Analysis

  • max time kernel
    18s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2023 23:05

General

  • Target

    06757f0f902f5be0f5997657f6eb9265.dll

  • Size

    1.7MB

  • MD5

    06757f0f902f5be0f5997657f6eb9265

  • SHA1

    e6a16036b2f2b471440093625ff7712b274b3a88

  • SHA256

    ae2ad50601ea9427bbd5976872c8854d51b8411b1d542a6df8d32169b62848ec

  • SHA512

    3694179f2495a0f92bee6096f1a4c7cde9f1b0953051ce9d9e618a72548410d12362d6ca3204c803d3e6f234d80c56cb62150d958f33c15afcbd262b22ef5015

  • SSDEEP

    12288:8VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:JfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\06757f0f902f5be0f5997657f6eb9265.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2672
  • C:\Windows\system32\isoburn.exe
    C:\Windows\system32\isoburn.exe
    1⤵
      PID:3420
    • C:\Users\Admin\AppData\Local\tEcwNK\isoburn.exe
      C:\Users\Admin\AppData\Local\tEcwNK\isoburn.exe
      1⤵
        PID:2240
      • C:\Windows\system32\psr.exe
        C:\Windows\system32\psr.exe
        1⤵
          PID:3712
        • C:\Users\Admin\AppData\Local\c98YH5\psr.exe
          C:\Users\Admin\AppData\Local\c98YH5\psr.exe
          1⤵
            PID:1792
          • C:\Windows\system32\GamePanel.exe
            C:\Windows\system32\GamePanel.exe
            1⤵
              PID:4424
            • C:\Users\Admin\AppData\Local\472dBAsAH\GamePanel.exe
              C:\Users\Admin\AppData\Local\472dBAsAH\GamePanel.exe
              1⤵
                PID:4412

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\472dBAsAH\GamePanel.exe

                Filesize

                52KB

                MD5

                f18e222e66e075f9562877560232aaef

                SHA1

                a15b7218292b4cf7b592934065dc981bd28f6f8d

                SHA256

                e345d290bac19b4e98bff9cd50168012af5e54ab652eda05de46b248d0123c78

                SHA512

                b606af03c0eebe720e8bd093212fe98ae3a064f54165cd633d036c9d577254017398e36af7f207ca4f327ade66f2151c900127a4859d2e82a07885ba2714860c

              • C:\Users\Admin\AppData\Local\472dBAsAH\GamePanel.exe

                Filesize

                8KB

                MD5

                1e7c1e39c62abc019c0d4a56f4466d56

                SHA1

                e54743c3aa943fa4a49226e666dd30b6f5722bde

                SHA256

                23a146e81d63e06c257df96b7f6ae553372bb2303d4e00069aebfc3ce6884b2d

                SHA512

                bd4ae40612710a5d0643f3d5f0afce3af2722348ce04337cd2fd5bbbe748086a7c96b42072481e8488ed2e149b53dc93191682fd40b630eabd95b225faa9d9e8

              • C:\Users\Admin\AppData\Local\472dBAsAH\UxTheme.dll

                Filesize

                44KB

                MD5

                f71f35c9dd048ebd9ec751e7879e1611

                SHA1

                d2713f219d8c1833a9e2e2bfe2f9232067e23a49

                SHA256

                290d38a70af324a55cb7aadeae86dd365795d52c10186969a157faf7bc0e40be

                SHA512

                c5ad7198076db74b54a5c3430ebddf40fa16f6e0b8a9d72af514e5c72a5a73ca411b8f36e3e6d3d683ff2edb006d07ce4051cd158349acc32478c6f13a66cea5

              • C:\Users\Admin\AppData\Local\472dBAsAH\UxTheme.dll

                Filesize

                102KB

                MD5

                46a5e098ef18babd7bb8c922a9b66e18

                SHA1

                063fdb82191bde22eb311ac918f49356581c84c6

                SHA256

                70587503de79e3bd1d9ac258dceff1d3c06c2ef9c0d6863cb2ac17667e48a46c

                SHA512

                8432b2ac534de17430e0d0ff830e0cdfb44f1c23918f0130f862d7eb2e171931664997e1f9d302c5c60fe4e3694fb396b1f55c7c19032de3f5a610de7fd46698

              • C:\Users\Admin\AppData\Local\c98YH5\XmlLite.dll

                Filesize

                86KB

                MD5

                d6702b9c88074e8d933777882cbd05f3

                SHA1

                e090a2849e7bfdce032223b069c1a86747f6ad24

                SHA256

                e79e0717c1e616e570008527ecf72616a328d3261994c42c9720a57112e67bfc

                SHA512

                c7af363d83d63cda44c2319e9173407d7526e54377a63334e38b090e519cc940bb3eb5305ef057c6931dbb27404de009b2e7cde9bd4a55c9d9af3a8fb747a164

