Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

bcd53a03a1...ca.dll

windows7-x64

10

bcd53a03a1...ca.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 14:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bcd53a03a12a4ce08e833fdcdd8d8cca.dll

  • Size

    2.0MB

  • MD5

    bcd53a03a12a4ce08e833fdcdd8d8cca

  • SHA1

    0e84a0c65f7eb5273609ec94a4de8217995726db

  • SHA256

    610801e1516dac10986662e4aa33209c5699069c84322ac8abdcd548a8eb3ea0

  • SHA512

    729335e687444f306acea30cb14569247b3ffda79d935a08163a5d0fc92d2268fa0023249c10789833b4f2202e8c7832617256c9c362585a8bb4afaeee3c6788

  • SSDEEP

    12288:lVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:8fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcd53a03a12a4ce08e833fdcdd8d8cca.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:616
  • C:\Windows\system32\SystemPropertiesProtection.exe
    C:\Windows\system32\SystemPropertiesProtection.exe
    1⤵
      PID:2588
    • C:\Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
      C:\Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2608
    • C:\Windows\system32\notepad.exe
      C:\Windows\system32\notepad.exe
      1⤵
        PID:524
      • C:\Users\Admin\AppData\Local\9TO\notepad.exe
        C:\Users\Admin\AppData\Local\9TO\notepad.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:472
      • C:\Windows\system32\SystemPropertiesPerformance.exe
        C:\Windows\system32\SystemPropertiesPerformance.exe
        1⤵
          PID:604
        • C:\Users\Admin\AppData\Local\CQp8YVLa\SystemPropertiesPerformance.exe
          C:\Users\Admin\AppData\Local\CQp8YVLa\SystemPropertiesPerformance.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2848

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\9TO\VERSION.dll
          Filesize

          241KB

          MD5

          f6df262b8e4f3c3e7e49b82f5b76fa1c

          SHA1

          566351d0f2f29afaa264ebc0e4ac4af805c05041

          SHA256

          e719ac4680dac410537ea95b96ee3bc25081958b846c51d55797117ca0bb0735

          SHA512

          9ff6063b1642bbb00e6e3e93960c4b16834dceb2fb2dc56f29c51bd834031927919f3d6960c992e8eba1b6de44fbb14ecc6188fc47af8869846dd5f27cc41c8c

          Download Submit

        • C:\Users\Admin\AppData\Local\9TO\notepad.exe
          Filesize

          45KB

          MD5

          7e13131ecfad454128b12555a7fd0020

          SHA1

          5d7ef1f3f91912eb83d296c2543519efcc28f9e7

          SHA256

          1d2c480bebbe3e61a1e16b963f7cc691d49133f9f8f963ad2cc3c3dc082ca83d

          SHA512

          dff9bfefb67ced5bfb8ddddf15928c74463a446bf48c10c95f62e8d33d128040be42ea02a0f86ce055ed24c10082e9c5d414468f7f5da0fe95a7c5b43b6d2078

          Download Submit

        • C:\Users\Admin\AppData\Local\CQp8YVLa\SYSDM.CPL
          Filesize

          316KB

          MD5

          3904b2677d8d39bf48515c911647cf34

          SHA1

          38625585fe851be72ab5ef91a34ae1d414c793e0

          SHA256

          7091e8be3c94c74e352dea7e78e44fa8c70dab0afef8e341e6d979718e6b6c44

          SHA512

          7645d983a0dc4739d6eaa15f877a94b195f7f56bd9163546b035089b57b286b14abd3d0c0ef8a3981a5f97fbcb02ba20518e7d36fb1e5ab8d4a184a113fd40c3

          Download Submit

        • C:\Users\Admin\AppData\Local\CQp8YVLa\SystemPropertiesPerformance.exe
          Filesize

          80KB

          MD5

          870726cdcc241a92785572628b89cc07

          SHA1

          63d47cc4fe9beb75862add1abca1d8ae8235710a

          SHA256

          1ab77fa1ee0cbe59ca185c228c3c11abeba2b2008a162c91a06d3c40542e7fc6

          SHA512

          89b961c2a2716fe0800e54e0206c8b349a26f1bc2a463ec9bd12f3ab22bfcb13e6402b4c20ddcf284d838a3c66e73335af8f6dc4554d76646382e387242c6f72

