Analysis

  • max time kernel
    0s
  • max time network
    87s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-12-2023 22:37

General

  • Target

    05d5ad4c105b1d204e13f22223735561.dll

  • Size

    1.9MB

  • MD5

    05d5ad4c105b1d204e13f22223735561

  • SHA1

    23823decc62c04ba127732bbc18bcebbc4c95af8

  • SHA256

    4e4a988ee3a66c26d26526cbfc8a31c64ca77cba567a8979b3893a2374d8eb98

  • SHA512

    f3978f6d6381b150de5dc5b5af65cd6ca367921fb1afea44568bc8c2d0a45a7e7423b6f13e23a45bf8602579201bdd8cfb2bb11cd6f34988240dc899c0e0a617

  • SSDEEP

    12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\05d5ad4c105b1d204e13f22223735561.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3832
  • C:\Windows\system32\wextract.exe
    C:\Windows\system32\wextract.exe
    1⤵
      PID:3516
    • C:\Users\Admin\AppData\Local\BUCGWpI\wextract.exe
      C:\Users\Admin\AppData\Local\BUCGWpI\wextract.exe
      1⤵
        PID:1712
      • C:\Users\Admin\AppData\Local\HohSqP\upfc.exe
        C:\Users\Admin\AppData\Local\HohSqP\upfc.exe
        1⤵
          PID:1420
        • C:\Windows\system32\upfc.exe
          C:\Windows\system32\upfc.exe
          1⤵
            PID:3240
          • C:\Users\Admin\AppData\Local\tz3KP033\perfmon.exe
            C:\Users\Admin\AppData\Local\tz3KP033\perfmon.exe
            1⤵
              PID:4124
            • C:\Windows\system32\perfmon.exe
              C:\Windows\system32\perfmon.exe
              1⤵
                PID:1192

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/1420-95-0x000001F235FC0000-0x000001F235FC7000-memory.dmp

                Filesize

                28KB

              • memory/1712-114-0x0000028F21FB0000-0x0000028F21FB7000-memory.dmp

                Filesize

                28KB

              • memory/3500-20-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-19-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-26-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-30-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-36-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-42-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-46-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-51-0x0000000002EC0000-0x0000000002EC7000-memory.dmp

                Filesize

                28KB

              • memory/3500-49-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-58-0x00007FFD76F60000-0x00007FFD76F70000-memory.dmp

                Filesize

                64KB

              • memory/3500-67-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-4-0x0000000002F80000-0x0000000002F81000-memory.dmp

                Filesize

                4KB

              • memory/3500-6-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-37-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-14-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-8-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-69-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-57-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-47-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-48-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-45-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-44-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-38-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-41-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-40-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-39-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-43-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-9-0x00007FFD765DA000-0x00007FFD765DB000-memory.dmp

                Filesize

                4KB

              • memory/3500-24-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-34-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-33-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-31-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-32-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-29-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-28-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-27-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-25-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-35-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-23-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-22-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-11-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-21-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-18-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-17-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-16-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-15-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-13-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-12-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3500-10-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3832-1-0x000001D3D43C0000-0x000001D3D43C7000-memory.dmp

                Filesize

                28KB

              • memory/3832-7-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/3832-0-0x0000000140000000-0x00000001401F0000-memory.dmp

                Filesize

                1.9MB

              • memory/4124-79-0x0000000140000000-0x00000001401F1000-memory.dmp

                Filesize

                1.9MB

              • memory/4124-84-0x0000000140000000-0x00000001401F1000-memory.dmp

                Filesize

                1.9MB

              • memory/4124-78-0x00000210646B0000-0x00000210646B7000-memory.dmp

                Filesize

                28KB