Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

bcd53a03a1...ca.dll

windows7-x64

10

bcd53a03a1...ca.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bcd53a03a12a4ce08e833fdcdd8d8cca.dll

  • Size

    2.0MB

  • MD5

    bcd53a03a12a4ce08e833fdcdd8d8cca

  • SHA1

    0e84a0c65f7eb5273609ec94a4de8217995726db

  • SHA256

    610801e1516dac10986662e4aa33209c5699069c84322ac8abdcd548a8eb3ea0

  • SHA512

    729335e687444f306acea30cb14569247b3ffda79d935a08163a5d0fc92d2268fa0023249c10789833b4f2202e8c7832617256c9c362585a8bb4afaeee3c6788

  • SSDEEP

    12288:lVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:8fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcd53a03a12a4ce08e833fdcdd8d8cca.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:616
  • C:\Windows\system32\SystemPropertiesProtection.exe
    C:\Windows\system32\SystemPropertiesProtection.exe
    1⤵
      PID:2588
    • C:\Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
      C:\Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2608
    • C:\Windows\system32\notepad.exe
      C:\Windows\system32\notepad.exe
      1⤵
        PID:524
      • C:\Users\Admin\AppData\Local\9TO\notepad.exe
        C:\Users\Admin\AppData\Local\9TO\notepad.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:472
      • C:\Windows\system32\SystemPropertiesPerformance.exe
        C:\Windows\system32\SystemPropertiesPerformance.exe
        1⤵
          PID:604
        • C:\Users\Admin\AppData\Local\CQp8YVLa\SystemPropertiesPerformance.exe
          C:\Users\Admin\AppData\Local\CQp8YVLa\SystemPropertiesPerformance.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2848

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\9TO\VERSION.dll
          Filesize

          241KB

          MD5

          f6df262b8e4f3c3e7e49b82f5b76fa1c

          SHA1

          566351d0f2f29afaa264ebc0e4ac4af805c05041

          SHA256

          e719ac4680dac410537ea95b96ee3bc25081958b846c51d55797117ca0bb0735

          SHA512

          9ff6063b1642bbb00e6e3e93960c4b16834dceb2fb2dc56f29c51bd834031927919f3d6960c992e8eba1b6de44fbb14ecc6188fc47af8869846dd5f27cc41c8c

          Download Submit

        • C:\Users\Admin\AppData\Local\9TO\notepad.exe
          Filesize

          45KB

          MD5

          7e13131ecfad454128b12555a7fd0020

          SHA1

          5d7ef1f3f91912eb83d296c2543519efcc28f9e7

          SHA256

          1d2c480bebbe3e61a1e16b963f7cc691d49133f9f8f963ad2cc3c3dc082ca83d

          SHA512

          dff9bfefb67ced5bfb8ddddf15928c74463a446bf48c10c95f62e8d33d128040be42ea02a0f86ce055ed24c10082e9c5d414468f7f5da0fe95a7c5b43b6d2078

          Download Submit

        • C:\Users\Admin\AppData\Local\CQp8YVLa\SYSDM.CPL
          Filesize

          316KB

          MD5

          3904b2677d8d39bf48515c911647cf34

          SHA1

          38625585fe851be72ab5ef91a34ae1d414c793e0

          SHA256

          7091e8be3c94c74e352dea7e78e44fa8c70dab0afef8e341e6d979718e6b6c44

          SHA512

          7645d983a0dc4739d6eaa15f877a94b195f7f56bd9163546b035089b57b286b14abd3d0c0ef8a3981a5f97fbcb02ba20518e7d36fb1e5ab8d4a184a113fd40c3

          Download Submit

        • C:\Users\Admin\AppData\Local\CQp8YVLa\SystemPropertiesPerformance.exe
          Filesize

          80KB

          MD5

          870726cdcc241a92785572628b89cc07

          SHA1

          63d47cc4fe9beb75862add1abca1d8ae8235710a

          SHA256

          1ab77fa1ee0cbe59ca185c228c3c11abeba2b2008a162c91a06d3c40542e7fc6

          SHA512

          89b961c2a2716fe0800e54e0206c8b349a26f1bc2a463ec9bd12f3ab22bfcb13e6402b4c20ddcf284d838a3c66e73335af8f6dc4554d76646382e387242c6f72

