Analysis

  • max time kernel
    3s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 16:37

General

  • Target

    f518a4dec5de3386e7aa4a19fd0f8ac1.dll

  • Size

    1.8MB

  • MD5

    f518a4dec5de3386e7aa4a19fd0f8ac1

  • SHA1

    0ef8670d9d1e4184daba2959bb6ac675e9ece0b5

  • SHA256

    89423c76e59074527f58059a7fbc88c65fb85fa4404b809f6f481d2bb3b602df

  • SHA512

    fd16896a386b8f23fa834f37c492d427be4a38cbc474e6264461fd0461cf0143db56cdfb6eed6835117f4debaf9c5237c8694104abe56ca53e34be8a8785f680

  • SSDEEP

    12288:LVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:KfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f518a4dec5de3386e7aa4a19fd0f8ac1.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2052
  • C:\Users\Admin\AppData\Local\Wpw3aN\calc.exe
    C:\Users\Admin\AppData\Local\Wpw3aN\calc.exe
    1⤵
      PID:1324
    • C:\Windows\system32\calc.exe
      C:\Windows\system32\calc.exe
      1⤵
        PID:1248
      • C:\Windows\system32\DisplaySwitch.exe
        C:\Windows\system32\DisplaySwitch.exe
        1⤵
          PID:1680
        • C:\Users\Admin\AppData\Local\5BSmtifRo\DisplaySwitch.exe
          C:\Users\Admin\AppData\Local\5BSmtifRo\DisplaySwitch.exe
          1⤵
            PID:1440
          • C:\Users\Admin\AppData\Local\pnlj4uKoq\AdapterTroubleshooter.exe
            C:\Users\Admin\AppData\Local\pnlj4uKoq\AdapterTroubleshooter.exe
            1⤵
              PID:2192
            • C:\Windows\system32\AdapterTroubleshooter.exe
              C:\Windows\system32\AdapterTroubleshooter.exe
              1⤵
                PID:1960

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/1200-31-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-49-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-4-0x0000000077936000-0x0000000077937000-memory.dmp

                Filesize

                4KB

              • memory/1200-36-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-30-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-50-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-62-0x0000000077BA0000-0x0000000077BA2000-memory.dmp

                Filesize

                8KB

              • memory/1200-69-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-59-0x0000000077A41000-0x0000000077A42000-memory.dmp

                Filesize

                4KB

              • memory/1200-75-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-58-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-57-0x00000000029F0000-0x00000000029F7000-memory.dmp

                Filesize

                28KB

              • memory/1200-48-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-47-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-46-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-45-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-44-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-43-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-42-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-41-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-40-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-39-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-38-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-37-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-29-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-34-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-33-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-32-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-21-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-15-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-35-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-28-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-27-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-26-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-25-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-24-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-23-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-22-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-20-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-19-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-18-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-17-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-16-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-14-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-13-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-12-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-11-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-10-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-160-0x0000000077936000-0x0000000077937000-memory.dmp

                Filesize

                4KB

              • memory/1200-5-0x0000000002A20000-0x0000000002A21000-memory.dmp

                Filesize

                4KB

              • memory/1200-7-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1200-9-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/1324-87-0x0000000000100000-0x0000000000107000-memory.dmp

                Filesize

                28KB

              • memory/1440-111-0x0000000000180000-0x0000000000187000-memory.dmp

                Filesize

                28KB

              • memory/2052-2-0x0000000000110000-0x0000000000117000-memory.dmp

                Filesize

                28KB

              • memory/2052-8-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/2052-0-0x0000000140000000-0x00000001401CB000-memory.dmp

                Filesize

                1.8MB

              • memory/2192-137-0x0000000000090000-0x0000000000097000-memory.dmp

                Filesize

                28KB