Analysis

  • max time kernel
    3s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 22:37

General

  • Target

    05d5ad4c105b1d204e13f22223735561.dll

  • Size

    1.9MB

  • MD5

    05d5ad4c105b1d204e13f22223735561

  • SHA1

    23823decc62c04ba127732bbc18bcebbc4c95af8

  • SHA256

    4e4a988ee3a66c26d26526cbfc8a31c64ca77cba567a8979b3893a2374d8eb98

  • SHA512

    f3978f6d6381b150de5dc5b5af65cd6ca367921fb1afea44568bc8c2d0a45a7e7423b6f13e23a45bf8602579201bdd8cfb2bb11cd6f34988240dc899c0e0a617

  • SSDEEP

    12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\05d5ad4c105b1d204e13f22223735561.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2532
  • C:\Users\Admin\AppData\Local\7tb\rdpinit.exe
    C:\Users\Admin\AppData\Local\7tb\rdpinit.exe
    1⤵
      PID:2660
    • C:\Windows\system32\rdpinit.exe
      C:\Windows\system32\rdpinit.exe
      1⤵
        PID:2784
      • C:\Users\Admin\AppData\Local\q7Aht72Q6\dpnsvr.exe
        C:\Users\Admin\AppData\Local\q7Aht72Q6\dpnsvr.exe
        1⤵
          PID:3032
        • C:\Windows\system32\dpnsvr.exe
          C:\Windows\system32\dpnsvr.exe
          1⤵
            PID:2948
          • C:\Users\Admin\AppData\Local\shfTTTxC\SystemPropertiesComputerName.exe
            C:\Users\Admin\AppData\Local\shfTTTxC\SystemPropertiesComputerName.exe
            1⤵
              PID:1972
            • C:\Windows\system32\SystemPropertiesComputerName.exe
              C:\Windows\system32\SystemPropertiesComputerName.exe
              1⤵
                PID:352

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/1216-34-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-44-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-4-0x0000000077996000-0x0000000077997000-memory.dmp

                Filesize

                4KB

              • memory/1216-10-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-18-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-27-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-33-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-48-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-50-0x0000000002D90000-0x0000000002D97000-memory.dmp

                Filesize

                28KB

              • memory/1216-61-0x0000000077D00000-0x0000000077D02000-memory.dmp

                Filesize

                8KB

              • memory/1216-58-0x0000000077BA1000-0x0000000077BA2000-memory.dmp

                Filesize

                4KB

              • memory/1216-68-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-73-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-152-0x0000000077996000-0x0000000077997000-memory.dmp

                Filesize

                4KB

              • memory/1216-57-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-49-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-47-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-46-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-45-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-32-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-43-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-42-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-41-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-39-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-38-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-37-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-36-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-35-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-5-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

                Filesize

                4KB

              • memory/1216-40-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-7-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-31-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-30-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-29-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-9-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-28-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-26-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-25-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-24-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-22-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-23-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-21-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-20-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-19-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-17-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-16-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-15-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-14-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-13-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-12-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1216-11-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/1972-130-0x0000000000110000-0x0000000000117000-memory.dmp

                Filesize

                28KB

              • memory/2532-8-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/2532-0-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/2532-1-0x0000000000230000-0x0000000000237000-memory.dmp

                Filesize

                28KB

              • memory/2660-86-0x0000000000180000-0x0000000000187000-memory.dmp

                Filesize

                28KB

              • memory/3032-110-0x0000000000100000-0x0000000000107000-memory.dmp

                Filesize

                28KB