iuXw6wZSLT\SYSDM.CPL
                Filesize

                2.0MB

                MD5

                027cb7dff72b55cbe67f340c27955253

                SHA1

                e875e8b20ba335af05406808a8cff65a3306d71f

                SHA256

                7112bba281aef2f345670d7daa9125d11fe0538645421c04001125119524e500

                SHA512

                a4d9b4dbb3ddf72d0cc8ea78cb25d5d48d715ef29374c978ee014c4b68587ff41245f56d6f4931dca491c8eebfe5de81995e5e5ada69b21dcce48edf93ba87b7

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\KttqBvA\SYSDM.CPL
                Filesize

                2.0MB

                MD5

                27c9a97238f378fa8c0014ebb5d0da46

                SHA1

                8ee335e4e240d79ba7d053f12296d25531494d16

                SHA256

                9d2927a8e0886fde0b6c3d4df8e0677f06701dc9185421c0c8cb07d546bb104c

                SHA512

                860e7ca6d533124984b782fe5eab1325cc71a3e2af19c5be0837484d6b48af5e4bc1218a582288583af5d31114acff9f985583c6ba0c04d89e0de157a3adfe26

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\KttqBvA\SystemPropertiesPerformance.exe
                Filesize

                28KB

                MD5

                d1d7abadb9010789e1f8c69b715d318e

                SHA1

                ca07f527ad68010a974e7c5f9e0f5a1728cf2c47

                SHA256

                367c9e5b775b4004d4b570721293128d90926c62d682419df400f1f19497237b

                SHA512

                e749568b86e8b680afdebff68a14da1bd579d871b740a83de782b27e50133c2c6de0944c33690d81dad8874a23913ffc5f24c5d007d50c4c168120c0bdd101d6

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IOAy7UQ\VERSION.dll
                Filesize

                2.0MB

                MD5

                77af567071d675e7791301166ea130e7

                SHA1

                8ebbcd00e1e3dcbc9db33879633f704fb2c565ae

                SHA256

                9b44bc5aba7387e93a5fb2f114f8837d68ff875d32aec37f4187f9d26786674b

                SHA512

                80154ecd712c68176fb11aefca51152267b48b05399c2fde8496ca73ed6a6dcf5db8ae74161fd69ed0908c49c1a048cd50fe753ce04e86db368ec73d8a411718

                Download Submit

              • \Users\Admin\AppData\Local\9TO\VERSION.dll
                Filesize

                210KB

                MD5

                daaeaa4ab023e6fad024e9239e3dd0d3

                SHA1

                5d27726e6c8a7d3209122a18308c844146f14c36

                SHA256

                f0498f38d9b2d092bfda05a07f7d534772909881ecf74e07f976795aef2413f5

                SHA512

                cc7d8e8940be5dc8153427383a3c51af91c8d58ad6a06adf418da932ac96bc6067e4545c06a130227b19a2be56b8c5618aabe28288b18fde72591efff7120ffc

                Download Submit

              • \Users\Admin\AppData\Local\9TO\notepad.exe
                Filesize

                189KB

                MD5

                f2c7bb8acc97f92e987a2d4087d021b1

                SHA1

                7eb0139d2175739b3ccb0d1110067820be6abd29

                SHA256

                142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2

                SHA512

                2f37a2e503cffbd7c05c7d8a125b55368ce11aad5b62f17aaac7aaf3391a6886fa6a0fd73223e9f30072419bf5762a8af7958e805a52d788ba41f61eb084bfe8

                Download Submit

              • \Users\Admin\AppData\Local\CQp8YVLa\SYSDM.CPL
                Filesize

                268KB

                MD5

                16bb8b59b41c6a4d2f9a88aacf1dfad6

                SHA1

                ce57e2c66aeab7a66b7866d047f256c904e67b3e

                SHA256

                2ea50da55ec87b94db67441fa1b2e011f9f05ea45bd000416b1a9d8ba83d7abf

                SHA512

                444c8efb83117bb3457787dc1cd0f52e75956a2bff73bf9057874d6ebfc05d8e6aba9b506054d3c7683893de4d0b391afe740c2fab469ef1fb782b493b694902

                Download Submit

              • \Users\Admin\AppData\Local\TZOn\SYSDM.CPL
                Filesize

                114KB

                MD5

                c07226e6d35055b3ad928805e60fed39

                SHA1

                e5fc091f0e152058cff1e056327072289b0e0b55

                SHA256

                bae66952feacdaf2ce7b9829ffc4edbaa8b1501652f1ed889b72620499f34a97

                SHA512

                58ad5c6b276de49373f862209158876174a39d50ef8de007c73dbdd5784b471518ca915ca86accaae088d79f2b31f9b5b58dc3176c50fd83027715875902ebe1

                Download Submit

              • \Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
                Filesize

                45KB

                MD5

                9e67f5450d6dd4a41449caa6fc7c6c59

                SHA1

                079d7611d171c16f92f263f33a3f7c13b98a2deb

                SHA256

                0994fa2c50743864c186572fb539cb36ae0224f299af6f74b0238dccdd4ca76f

                SHA512

                4d51acd88b5617a685ec16f9e5b5a5197cdd72930e199d813b24c58902f02de9ff50bb3b3fea467f2ef707e1cffcba0d48c0d05858cba8515fccf91aafec7370

                Download Submit

              • \Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\KttqBvA\SystemPropertiesPerformance.exe
                Filesize

                42KB

                MD5

                e016ebf74e99c3d91dbfb31994ce6846

                SHA1

                be4e18b420ca9f87a36394b99af34b9aa457b8b5

                SHA256

                340ceef8c2d469e5ceb04dcb86bfda6bf9332430a18ee58de4d81b329435cf18

                SHA512

                600b83269e3931aceb58417c1bf44514e0a7e4016e537191823c17eb9cb6db408c287882371cb0b601bb35fb2bf0b6ffbd86e88f49457b4bcdc7e3e6a7cd8681

                Download Submit

              • memory/472-107-0x0000000000100000-0x0000000000107000-memory.dmp

                Filesize

                28KB

                Download

              • memory/616-1-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/616-0-0x0000000000190000-0x0000000000197000-memory.dmp

                Filesize

                28KB

                Download

              • memory/616-8-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-21-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-52-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-28-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-29-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-30-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-27-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-23-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-31-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-33-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-32-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-34-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-38-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-36-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-40-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-39-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-44-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-45-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-43-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-42-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-41-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-47-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-46-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-48-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-51-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-49-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-50-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-53-0x0000000002260000-0x0000000002267000-memory.dmp

                Filesize

                28KB

                Download

              • memory/1204-24-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-37-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-35-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-61-0x00000000772F1000-0x00000000772F2000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1204-60-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-62-0x0000000077450000-0x0000000077452000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1204-71-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-26-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-25-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-4-0x00000000770E6000-0x00000000770E7000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1204-22-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-19-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-20-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-17-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-18-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-14-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-16-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-15-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-11-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-13-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-5-0x0000000002A00000-0x0000000002A01000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1204-12-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-9-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-147-0x00000000770E6000-0x00000000770E7000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1204-10-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1204-7-0x0000000140000000-0x0000000140205000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/2608-90-0x00000000000F0000-0x00000000000F7000-memory.dmp

                Filesize

                28KB

                Download

              • memory/2848-126-0x0000000000080000-0x0000000000087000-memory.dmp

                Filesize

                28KB

                Download