Analysis

  • max time kernel
    6s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 22:27

General

  • Target

    059559658c6c1cd49d30a8f43d1d45b2.dll

  • Size

    1.7MB

  • MD5

    059559658c6c1cd49d30a8f43d1d45b2

  • SHA1

    56de1a741459ec1a8a18dd216ec3488229c582e2

  • SHA256

    9d0e8397fb43fa3f9c5cf6cfff056b1f65f3f6634398d210c008698499967585

  • SHA512

    e04306bbbd176acb8936c1ff410bbed29a4f459e25d2315ae27094c01a5e760ae278df1f086ad44c3b462aa4a1ef437cfa835b4fd0d06ee7ab737a12d381c165

  • SSDEEP

    12288:UVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:RfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\059559658c6c1cd49d30a8f43d1d45b2.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2080
  • C:\Windows\system32\msinfo32.exe
    C:\Windows\system32\msinfo32.exe
    1⤵
      PID:2556
    • C:\Users\Admin\AppData\Local\CFC\msinfo32.exe
      C:\Users\Admin\AppData\Local\CFC\msinfo32.exe
      1⤵
        PID:1648
      • C:\Windows\system32\ComputerDefaults.exe
        C:\Windows\system32\ComputerDefaults.exe
        1⤵
          PID:984
        • C:\Users\Admin\AppData\Local\iVNfEiE\ComputerDefaults.exe
          C:\Users\Admin\AppData\Local\iVNfEiE\ComputerDefaults.exe
          1⤵
            PID:1468
          • C:\Windows\system32\dialer.exe
            C:\Windows\system32\dialer.exe
            1⤵
              PID:2516
            • C:\Users\Admin\AppData\Local\eLVXeLo0\dialer.exe
              C:\Users\Admin\AppData\Local\eLVXeLo0\dialer.exe
              1⤵
                PID:2512

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\CFC\MFC42u.dll

                Filesize

                11KB

                MD5

                b287e3b2ae308cdb16f1392bf62aa4f3

                SHA1

                ea8c91fd57fe523496475e967e5949dda6012798

                SHA256

                b2f8d0447d1a6563ba43306469d0cd5ef44ae401a7e2c5989951660626fb60cf

                SHA512

                0803ca62c04f88929247781dc06ebb00d2cbf14279af3f3fd939f174e8f5d9f8226edd62ebd5ded2569454ca0c046b679817325e8f57ffb8bd9231b2ed8ac43b

              • C:\Users\Admin\AppData\Local\CFC\msinfo32.exe

                Filesize

                58KB

                MD5

                51a680a738a1c92a223a5321198bc765

                SHA1

                d2a6197a644a8767f36282996302017f549c866b

                SHA256

                e789061d60b0864b573306eb719f9b11025ab4332fed607ff068684c26fae8fc

                SHA512

                57666c1553869817950b00a24cac571e9e0801e87721094a9b9e5929d2d45bd179e1b87b01ce60790fe58c93c64efd003cf66378ab6d823598b07e1e66132e8b

              • C:\Users\Admin\AppData\Local\eLVXeLo0\TAPI32.dll

                Filesize

                75KB

                MD5

                5d1241b02473f088141207cf0bdb7294

                SHA1

                54e40bff76768410cd154f0401d55a87b759eedb

                SHA256

                68ea0184ca49facc9eb9a601ae4a600604f4faed70f124d01ed61c1f26ed64a6

                SHA512

                051e55f68459b93424c00ad33289ab4a325939c3326776cfb995118fb6c158df00f151698e7c6984f9cc41f1ec2067c85d01cd37fd9438c9584fdbef2fa92c47

              • C:\Users\Admin\AppData\Local\eLVXeLo0\dialer.exe

                Filesize

                23KB

                MD5

                e43ac67f469306670df7d9a8edd098cd

                SHA1

                a19b9a3f7927872e7cdee45be471fce95d7fca41

                SHA256

                07fe5d249222f0b306bcbd2bc9586170426add97bb47797ac82647bc5341e0ff

                SHA512

                f8e7044f3cdefce21177a155ef28783f729cd9cae4faa5bb5f8a0725ca424c673c400045f6e20e56b7d211239c03ff08a8db209a6c12cf48aaeb8caf50f047ac

              • C:\Users\Admin\AppData\Local\eLVXeLo0\dialer.exe

                Filesize

                5KB

                MD5

                5befcad875be6ca438f9e90ffd0c5e5b

                SHA1

                29744924dd7efd50349df044d41ed7476c3983fb

                SHA256

                93379ea6e97bf491305f03d544f7e24e0e140db5806f1e0030e714e236db211c

                SHA512

                bead71b2f320b1a1189d131d9de2f5f65e7105eeca6d7b4f405c482b279bc9f412b894e1342a013964aba87cc838d72f317165797214723ec7895804aed9eaa9