              • C:\Users\Admin\AppData\Local\c98YH5\XmlLite.dll

                Filesize

                10KB

                MD5

                59b0df6e6f2e0f7e1e432045c4b81393

                SHA1

                faa64aa86bdc54350cf9fbefd3bdbf871d9b9644

                SHA256

                0c1a46e4f353a67dc2f69094f84da6512f97780bccfd7d06c3eef188cac0d2e3

                SHA512

                50ac9e2c07adec9d4f4565660d5a1c0a38b4d057ce2d5507e49b8b2c8706bbc9ab13b749433cc721ace277812ab6b43ee4eb58542ee815a92afceda794d771a9

              • C:\Users\Admin\AppData\Local\c98YH5\XmlLite.dll

                Filesize

                48KB

                MD5

                6c6a9414d7ea733854bb291a842453e1

                SHA1

                21859c452d2dc4bc9f23e2eb4433123790efc675

                SHA256

                992de858b0ff2412a2c771aa6836c6f6b8bafdb1e93f3dc2a3af4415ca282232

                SHA512

                a4c8bcb0b177e44ea37029cf0c031204eefb0700a172a14ead5e16fd7861099e44b268c2d7909fda531c69713765842019f13ea8c2b01a1ad647c54f78925abb

              • C:\Users\Admin\AppData\Local\c98YH5\psr.exe

                Filesize

                43KB

                MD5

                9d224e27dcc684bf79a4c646f2682abf

                SHA1

                680063e009fa1e787b553d29ca79cd79e6db37c6

                SHA256

                3ae642570dc4bc32f3e46631677bbb9a6a95eb0f3e9e91de5d1eb203d0cd6fdb

                SHA512

                0287d7e186f74eb4181989383c4d0aa9d596c65b4f98ded07125e1acb8c27b95606a5bf81d0f6636bcd41c2669b7dba6ece2cc7e1e09bee53b92b4724ebac729

              • C:\Users\Admin\AppData\Local\c98YH5\psr.exe

                Filesize

                45KB

                MD5

                a56e2cbc1d7958bb39663c5549f8b03e

                SHA1

                3e3850e425d730be051a0b3a6820acaf14f74fe0

                SHA256

                0489ad1f87cc458650f0491dbf3a2f402de05ecbdce773a0e0b3d493f347a644

                SHA512

                ae7ea8ac1449a228136a182c5e391b063b69b3317339b950d67847f8395a0defba2dbc991b007918c094906dc12e4d4c2ea4f27769bd0c4b720bc3685bc9ea9b

              • C:\Users\Admin\AppData\Local\tEcwNK\UxTheme.dll

                Filesize

                1KB

                MD5

                b26ab5dea30d7a79fbe21ff99510f04d

                SHA1

                b524cf8c3edb3ed735908e0c6aa8c2f6434394ae

                SHA256

                ea916499b6d5a573ac9e7aaaff69bae0288815e86f1d156f452212c82877863d

                SHA512

                88ac35fddaa45a88486b6dfac203110b69a7974123fc1a2ef2f6f64bdfcda6fa10d2c8619db601e4337d3b09b3b24d7d0230607d6d613e6d49981bf2e70ac3b0

              • C:\Users\Admin\AppData\Local\tEcwNK\UxTheme.dll

                Filesize

                55KB

                MD5

                08c6a135af06886401124d69cb42306b

                SHA1

                fa4e3550b40beb60efcf8c898c196c618bf1f873

                SHA256

                85ec449e91a6911d582b976707d5f5e8de376813777d1da24e5f1cff08fc1ab4

                SHA512

                9c880d5a037a9ceee13ea900b64b3aef9dd09ca4c703bd5c3c6bebc6e87f9225ca314309b553fe27de8b8f33737c82f28048b69b720187ec06d3c18e0e37f0de

              • C:\Users\Admin\AppData\Local\tEcwNK\isoburn.exe

                Filesize

                1KB

                MD5

                ad19ec45c94e06aaf6d7a1efd69b2aae

                SHA1

                1232c62d5ae0b897ddab5e646068d183cf235318

                SHA256

                a061a44e46ec2e5b1bd9870d01a225713f3178b4bd595eb519bbf534b7b97354

                SHA512

                f417bedc64bf0c718ba640f70bbdd44d96aeaf4a2b9ccba59d175617d1c7630d7a86f34d4cefc1a5eff6c04fd634be251a8f23a0008dc7b9f88b4d9b34dc4eef

