Analysis

  • max time kernel
    4s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 16:33

General

  • Target

    f31c9ea6eaecfbc1d3581dd755a4944f.dll

  • Size

    2.3MB

  • MD5

    f31c9ea6eaecfbc1d3581dd755a4944f

  • SHA1

    94d3949951aa11a15bb76f8186612568117086ea

  • SHA256

    c52b166abcd2b1f2055342f5e28d79527a621c723f52a0a2b0ea9e55d3e46136

  • SHA512

    3036a7c406a530486e7b26d1499103bca0fcd14769856b5bd0aa1a983e07004d4301d5e7b2b8b78936e67d5099dac66e4887dce3cec6ce4a89688f381f372c5a

  • SSDEEP

    12288:/VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1cNeu:2fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f31c9ea6eaecfbc1d3581dd755a4944f.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:740
  • C:\Windows\system32\phoneactivate.exe
    C:\Windows\system32\phoneactivate.exe
    1⤵
      PID:2256
    • C:\Windows\system32\dialer.exe
      C:\Windows\system32\dialer.exe
      1⤵
        PID:2716
      • C:\Users\Admin\AppData\Local\bUdEA7\SystemPropertiesDataExecutionPrevention.exe
        C:\Users\Admin\AppData\Local\bUdEA7\SystemPropertiesDataExecutionPrevention.exe
        1⤵
          PID:772
        • C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
          C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
          1⤵
            PID:4844
          • C:\Users\Admin\AppData\Local\DLuP\dialer.exe
            C:\Users\Admin\AppData\Local\DLuP\dialer.exe
            1⤵
              PID:4632
            • C:\Users\Admin\AppData\Local\XVb42Xa\phoneactivate.exe
              C:\Users\Admin\AppData\Local\XVb42Xa\phoneactivate.exe
              1⤵
                PID:4152

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\DLuP\TAPI32.dll

                Filesize

                57KB

                MD5

                a383446fac0b374962d886501a80b365

                SHA1

                b3587cdb7047d0e4685cfc7b67a8f6520ae60930

                SHA256

                8b1e6e82a91c09eb49416c8e2b1981672a412fdef8dde8872907a2c53b92fa86

                SHA512

                af02756dd3c4ae28ebca20402da0012c2ac56074d7c82717ab7b25cb74d65c15a9f08c96fbf1c9002644d63956a5d746f116180a0f037b2a7b43d11c419b3b00

              • C:\Users\Admin\AppData\Local\DLuP\TAPI32.dll

                Filesize

                60KB

                MD5

                bf9231156a26d833dd93da63d59088d1

                SHA1

                8f0c8c2be2902a214dc043fe7863c5d869c1e385

                SHA256

                e3b7473c8a2677f1d53c0943ffb9fe9aea05304084d0aa34e6b4040446fa4587

                SHA512

                ff63aa19fb4850182d516fb60df9aabf3d69f457954a149b1eb47fec60d9f8be640f3233a37a8e186e7173ecc9ad10b7b656866d07aa655fd36256ad0dfa1034

              • C:\Users\Admin\AppData\Local\DLuP\dialer.exe

                Filesize

                39KB

                MD5

                b2626bdcf079c6516fc016ac5646df93

                SHA1

                838268205bd97d62a31094d53643c356ea7848a6

                SHA256

                e3ac5e6196f3a98c1946d85c653866c318bb2a86dd865deffa7b52f665d699bb

                SHA512

                615cfe1f91b895513c687906bf3439ca352afcadd3b73f950af0a3b5fb1b358168a7a25a6796407b212fde5f803dd880bcdc350d8bac7e7594090d37ce259971

              • C:\Users\Admin\AppData\Local\XVb42Xa\DUI70.dll

                Filesize

                130KB

                MD5

                52ee211a7dba63b6ce95af7c5ea124e1

                SHA1

                a118c424907bdbf961d594376d665e9df10bb08c

                SHA256

                8db044d66470135abc0ff51f4066369597c8fbd567b7fbc8a1646b892f9bbf67

                SHA512

                225b2e2139e53a719b1e33796e1cb022d9afd94e11f9a77b92726848430defa59c5895873c12c5f9d632ae21cbf5cc796256f686aec817b02953c0c9a9b0c17a