              • C:\Users\Admin\AppData\Local\iVNfEiE\ComputerDefaults.exe

                Filesize

                36KB

                MD5

                86bd981f55341273753ac42ea200a81e

                SHA1

                14fe410efc9aeb0a905b984ac27719ff0dd10ea7

                SHA256

                40b194be2bad2d3d4d1b69f9aec2853c8b663130810a11607ff72a9e3a06d5b3

                SHA512

                49bb6d4bf7a9356fadde7f6165af6973630827d28b69db10ad477a84d98b08fb82e4daae777166e1ddddb5b5efcdf634e4e9bd34b255dae87462ba32e8bba143

              • C:\Users\Admin\AppData\Local\iVNfEiE\ComputerDefaults.exe

                Filesize

                32KB

                MD5

                4a7b5e7ca3f35ba6045370489ebad43c

                SHA1

                7fbb8044a20e2d3a11e1de46e425189ed060acbb

                SHA256

                cf941568aeece135f4d459636e4e21ba662f7f82a76b63440fa7a1486c060270

                SHA512

                6fd561e71cd2e2546bcd62af32547f87fd011ff48913abd01649692aa7b6d2d5741b1ac05220fef44d1261cabba73701e36524c9c6399242a973d308a838310c

              • C:\Users\Admin\AppData\Local\iVNfEiE\appwiz.cpl

                Filesize

                13KB

                MD5

                70401156f286f63920f0b55a2d0fdb6d

                SHA1

                a77bf0aff534d4f9f3dbb1404715c1795eca4b80

                SHA256

                9a92559c1573dccb4d0da9cc3d25892f7af26339f5d91a7092644db33ca77d61

                SHA512

                e557a99151678cf1901f06e30aa4ed5fac6dfdac2bdf3ec1859e75832db9d0df7fdcff7e46aae345896a3e58a743a4a2f1f4bad494c1ef9a420528a688128af5

              • C:\Users\Admin\AppData\Roaming\Adobe\Axy7N\MFC42u.dll

                Filesize

                13KB

                MD5

                81034b9eda4df9b3bebd4f90915c7948

                SHA1

                21fc9dd6fffac544bb2a1d719f3d70c6df803e92

                SHA256

                2ef8456a0c82b692525fb1db24888be3d978b77c17919bee0f1e33f7a557aa88

                SHA512

                6485a514b24fb203d4b9524a42cbc061438049c0eff6dedd07825d908185362caddedd2ce99e2357deaded2ccaf87d75e69e82d5c0d3959d694d07967e41ce98

              • C:\Users\Admin\AppData\Roaming\Adobe\Axy7N\msinfo32.exe

                Filesize

                1KB

                MD5

                43fb0b3fd2ca6c54b0180319d18969c0

                SHA1

                e898d7f4a602eb4ab2dc6b6bbfca709705fd6779

                SHA256

                437905e8fcb6d42ae1edb311c87b3b353102bf6b8d6a60aa5bb244dc40bcffc4

                SHA512

                f2098639a4b6fd9d0c36cf8ecdc66b313f68ec1c91734f455734f8d7fc3a35114648dd464460dae92dd336308c1b31b88a4dfd5fdb5712fb395e8267d06927a0

              • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ekhyqsv.lnk

                Filesize

                1KB

                MD5

                69b754b6e32bf8840a5ce64a7a2d0c4b

                SHA1

                dceea94c6566c99d6b553d9bddf48831060db031

                SHA256

                195807b6cd6f0f574b2f9af79640103dc456fd4e76af77a6800a4d59214efd5d

                SHA512

                a49908c48f1ba489e115267f990d1fd8ac205c0708b6a41ed386a9cf1c8007b1e96ba0efa70ae0256dd97dca750274a600a3b76670e773bec0da0dda08282748

              • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\hb4\appwiz.cpl

                Filesize

                61KB

                MD5

                bbdf4c42ddbfdc4df9efbcc6770363bd

                SHA1

                50668a03e70b6bc2245f8b7666715ede7f2b995f

                SHA256

                6080f62e5d6b3a079218e19dca75b59bbee764e9ff86e5cd603bdf68c3c094c3

                SHA512

                e473d945080c8bccc47cbfe88d537c95a811725db472ca32737d3231e709916e201a18c8a7addb4cf2854bf9f8eb851f4552829f365e1b13b02de072a8f86e70

              • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\siJY0q\TAPI32.dll

                Filesize

                40KB

                MD5

                14e290539bf51b19d7f64b8594a9f84e

                SHA1

                33773c34a2a6be28874f7067da8e40fedc2d1dc8

                SHA256

                d5ebfa578f8271fbcf5e1ef136c8107f34a825cf86e0847ecd25a0274ec8c4ad

                SHA512

                9292ebf9eea4d58f704118f26c8294ed66352a342324fd0a33983eecbd60745b00003361b10367246f8ce503e7be3e63700da5f683146f751f34b3e8902025c8

