Overview

overview

10

Static

static

3

fc0aa6dcbc...16.dll

windows7-x64

10

fc0aa6dcbc...16.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fc0aa6dcbc1cfdd09dd1e8bacb20ef16.dll

  • Size

    1.7MB

  • MD5

    fc0aa6dcbc1cfdd09dd1e8bacb20ef16

  • SHA1

    8840124afefe1d0401b17f9cf49403699eec6872

  • SHA256

    e98ec64dd1a7e8a99356a9ee5c619df9d93bc0be63df2ea03e30c01d37b4da2b

  • SHA512

    42a0d90d28ca5d75c915a777502543fc3ef77f2edfe60cf155b91b840693007a88a60c2a3722f2663832292027ae1149d9098b0b34f3c81d914ecea35a0af911

  • SSDEEP

    12288:rVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:qfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc0aa6dcbc1cfdd09dd1e8bacb20ef16.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2140
  • C:\Windows\system32\SystemPropertiesRemote.exe
    C:\Windows\system32\SystemPropertiesRemote.exe
    1⤵
      PID:1712
    • C:\Users\Admin\AppData\Local\OAfK0px\SystemPropertiesRemote.exe
      C:\Users\Admin\AppData\Local\OAfK0px\SystemPropertiesRemote.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3024
    • C:\Windows\system32\rekeywiz.exe
      C:\Windows\system32\rekeywiz.exe
      1⤵
        PID:620
      • C:\Users\Admin\AppData\Local\Sbc\rekeywiz.exe
        C:\Users\Admin\AppData\Local\Sbc\rekeywiz.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1408
      • C:\Windows\system32\dpapimig.exe
        C:\Windows\system32\dpapimig.exe
        1⤵
          PID:2892
        • C:\Users\Admin\AppData\Local\5nxEKKlnY\dpapimig.exe
          C:\Users\Admin\AppData\Local\5nxEKKlnY\dpapimig.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1676

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\5nxEKKlnY\DUI70.dll
          Filesize

          1.9MB

          MD5

          36bcf1005ea05d500f36144c7e4eac6e

          SHA1

          43c05277507e4d6c3bb47a1bf8d55ac13aee3c7d

          SHA256

          e429e3cca7eb72b4a970361e2ecad858f13674a0a834d82058642affe5f58164

          SHA512

          3040a0528464715dee94b13848dfbee083f63c7b8fd3ea2c7805dcc484f98098544724097441bc6b174dc9a8f0be6afaa534d9e54865b1b0a4fd3f8f25b794dd

          Download Submit

        • C:\Users\Admin\AppData\Local\OAfK0px\SYSDM.CPL
          Filesize

          1.7MB

          MD5

          875ab896bdffe9d8d19b0391ad9be341

          SHA1

          1aca232eddc9b68f81c3f7f42732b1b31c71e87d

          SHA256

          f018979bcc625cbb83eb89add4fbaf4c1510c5ac5dfd310dee3616c3af90c593

          SHA512

          4635e6b56d551a8f9cc7a9db5e5064c70ae70434a625d79c70ef3a431a972acdac8a73e2d21d35a6c81642287eac1e4f4d4b7a325a0f526ffea355d60c49dfdc

          Download Submit

        • C:\Users\Admin\AppData\Local\Sbc\slc.dll
          Filesize

          1.7MB

          MD5

          a9218721984dac4187c16b4572fd5f39

          SHA1

          ba660b306e77bc20fea13e2560b73fb9d1923f01

          SHA256

          6652ded6db7cc95b817bd17b73f956c8517eaac030e39fe57faff81ce6b7ba3f

          SHA512

          41fda941ceee537660ef9a42dc9a394e7c58b155b0995d88fd69732dc724997113513c4cc2e8e75fdd59d1ff40a8b6efca00f1f4c76d99f754b35cfb448f6880

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ercyejwqgvsruoy.lnk
          Filesize

          1KB

          MD5

          7a2249650fc11bd5828f150e21cc0fca

          SHA1

          4acf7b01f9196b47f2dae0b90802fb167bd35cc8

          SHA256

          c1e989241b856ae7aebee3b6af61f42f3df74cf777ce0c5f52a1ddb48ca866ce

          SHA512

          767054aa4896ece730acf4b7bdb65feb0d45652c21da3d75d37d8269ae3bedc078f0091a2dd0434fbeccd2eacaff8b1978fe66a61d6ced7a61fcd7b5d42eaa25

          Download Submit

        • \Users\Admin\AppData\Local\5nxEKKlnY\dpapimig.exe
          Filesize

          73KB

          MD5

          0e8b8abea4e23ddc9a70614f3f651303

          SHA1

          6d332ba4e7a78039f75b211845514ab35ab467b2

          SHA256

          66fc6b68e54b8840a38b4de980cc22aed21009afc1494a9cc68e892329f076a1

          SHA512

          4feded78f9b953472266693e0943030d00f82a5cc8559df60ae0479de281164155e19687afc67cba74d04bb9ad092f5c7732f2d2f9b06274ca2ae87dc2d4a6dc

          Download Submit

        • \Users\Admin\AppData\Local\OAfK0px\SystemPropertiesRemote.exe
          Filesize

          80KB

          MD5

          d0d7ac869aa4e179da2cc333f0440d71

          SHA1

          e7b9a58f5bfc1ec321f015641a60978c0c683894

          SHA256

          5762e1570de6ca4ff4254d03c8f6e572f3b9c065bf5c78fd5a9ea3769c33818a

          SHA512

          1808b10dc85f8755a0074d1ea00794b46b4254573b6862c2813a89ca171ad94f95262e8b59a8f9a596c9bd6a724f440a14a813eab93aa140e818ee97af106db7

          Download Submit

        • \Users\Admin\AppData\Local\Sbc\rekeywiz.exe
          Filesize

          67KB

          MD5

          767c75767b00ccfd41a547bb7b2adfff

          SHA1

          91890853a5476def402910e6507417d400c0d3cb

          SHA256

          bd70e504871a2ac1c883d19b87970c8d1b8b251c784bf777ba77ed764f5f2395

          SHA512

          f096043452a1aa213a5e4d62638de3ee4b0b3ad3d12b7ee0372d8c79e00e2e13b4fd0ebc4206bbdb5124bed292dd5b30ef1641288046ef835f89c332985154f9

          Download Submit

        • memory/1308-36-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-40-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-14-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-18-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-16-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-17-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-19-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-21-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-20-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-22-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-23-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-24-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-25-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-26-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-27-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-28-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-29-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-30-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-31-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-32-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-33-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-34-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-35-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-4-0x00000000778E6000-0x00000000778E7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1308-37-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-38-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-39-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-15-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-43-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-42-0x0000000002A90000-0x0000000002A97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1308-41-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-50-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-51-0x0000000077AF1000-0x0000000077AF2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1308-52-0x0000000077C50000-0x0000000077C52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1308-61-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-67-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-71-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-13-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-12-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-5-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1308-139-0x00000000778E6000-0x00000000778E7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1308-7-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-9-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-10-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1308-11-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1408-99-0x00000000002E0000-0x00000000002E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1676-117-0x0000000001B50000-0x0000000001B57000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2140-8-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2140-1-0x0000000140000000-0x00000001401B6000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2140-0-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3024-85-0x0000000140000000-0x00000001401B7000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3024-80-0x0000000140000000-0x00000001401B7000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/3024-79-0x0000000000280000-0x0000000000287000-memory.dmp

          Filesize

          28KB

          Download