Analysis
-
max time kernel
136s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30/12/2023, 07:17
General
-
Target
11ece27856133435ff8c3f2f1c4b8b02.dll
-
Size
3.5MB
-
MD5
11ece27856133435ff8c3f2f1c4b8b02
-
SHA1
beb6982acc8c475def5d020bbf27a683681a6c9f
-
SHA256
f82e6e8bf49c6980ca60b9747725046747e4a9bea7334177db1e91ccfcb36874
-
SHA512
ef2cdd6fda9afe492d16d3a966a16854cdf0e589e4e0314e9e3c29455150343253a72f1af56c97c51633a930f0f12f693c5f6e029e02e4487bb039c4b54f1c91
-
SSDEEP
12288:nVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:OfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\11ece27856133435ff8c3f2f1c4b8b02.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\SystemPropertiesPerformance.exeC:\Windows\system32\SystemPropertiesPerformance.exe1⤵
-
C:\Users\Admin\AppData\Local\iz1qzr\SystemPropertiesPerformance.exeC:\Users\Admin\AppData\Local\iz1qzr\SystemPropertiesPerformance.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\FileHistory.exeC:\Windows\system32\FileHistory.exe1⤵
-
C:\Users\Admin\AppData\Local\0VMlZ\FileHistory.exeC:\Users\Admin\AppData\Local\0VMlZ\FileHistory.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\SndVol.exeC:\Windows\system32\SndVol.exe1⤵
-
C:\Users\Admin\AppData\Local\v2DstN\SndVol.exeC:\Users\Admin\AppData\Local\v2DstN\SndVol.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
244KB
MD5eeba3dd643ced2781ec1b7e3cd6fa246
SHA12d394173e603625e231633fc270072e854bac17b
SHA256bee0799a52fe65b8dc291de32f0c8b03b5a067915b1868bc8ba2a1b139c90b87
SHA512222d4fbc7ee57d75889698a0660996293a0143518fdecc1b222618796d76d40f2d3b00b071f92ab917ac8847f195d7de02df55b5e89dad8a80d110e464cd3271
-
Filesize
3.5MB
MD555567c3f978ce2a63e5629c7ab19ff49
SHA136f96a6257879f0a342b2f63f87d78ba1cfbf25a
SHA256963862bd5f48e65eb8ff8a43b11adb8efda6f4ecc8ef64b04e4654891b3ca9f1
SHA5127bb02f67248df73a1a5c8f3927bab84f170295c1f3ff5e3605224d16eadf7f6a28018c21ec029cf3482a10540f7b00b123430d556bf64aaea62cf52d95ed8201
-
Filesize
3.5MB
MD52274c0f10748d2efd97fa5d603ee5dd7
SHA1ebf7360d538fd84ae0ca8ed3324e380884556ae1
SHA256cc4df6c3c1f075dbeb062da42b328887ab55def131c8816697e3ea8c2b3f5660
SHA512f7f2a0354d653de5839e32da595c04b5887c86d2e665bbc5363619d1cb89b4c5fc8333eb471379f319dbfd7de79af3593b6c486269ac972cdf9221a60d2a0490
-
Filesize
1.1MB
MD505bc0db1262c3e479f2c940cc1156b34
SHA15b38ea29e2bc8f4cdb5486f3695023775190d146
SHA2564f3d17e449031227e8ce6fa9d93695672de8fbf228e5c78aca0d63a9e039c742
SHA51299309ac26b0b124bc4b42db57fbcd8a6b6990459b57678da200a483713b5d2f12a5d342c5b31a93a3d826c374f5ba0f34b19555d6008d52d7dd695aabb575473
-
Filesize
82KB
MD5e4fbf7cab8669c7c9cef92205d2f2ffc
SHA1adbfa782b7998720fa85678cc85863b961975e28
SHA256b266318d45a4245556a2e39b763f2f11eca780969105f6f103e53dd0a492bb30
SHA512c5c62578d04133352d6cb7b018df96a7b55c18d6111ab8bf2bfe232a3315a63b07047fa5b0b88551d152085776c66169b47566242c8c4c5e0333c55adc64e1b6
-
Filesize
269KB
MD5c5d939ac3f9d885c8355884199e36433
SHA1b8f277549c23953e8683746e225e7af1c193ad70
SHA25668b6ced01f5dfc2bc9556b005f4fff235a3d02449ad9f9e4de627c0e1424d605
SHA5128488e7928e53085c00df096af2315490cd4b22ce2ce196b157dc0fbb820c5399a9dbd5dead40b24b99a4a32b6de66b4edc28339d7bacd9c1e7d5936604d1a4f0
-
Filesize
3.5MB
MD5c02eed1a4262664079605d4d673b9178
SHA13c85895739dd80e3742bb430ff1949b90f0bc2b2
SHA2565bfe328cf55e0121ff20f0b1293856fccd2da87be259c8b449d7a05ed41fc8d7
SHA51287b3b7908bd509fa264b3eebc13c7da9a066084a2392361f4076d6bced0a5bb0e5f32576c8598c38e01da8703852f84dc65c3a2a6e9d2a9b59db107671ba19d9
-
Filesize
969B
MD5018e329bf5dc1b2df8722130e27e5e14
SHA10b37bfe35afa256e94af7cb5307d789862d05f03
SHA25618fdb9db02ccf2815935e2cb4a3cd194f691092136337c3f123763d4a47f5d14
SHA512216ef6e8e858f60e18669af6e2e4593f3b248ab0a82c76644f589183faf1db4044c1d5a56899ce834b8fdb62ad6c7bd835170f7bfbb0b5733a11cc1419968f99
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
4KB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
28KB
-
Filesize
64KB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
4KB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
28KB
-
Filesize
3.5MB
-
Filesize
3.5MB