          Download Submit

        • C:\Users\Admin\AppData\Local\TZOn\SYSDM.CPL
          Filesize

          77KB

          MD5

          b4d54088d30e59a692c60d00a9c101ba

          SHA1

          b857004724bc1a50a9df139fa05655100e1cb3a3

          SHA256

          a9dfd85b19d45cec3ea5d00d2dc52e30563e8b49b9a767dfc4cd712d3533e8c5

          SHA512

          25eb309db0ee53c9ef2143b615b660387aa003e43bc4aa26c718a573b0ad5684dc7df0933f250b9856b19a1439297703a73f7259b6d500195bf14c0901e5d97b

          Download Submit

        • C:\Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
          Filesize

          80KB

          MD5

          05138d8f952d3fff1362f7c50158bc38

          SHA1

          780bc59fcddf06a7494d09771b8340acffdcc720

          SHA256

          753a43d8aa74341d06582bd6b3784dc5f8c6f46174c2a306cf284de238a9c6bd

          SHA512

          27fa8c0af3d01f0816852d04693087f3c25d1307d8857a7ea75b0bb3e0ac927d262f5ac5a335afee150142fa3187354d33ebbcf6c3cd5cc33cb4e6cd00c50255

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Zrkibbhbsqvuoso.lnk
          Filesize

          1KB

          MD5

          b43bbe82878099a186f3913d609d7671

          SHA1

          a8d4af4735ff68bce88c2737cf17eee4dabbf4a5

          SHA256

          85c0a3fda502686d418e12ab485d3ea7939bf87ca2c450a84dfad44f3ee5abe7

          SHA512

          c0b32fb735440acdd224b3d0b7c865cf92836d8e14c7cd7c8fba3ef1c59fdbb91e9d97242d308f9a51a20ffcdeda76808e7738f97ead8fc4ce2a60867984e008

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\iuXw6wZSLT\SYSDM.CPL
          Filesize

          2.0MB

          MD5

          027cb7dff72b55cbe67f340c27955253

          SHA1

          e875e8b20ba335af05406808a8cff65a3306d71f

          SHA256

          7112bba281aef2f345670d7daa9125d11fe0538645421c04001125119524e500

          SHA512

          a4d9b4dbb3ddf72d0cc8ea78cb25d5d48d715ef29374c978ee014c4b68587ff41245f56d6f4931dca491c8eebfe5de81995e5e5ada69b21dcce48edf93ba87b7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\KttqBvA\SYSDM.CPL
          Filesize

          2.0MB

          MD5

          27c9a97238f378fa8c0014ebb5d0da46

          SHA1

          8ee335e4e240d79ba7d053f12296d25531494d16

          SHA256

          9d2927a8e0886fde0b6c3d4df8e0677f06701dc9185421c0c8cb07d546bb104c

          SHA512

          860e7ca6d533124984b782fe5eab1325cc71a3e2af19c5be0837484d6b48af5e4bc1218a582288583af5d31114acff9f985583c6ba0c04d89e0de157a3adfe26

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\KttqBvA\SystemPropertiesPerformance.exe
          Filesize

          28KB

          MD5

          d1d7abadb9010789e1f8c69b715d318e

          SHA1

          ca07f527ad68010a974e7c5f9e0f5a1728cf2c47

          SHA256

          367c9e5b775b4004d4b570721293128d90926c62d682419df400f1f19497237b

          SHA512

          e749568b86e8b680afdebff68a14da1bd579d871b740a83de782b27e50133c2c6de0944c33690d81dad8874a23913ffc5f24c5d007d50c4c168120c0bdd101d6

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IOAy7UQ\VERSION.dll
          Filesize

          2.0MB

          MD5

          77af567071d675e7791301166ea130e7

          SHA1

          8ebbcd00e1e3dcbc9db33879633f704fb2c565ae

          SHA256

          9b44bc5aba7387e93a5fb2f114f8837d68ff875d32aec37f4187f9d26786674b

          SHA512

          80154ecd712c68176fb11aefca51152267b48b05399c2fde8496ca73ed6a6dcf5db8ae74161fd69ed0908c49c1a048cd50fe753ce04e86db368ec73d8a411718

          Download Submit

        • \Users\Admin\AppData\Local\9TO\VERSION.dll
          Filesize

          210KB

          MD5

          daaeaa4ab023e6fad024e9239e3dd0d3

          SHA1

          5d27726e6c8a7d3209122a18308c844146f14c36

          SHA256

          f0498f38d9b2d092bfda05a07f7d534772909881ecf74e07f976795aef2413f5

          SHA512

          cc7d8e8940be5dc8153427383a3c51af91c8d58ad6a06adf418da932ac96bc6067e4545c06a130227b19a2be56b8c5618aabe28288b18fde72591efff7120ffc