              • C:\Users\Admin\AppData\Local\tEcwNK\isoburn.exe

                Filesize

                41KB

                MD5

                e9bb796d2d3c7ab88d2cc99ce93f294b

                SHA1

                cfceaab1df2a5f8601925f9eb5f17a978cf2bf3a

                SHA256

                80ec8f2ae6d38d99b786fbce3cae3a78878d88b2fa2f00f5bc5fc87e2ab4c9bd

                SHA512

                4da20f8631353adc5df6ac4e9a762b172f3c7f1484c432316c34dce3741d759fed2ce65fdaa187df86eb9c048efeefe02fbe09de6342ee7927bb1621baf17dc4

              • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Gvhynkxuzozqjys.lnk

                Filesize

                1KB

                MD5

                3ab97077d51348e470f86ab4ce706a5f

                SHA1

                7fdaa66160ccc05a0ad3db2e78efedf2cc1c8d19

                SHA256

                02146440a81385197492390c279ce9197273716ce9bebc279bd90f556c1aaf3f

                SHA512

                2c08e90e926c38b1f8c8adb916d496e67c033b29ebaa532c44076e98540f0b26e35dbc17fc6a31e2a20c88198e42eb142c2ed2879bae156ad2e237caafb4b0ba

              • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-983843758-932321429-1636175382-1000\u2FlSkVS\UxTheme.dll

                Filesize

                29KB

                MD5

                75d3dc712a80b8ff601459d7a490b063

                SHA1

                13fa50934678e8f07f5790777aae5846a006707e

                SHA256

                f8f3ed968e321963292e6a7b0a569d926da37c934ede7175521f0c8807c3637b

                SHA512

                a22543a969e6271b7e4cbbfdf90272b795b0d678a0a7429bbcee9f3337bbc063e930093da23305ee266f2c0b53c9834fa3642c87573fc1ae2f7eb3186629d275

              • C:\Users\Admin\AppData\Roaming\Microsoft\Word\aSZnqHtFYvX\XmlLite.dll

                Filesize

                6KB

                MD5

                87440dadb17880f79168ba7dcb5540ee

                SHA1

                f792a0a7104337c509699b54d233ff92696e7059

                SHA256

                b3c652752c66bc7ce09a75b1015b65271ebe6784d92ce06abf15d42a315e2ac2

                SHA512

                cd7b1b166f16bf9f9e758c32ac507d3de12e25178ff6f01f41a0a42ee40f3d7fae199db8dcbaa56bd303116f62e56b950c7d37c2eccb143b4f69b800c269579f

              • memory/1792-91-0x0000029FC0BA0000-0x0000029FC0BA7000-memory.dmp

                Filesize

                28KB

              • memory/1792-97-0x0000000140000000-0x00000001401BB000-memory.dmp

                Filesize

                1.7MB

              • memory/2240-74-0x0000000140000000-0x00000001401BB000-memory.dmp

                Filesize

                1.7MB

              • memory/2240-79-0x0000000140000000-0x00000001401BB000-memory.dmp

                Filesize

                1.7MB

              • memory/2240-73-0x0000013507430000-0x0000013507437000-memory.dmp

                Filesize

                28KB

              • memory/2672-0-0x000002914D9D0000-0x000002914D9D7000-memory.dmp

                Filesize

                28KB

              • memory/2672-50-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/2672-1-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-39-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-64-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-25-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-23-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-22-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-20-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-19-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-18-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-16-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-15-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-14-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-12-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-11-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-10-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-8-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-7-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-6-0x00007FFAF569A000-0x00007FFAF569B000-memory.dmp

                Filesize

                4KB

              • memory/3384-27-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-52-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-53-0x00007FFAF6BE0000-0x00007FFAF6BF0000-memory.dmp

                Filesize

                64KB

              • memory/3384-62-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-26-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-28-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-30-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-32-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-33-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-34-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-36-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-43-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-42-0x0000000001500000-0x0000000001507000-memory.dmp

                Filesize

                28KB

              • memory/3384-40-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-41-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-38-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-37-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-35-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-31-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-4-0x0000000001550000-0x0000000001551000-memory.dmp

                Filesize

                4KB

              • memory/3384-29-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-24-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-21-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-17-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-13-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/3384-9-0x0000000140000000-0x00000001401BA000-memory.dmp

                Filesize

                1.7MB

              • memory/4412-108-0x000001D6A7F70000-0x000001D6A7F77000-memory.dmp

                Filesize

                28KB