              • \Users\Admin\AppData\Local\CFC\MFC42u.dll

                Filesize

                7KB

                MD5

                2e4e2ccd69ee04addf973c1e9141ca46

                SHA1

                e0fd23c8869d8e13915ba4df8b1f46b254d323f9

                SHA256

                8c14518b89587350664e9b59569c0823fcb8ebd02c0c50c60170fb6e3c884c0a

                SHA512

                dda782f58be9e38d55b2f10572df56edccd87e1934080f2b6fd228009d8dac6cb83a2e1cbf75aabd14bd98c416aebd0c90fe2cda8b602ad603d819fd62aad1cb

              • \Users\Admin\AppData\Local\CFC\msinfo32.exe

                Filesize

                2KB

                MD5

                2e23ff0050229465a8a0770c00c9c4d0

                SHA1

                763f21ff18596ccb58b150bc313f0768a6add641

                SHA256

                e7e7196bc209b9573086b8c81af9e139f285c18d51e00754b44dac8c350f3bcf

                SHA512

                c5431c764201c00055adf9fd4d828f28da470536d4c60ecefc2f29548d49e0c94e7e660879a5e72f6454640a25c21410a28f8d59e0ee95cc4da7d830f57cb2e0

              • \Users\Admin\AppData\Local\eLVXeLo0\TAPI32.dll

                Filesize

                29KB

                MD5

                3d823de3065e2ec2a64d1e925c0817c8

                SHA1

                ad5032619123cbe5273b269b154fdd306c37d0cc

                SHA256

                7a4d15007142183beac31d4a68b306ec291026e07d547e4aae52fa20e7da814c

                SHA512

                747df9445b58bcde4ffb490c0e5c661b934ad25e592af38c15cc2b0cc10aaa5127c56379edb2acde06fda1874c2f7b6f3c0709a0b4c81627ea42a0755f26e918

              • \Users\Admin\AppData\Local\eLVXeLo0\dialer.exe

                Filesize

                34KB

                MD5

                46523e17ee0f6837746924eda7e9bac9

                SHA1

                d6b2a9cc6bd3588fa9804ada5197afda6a9e034b

                SHA256

                23d8a6a1d847a324c556c30e10c8f63c2004aeb42ac3f5a5ca362077f1517382

                SHA512

                c7117c3778650864e685bd89df599d7cdd9319d757344ddc7cfd9403d6673964127f6ff0c5ac48455fd3097af31a6ff09173f85dfa7be2d25f395cdf3692bb9a

              • \Users\Admin\AppData\Local\iVNfEiE\appwiz.cpl

                Filesize

                65KB

                MD5

                943947b449875436934b3c261fa798aa

                SHA1

                69b1339194854d5d9d54c9e5e36d06a3e522c64c

                SHA256

                f69bc763cb6db7a7cd89450a989eb7154b1f48d9ef0018c9482cf3b974ba261d

                SHA512

                b94395e2d281e5bb3705d733640b033cb1012f4ed1acd7b6ff57cdc9c0993f4996ac3017ce873cb8869e7926633275885cf8dee487fd876169820aee84289feb

              • memory/1320-25-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-20-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-68-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-44-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-42-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-74-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-73-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-41-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-39-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-38-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-37-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-35-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-34-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-33-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-32-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-31-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-30-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-28-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-27-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-26-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-4-0x0000000077736000-0x0000000077737000-memory.dmp

                Filesize

                4KB

              • memory/1320-24-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-22-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-46-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-58-0x0000000077841000-0x0000000077842000-memory.dmp

                Filesize

                4KB

              • memory/1320-59-0x00000000779A0000-0x00000000779A2000-memory.dmp

                Filesize

                8KB

              • memory/1320-7-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-57-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-21-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-45-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-19-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-18-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-17-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-16-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-15-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-14-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-12-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-11-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-10-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-9-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-5-0x0000000002740000-0x0000000002741000-memory.dmp

                Filesize

                4KB

              • memory/1320-47-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-96-0x0000000077736000-0x0000000077737000-memory.dmp

                Filesize

                4KB

              • memory/1320-53-0x0000000002710000-0x0000000002717000-memory.dmp

                Filesize

                28KB

              • memory/1320-49-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-48-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-13-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-43-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-40-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-23-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-36-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1320-29-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/1468-104-0x0000000000080000-0x0000000000087000-memory.dmp

                Filesize

                28KB

              • memory/1648-88-0x00000000000F0000-0x00000000000F7000-memory.dmp

                Filesize

                28KB

              • memory/2080-8-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/2080-0-0x0000000140000000-0x00000001401BE000-memory.dmp

                Filesize

                1.7MB

              • memory/2080-1-0x0000000000190000-0x0000000000197000-memory.dmp

                Filesize

                28KB

              • memory/2512-122-0x0000000000170000-0x0000000000177000-memory.dmp

                Filesize

                28KB