          Download Submit

        • C:\Users\Admin\AppData\Local\TZOn\SYSDM.CPL
          Filesize

          77KB

          MD5

          b4d54088d30e59a692c60d00a9c101ba

          SHA1

          b857004724bc1a50a9df139fa05655100e1cb3a3

          SHA256

          a9dfd85b19d45cec3ea5d00d2dc52e30563e8b49b9a767dfc4cd712d3533e8c5

          SHA512

          25eb309db0ee53c9ef2143b615b660387aa003e43bc4aa26c718a573b0ad5684dc7df0933f250b9856b19a1439297703a73f7259b6d500195bf14c0901e5d97b

          Download Submit

        • C:\Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
          Filesize

          80KB

          MD5

          05138d8f952d3fff1362f7c50158bc38

          SHA1

          780bc59fcddf06a7494d09771b8340acffdcc720

          SHA256

          753a43d8aa74341d06582bd6b3784dc5f8c6f46174c2a306cf284de238a9c6bd

          SHA512

          27fa8c0af3d01f0816852d04693087f3c25d1307d8857a7ea75b0bb3e0ac927d262f5ac5a335afee150142fa3187354d33ebbcf6c3cd5cc33cb4e6cd00c50255

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Zrkibbhbsqvuoso.lnk
          Filesize

          1KB

          MD5

          b43bbe82878099a186f3913d609d7671

          SHA1

          a8d4af4735ff68bce88c2737cf17eee4dabbf4a5

          SHA256

          85c0a3fda502686d418e12ab485d3ea7939bf87ca2c450a84dfad44f3ee5abe7

          SHA512

          c0b32fb735440acdd224b3d0b7c865cf92836d8e14c7cd7c8fba3ef1c59fdbb91e9d97242d308f9a51a20ffcdeda76808e7738f97ead8fc4ce2a60867984e008

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\iuXw6wZSLT\SYSDM.CPL
          Filesize

          2.0MB

          MD5

          027cb7dff72b55cbe67f340c27955253

          SHA1

          e875e8b20ba335af05406808a8cff65a3306d71f

          SHA256

          7112bba281aef2f345670d7daa9125d11fe0538645421c04001125119524e500

          SHA512

          a4d9b4dbb3ddf72d0cc8ea78cb25d5d48d715ef29374c978ee014c4b68587ff41245f56d6f4931dca491c8eebfe5de81995e5e5ada69b21dcce48edf93ba87b7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\KttqBvA\SYSDM.CPL
          Filesize

          2.0MB

          MD5

          27c9a97238f378fa8c0014ebb5d0da46

          SHA1

          8ee335e4e240d79ba7d053f12296d25531494d16

          SHA256

          9d2927a8e0886fde0b6c3d4df8e0677f06701dc9185421c0c8cb07d546bb104c

          SHA512

          860e7ca6d533124984b782fe5eab1325cc71a3e2af19c5be0837484d6b48af5e4bc1218a582288583af5d31114acff9f985583c6ba0c04d89e0de157a3adfe26

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\KttqBvA\SystemPropertiesPerformance.exe
          Filesize

          28KB

          MD5

          d1d7abadb9010789e1f8c69b715d318e

          SHA1

          ca07f527ad68010a974e7c5f9e0f5a1728cf2c47

          SHA256

          367c9e5b775b4004d4b570721293128d90926c62d682419df400f1f19497237b

          SHA512

          e749568b86e8b680afdebff68a14da1bd579d871b740a83de782b27e50133c2c6de0944c33690d81dad8874a23913ffc5f24c5d007d50c4c168120c0bdd101d6

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IOAy7UQ\VERSION.dll
          Filesize

          2.0MB

          MD5

          77af567071d675e7791301166ea130e7

          SHA1

          8ebbcd00e1e3dcbc9db33879633f704fb2c565ae

          SHA256

          9b44bc5aba7387e93a5fb2f114f8837d68ff875d32aec37f4187f9d26786674b

          SHA512

          80154ecd712c68176fb11aefca51152267b48b05399c2fde8496ca73ed6a6dcf5db8ae74161fd69ed0908c49c1a048cd50fe753ce04e86db368ec73d8a411718