              • C:\Users\Admin\AppData\Local\XVb42Xa\DUI70.dll

                Filesize

                90KB

                MD5

                4abee8c87c1e7fc843a2149ff6aa1615

                SHA1

                b60c49491d2ceb9181105d05ac7fdc85cad36440

                SHA256

                2ff0916dfd3df7b2514a39016509e0169dc4e42a9f9d7f47fc5f09d0f82bc4f5

                SHA512

                20fece26935017d8dda6f3b90fc43908970c263b2198e814606a74ac2c31d3daf732433ec7e835dea5675b3c419589e98265f1adab7a97544eecb726d788a7f8

              • C:\Users\Admin\AppData\Local\XVb42Xa\phoneactivate.exe

                Filesize

                89KB

                MD5

                cdd0bf435d0a1652be5a7a9fc4c2d5d2

                SHA1

                efb754e28ad96e6fe668e4bb465fd9af3b89155c

                SHA256

                23a0e19f78aa38b3c155e3477fceaf4d9ae78f2507a9d8861c91c95a9cdd5f55

                SHA512

                33447984a84dd68bb86906dd4c734682e875de0a75f2eb159197940752afe38f822878c9806ccf62dc45655bf490817259e9f4fc066b009b301ced245c95030e

              • C:\Users\Admin\AppData\Local\XVb42Xa\phoneactivate.exe

                Filesize

                64KB

                MD5

                1bd362d2de4ab862d1c386a22f1f294d

                SHA1

                bafe54677e1ad55323865fba584e1570f89e3e66

                SHA256

                6a00dead2676608dc1a25551f4dbb8b1b529e3cd47dfe9b649909aed42d79e5f

                SHA512

                a2cf09dbbc5ac45d85e02caeb9f40428dd20030a6fa5dc46f7d567da9527d66dfff0df62877627cd6e8390f269612fcd5df2f972921b059081ee1b87dea2c281

              • C:\Users\Admin\AppData\Local\bUdEA7\SYSDM.CPL

                Filesize

                53KB

                MD5

                6d1295362065c7143ccdc9a454e07467

                SHA1

                32df7d8c303e082e0fba5600f7cbdb3c13b51743

                SHA256

                a2b861a3950bed2e5ccc20b841987acd84dabd5a168fc85d0ee04eb3d3b330eb

                SHA512

                2b7d9f1368cee0c323d3550077b925cb7acb766268481597cf4a7cc8e01c2e662bbd494d02716dc649266820df8d98e7ad0af515d392d791abdb1f7ed3921db4

              • C:\Users\Admin\AppData\Local\bUdEA7\SYSDM.CPL

                Filesize

                55KB

                MD5

                e5e866f23b6258d5b69d98b8865b11b0

                SHA1

                7a670071db0bce5eb35e836ba4aaa707d6fced88

                SHA256

                97a4c4dc6cfd4b095162f55fb0be61b8a29a3f824c8b96c1fbeca8cffa0199dd

                SHA512

                83665b914d9d3366d9eaacb2507a42825f5066f9e2fa2aeed8ec9a9ebf3fa8af7ccfd8664a13eadd74bf5bde523f8e557410b43ae16d1ee377b777cecb17c3ae

              • C:\Users\Admin\AppData\Local\bUdEA7\SystemPropertiesDataExecutionPrevention.exe

                Filesize

                55KB

                MD5

                0b649e8402e6c982bc69059fa4d413ab

                SHA1

                66e3e6be7560995cc1778ed91bda36266d8bfe3d

                SHA256

                122bea3edeb716d8667f843e7965245b9a8f9953210dbc71c93dbd60b6882afa

                SHA512

                9345d8dd9727262388a7deeed90cee25af04addd8c0296e4b909cafd10e7bc918eb9ed6eae2bf65ea9be99f3433c80f1115aa7ce1c434f33b325758a45a4b4fa

              • C:\Users\Admin\AppData\Local\bUdEA7\SystemPropertiesDataExecutionPrevention.exe

                Filesize

                40KB

                MD5

                7fe3668b8538f54ec46fcb7b70c3883b

                SHA1

                3d4eec07855916ef84340d7bfd5b7a6d77ae0eec

                SHA256

                90b452123efacc890d9cfb8d9f25ac123ad05c19dcb56dbb472a7732264c3a7e

                SHA512

                e3a2f8f090f5aed85b870ddebf8ad514d9818c1beb964eb155a6f39578aaf947863b1293d44d0d6f56b53936a32a745bcf4671250fec45410390e14cabf76320

              • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Aqwbkkvq.lnk

                Filesize

                1KB

                MD5

                e28fa2d2b6461dc179f2240b23fb7c82

                SHA1

                7e65787d64fac74faec68d1df641b4593fdeeee8

                SHA256

                d33f922b52e74135cdf93cbac4b2812af1713517f0afcce538061386d2b7861e

                SHA512

                b6dbc4e814731699703df2afeb8d2ca3f052305307a2cb9b26cca0d90eb222a8cb7d83f25c9c2cd9bf4be6c289bedd4133959344c3588669ec5f3f95a9b5c146

              • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Ty\SYSDM.CPL

                Filesize

                87KB

                MD5

                ae865c04b7d13b0344840cfe03b4f680

                SHA1

                79615c7ba1002a7f2a7dcd4ae5bec3ee3c789149

                SHA256

                7a0983e06cd3b75d415d9697fde36719050818e9c74039f811741434d1750652

                SHA512

                3ac46945a721fffc079fae7142ba71e7661c0aa16a0c3e5539db3fa902ad34727c2f9b8a0d99e39506e8a9d963c8e5f08e433c9301fd0877c94c7afcb82e29f0

              • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\zFmlND\DUI70.dll

                Filesize

                54KB

                MD5

                d155330072964ced2be91bce9e738613

                SHA1

                96630c6938dbee80698cb85c2a266b2ccfecd898

                SHA256

                f7563d376e5151d5a85a82ca750624b2ec63a6e8be843eddb3b26c778fef5dc1

                SHA512

                57724f05958351ad421194bfe4b48382365e5f1e0cd3ae209261b07ebc252c8978a19a7c052e70505b9f8629cc725de689aaf33b794f48af2ec704f67fe27772

              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\eoh9LCnO\TAPI32.dll

                Filesize

                88KB

                MD5

                d90686ee96902e3d037a55b82d92a670

                SHA1

                71bcfed3b01af393b6a1e6c1abe9ba3908a1193a

                SHA256

                d7960d5a956bd59853fabbfab6b157c97919a6f76885b8d0e3df34a59d7e9637

                SHA512

                c8603b3ffc6a68d9a363f68d065da760f82cf841c28802370ef514c356f3a980a8382be84f94cebc96f71d345461a22b0955f79838dc1510106d540423136eef

              • memory/740-7-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/740-2-0x0000000001EF0000-0x0000000001EF7000-memory.dmp

                Filesize

                28KB

              • memory/740-0-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/772-112-0x000002368E2A0000-0x000002368E2A7000-memory.dmp

                Filesize

                28KB

              • memory/3520-43-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-36-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-13-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-6-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-22-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-23-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-24-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-26-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-25-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-27-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-30-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-29-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-34-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-38-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-41-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-19-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-46-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-45-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-44-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-42-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-40-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-47-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-50-0x0000000001090000-0x0000000001097000-memory.dmp

                Filesize

                28KB

              • memory/3520-39-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-37-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-18-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-55-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-35-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-33-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-32-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-31-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-28-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-65-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-60-0x00007FFBD0060000-0x00007FFBD0070000-memory.dmp

                Filesize

                64KB

              • memory/3520-67-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-4-0x0000000002F50000-0x0000000002F51000-memory.dmp

                Filesize

                4KB

              • memory/3520-8-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-10-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-9-0x00007FFBCEFDA000-0x00007FFBCEFDB000-memory.dmp

                Filesize

                4KB

              • memory/3520-11-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-21-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-20-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-16-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-17-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-15-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-14-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/3520-12-0x0000000140000000-0x000000014024B000-memory.dmp

                Filesize

                2.3MB

              • memory/4152-78-0x0000020E349E0000-0x0000020E349E7000-memory.dmp

                Filesize

                28KB

              • memory/4152-82-0x0000000140000000-0x0000000140291000-memory.dmp

                Filesize

                2.6MB

              • memory/4152-76-0x0000000140000000-0x0000000140291000-memory.dmp

                Filesize

                2.6MB

              • memory/4632-93-0x000002825ABD0000-0x000002825ABD7000-memory.dmp

                Filesize

                28KB

              • memory/4632-94-0x0000000140000000-0x000000014024D000-memory.dmp

                Filesize

                2.3MB