          Download Submit

        • \Users\Admin\AppData\Local\9TO\notepad.exe
          Filesize

          189KB

          MD5

          f2c7bb8acc97f92e987a2d4087d021b1

          SHA1

          7eb0139d2175739b3ccb0d1110067820be6abd29

          SHA256

          142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2

          SHA512

          2f37a2e503cffbd7c05c7d8a125b55368ce11aad5b62f17aaac7aaf3391a6886fa6a0fd73223e9f30072419bf5762a8af7958e805a52d788ba41f61eb084bfe8

          Download Submit

        • \Users\Admin\AppData\Local\CQp8YVLa\SYSDM.CPL
          Filesize

          268KB

          MD5

          16bb8b59b41c6a4d2f9a88aacf1dfad6

          SHA1

          ce57e2c66aeab7a66b7866d047f256c904e67b3e

          SHA256

          2ea50da55ec87b94db67441fa1b2e011f9f05ea45bd000416b1a9d8ba83d7abf

          SHA512

          444c8efb83117bb3457787dc1cd0f52e75956a2bff73bf9057874d6ebfc05d8e6aba9b506054d3c7683893de4d0b391afe740c2fab469ef1fb782b493b694902

          Download Submit

        • \Users\Admin\AppData\Local\TZOn\SYSDM.CPL
          Filesize

          114KB

          MD5

          c07226e6d35055b3ad928805e60fed39

          SHA1

          e5fc091f0e152058cff1e056327072289b0e0b55

          SHA256

          bae66952feacdaf2ce7b9829ffc4edbaa8b1501652f1ed889b72620499f34a97

          SHA512

          58ad5c6b276de49373f862209158876174a39d50ef8de007c73dbdd5784b471518ca915ca86accaae088d79f2b31f9b5b58dc3176c50fd83027715875902ebe1

          Download Submit

        • \Users\Admin\AppData\Local\TZOn\SystemPropertiesProtection.exe
          Filesize

          45KB

          MD5

          9e67f5450d6dd4a41449caa6fc7c6c59

          SHA1

          079d7611d171c16f92f263f33a3f7c13b98a2deb

          SHA256

          0994fa2c50743864c186572fb539cb36ae0224f299af6f74b0238dccdd4ca76f

          SHA512

          4d51acd88b5617a685ec16f9e5b5a5197cdd72930e199d813b24c58902f02de9ff50bb3b3fea467f2ef707e1cffcba0d48c0d05858cba8515fccf91aafec7370

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\KttqBvA\SystemPropertiesPerformance.exe
          Filesize

          42KB

          MD5

          e016ebf74e99c3d91dbfb31994ce6846

          SHA1

          be4e18b420ca9f87a36394b99af34b9aa457b8b5

          SHA256

          340ceef8c2d469e5ceb04dcb86bfda6bf9332430a18ee58de4d81b329435cf18

          SHA512

          600b83269e3931aceb58417c1bf44514e0a7e4016e537191823c17eb9cb6db408c287882371cb0b601bb35fb2bf0b6ffbd86e88f49457b4bcdc7e3e6a7cd8681

          Download Submit

        • memory/472-107-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/616-1-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/616-0-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/616-8-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-21-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-52-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-28-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-29-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-30-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-27-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-23-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-31-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-33-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-32-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-34-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-38-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-36-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-40-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-39-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-44-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-45-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-43-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-42-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-41-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-47-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-46-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-48-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-51-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-49-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-50-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-53-0x0000000002260000-0x0000000002267000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1204-24-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-37-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-35-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-61-0x00000000772F1000-0x00000000772F2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-60-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-62-0x0000000077450000-0x0000000077452000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-71-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-26-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-25-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-4-0x00000000770E6000-0x00000000770E7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-22-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-19-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-20-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-17-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-18-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-14-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-16-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-15-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-11-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-13-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-5-0x0000000002A00000-0x0000000002A01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-12-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-9-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-147-0x00000000770E6000-0x00000000770E7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-10-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1204-7-0x0000000140000000-0x0000000140205000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2608-90-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2848-126-0x0000000000080000-0x0000000000087000-memory.dmp

          Filesize

          28KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.