          Download Submit

        • \Users\Admin\AppData\Local\9TO\VERSION.dll
          Filesize

          210KB

          MD5

          daaeaa4ab023e6fad024e9239e3dd0d3

          SHA1

          5d27726e6c8a7d3209122a18308c844146f14c36

          SHA256

          f0498f38d9b2d092bfda05a07f7d534772909881ecf74e07f976795aef2413f5

          SHA512

          cc7d8e8940be5dc8153427383a3c51af91c8d58ad6a06adf418da932ac96bc6067e4545c06a130227b19a2be56b8c5618aabe28288b18fde72591efff7120ffc

          Download Submit

        • \Users\Admin\AppData\Local\9TO\notepad.exe
          Filesize

          189KB

          MD5

          f2c7bb8acc97f92e987a2d4087d021b1

          SHA1

          7eb0139d2175739b3ccb0d1110067820be6abd29

          SHA256

          142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2

          SHA512

          2f37a2e503cffbd7c05c7d8a125b55368ce11aad5b62f17aaac7aaf3391a6886fa6a0fd73223e9f30072419bf5762a8af7958e805a52d788ba41f61eb084bfe8

          Download Submit

        • \Users\Admin\AppData\Local\CQp8YVLa\SYSDM.CPL
          Filesize

          268KB

          MD5

          16bb8b59b41c6a4d2f9a88aacf1dfad6

          SHA1

          ce57e2c66aeab7a66b7866d047f256c904e67b3e

          SHA256

          2ea50da55ec87b94db67441fa1b2e011f9f05ea45bd000416b1a9d8ba83d7abf

          SHA512

          444c8efb83117bb3457787dc1cd0f52e75956a2bff73bf9057874d6ebfc05d8e6aba9b506054d3c7683893de4d0b391afe740c2fab469ef1fb782b493b694902

          Download Submit

        • \Users\Admin\AppData\Local\TZOn\SYSDM.CPL
          Filesize

          114KB

          MD5

          c07226e6d35055b3ad928805e60fed39

          SHA1

          e5fc091f0e152058cff1e056327072289b0e0b55

          SHA256

          bae66952feacdaf2ce7b9829ffc4edbaa8b1501652f1ed889b72620499f34a97

          SHA512

          58ad5c6b276de49373f862209158876174a39d50ef8de007c73dbdd5784b471518ca915ca86accaae088d79f2b31f9b5b58dc3176c50fd83027715875902ebe1

          Download Submit

        • \Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
          Filesize

          45KB

          MD5

          9e67f5450d6dd4a41449caa6fc7c6c59

          SHA1

          079d7611d171c16f92f263f33a3f7c13b98a2deb

          SHA256

          0994fa2c50743864c186572fb539cb36ae0224f299af6f74b0238dccdd4ca76f

          SHA512

          4d51acd88b5617a685ec16f9e5b5a5197cdd72930e199d813b24c58902f02de9ff50bb3b3fea467f2ef707e1cffcba0d48c0d05858cba8515fccf91aafec7370

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\KttqBvA\SystemPropertiesPerformance.exe
          Filesize

          42KB

          MD5

          e016ebf74e99c3d91dbfb31994ce6846

          SHA1

          be4e18b420ca9f87a36394b99af34b9aa457b8b5

          SHA256

          340ceef8c2d469e5ceb04dcb86bfda6bf9332430a18ee58de4d81b329435cf18

          SHA512

          600b83269e3931aceb58417c1bf44514e0a7e4016e537191823c17eb9cb6db408c287882371cb0b601bb35fb2bf0b6ffbd86e88f49457b4bcdc7e3e6a7cd8681

          Download Submit

        • memory/472-107-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/616-1-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/616-0-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/616-8-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-21-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-52-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-28-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-29-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-30-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-27-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-23-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-31-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-33-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-32-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-34-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-38-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-36-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-40-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-39-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-44-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-45-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-43-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-42-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-41-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-47-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-46-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-48-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-51-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-49-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-50-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-53-0x0000000002260000-0x0000000002267000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1204-24-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-37-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-35-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-61-0x00000000772F1000-0x00000000772F2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-60-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-62-0x0000000077450000-0x0000000077452000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-71-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-26-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-25-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-4-0x00000000770E6000-0x00000000770E7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-22-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-19-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-20-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-17-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-18-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-14-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-16-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-15-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-11-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-13-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-5-0x0000000002A00000-0x0000000002A01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-12-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-9-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-147-0x00000000770E6000-0x00000000770E7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-10-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-7-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2608-90-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2848-126-0x0000000000080000-0x0000000000087000-memory.dmp

          Filesize

          28KB

          Download