Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

39fddcf450...e1.dll

windows7-x64

10

39fddcf450...e1.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    173s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    39fddcf4501cfd534f060cd829e875e1.dll

  • Size

    1.5MB

  • MD5

    39fddcf4501cfd534f060cd829e875e1

  • SHA1

    febef1cab017686608c5e3e7d921029dd65ba63b

  • SHA256

    3b174d031502a6cbd9f660a76f2b0a6eec4241913ba959030f1d6f6947a82285

  • SHA512

    e66c55ab3a5f8e1d75da453fe528a44bcf5446e14243bdb46f0a7af225926fff880489260359b350639fab97bf45b5da59b90e02d0eba0a2c2da224f8831ae8e

  • SSDEEP

    12288:9VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:kfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\39fddcf4501cfd534f060cd829e875e1.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4316
  • C:\Windows\system32\MusNotifyIcon.exe
    C:\Windows\system32\MusNotifyIcon.exe
    1⤵
      PID:1416
    • C:\Users\Admin\AppData\Local\3mRsanez\MusNotifyIcon.exe
      C:\Users\Admin\AppData\Local\3mRsanez\MusNotifyIcon.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4760
    • C:\Windows\system32\mfpmp.exe
      C:\Windows\system32\mfpmp.exe
      1⤵
        PID:2252
      • C:\Users\Admin\AppData\Local\ZIuMPKX\mfpmp.exe
        C:\Users\Admin\AppData\Local\ZIuMPKX\mfpmp.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4660
      • C:\Windows\system32\unregmp2.exe
        C:\Windows\system32\unregmp2.exe
        1⤵
          PID:3756
        • C:\Users\Admin\AppData\Local\WRTOxBC9\unregmp2.exe
          C:\Users\Admin\AppData\Local\WRTOxBC9\unregmp2.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:960

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\3mRsanez\MusNotifyIcon.exe
          Filesize

          301KB

          MD5

          434bf13f549219496c20272bf9faf19f

          SHA1

          6fcf995438a60334b1060aba6c860a8e3dd804b4

          SHA256

          6418c63897b92fd5ef6a264b5204d70789011b3569571bd11041960b4effd481

          SHA512

          e0ac0669be2dbf33b407e06b535cbd2ef74142cb7834d5856685e1c91d2354dfc0aa467e3ca76535bca243ed9c839dfb9f99e57e34495435c4b92a128f60a6ba

          Download Submit

        • C:\Users\Admin\AppData\Local\3mRsanez\MusNotifyIcon.exe
          Filesize

          195KB

          MD5

          7568472dc60879e19c982a22ac44d77f

          SHA1

          4474ea4499f8ae90f62d81f50196e495b27e5dd9

          SHA256

          e635075f259aaee223b97e6785ad7e6e9f25987e293fcb0b5e910986e476be83

          SHA512

          85cec32b0628a3079833795662b942c1a6719e2596245d656f4e7e2b5e9ce90332fa5bc1fb1dbe6b0f0257a15f9116beec86cb0c3a8eaa20853d47b1becf06fd

          Download Submit

        • C:\Users\Admin\AppData\Local\3mRsanez\XmlLite.dll
          Filesize

          139KB

          MD5

          fc28ad13f82a41408bcb152ce815a383

          SHA1

          91b4004c864a5ca75b439dece10418252de497e5

          SHA256

          67e7a7f8a07da633e58b1ffecb91cefb05856178cccc43c7283ca58d7fae5ee6

          SHA512

          5afef9d0f1db0f93461ec7254907caefc496da4032a7947c1d33adffc6fbb981386898bbf8d0d3df5000c6d6c579fd07f18a8b0c3de477109c43e7bfc4d4dff0

          Download Submit

        • C:\Users\Admin\AppData\Local\3mRsanez\XmlLite.dll
          Filesize

          57KB

          MD5

          12da9492800c436535d02bf16153beed

          SHA1

          3a0ac61d548c08886c4d7ee017e3537dd5215410

          SHA256

          57681e5c7fc914b1f673ead3e9253b035a20876d85e7a9988396df46d468739d

          SHA512

          30e66ab048a9ad94106963c1214a394acdf4cbaa6e7aef695be4aab9c32c698016450cf3e392fae23c5aee736ce3cd62b46ad68078c7f7d5cc2f090ef8cd86bc

          Download Submit

        • C:\Users\Admin\AppData\Local\WRTOxBC9\VERSION.dll
          Filesize

          1.5MB

          MD5

          63bb067d454c48d65befdfee23793786

          SHA1

          cce067ce34ba4e0d148f92f583382b24c6aa5c1a

          SHA256

          f381bd7b14f43ecdafd54b62e7838043a8115401e8e4f3cb3a48a41912699353

          SHA512

          62f1fd7a73e5bd2540dc9b90aaf91a9b83afc9a1a126734d300e9b36b0a19819a2c7aaf62c716cb80c7ae979a2dc3196e33782ff05ca0ffb06c045708d0c4ee9

          Download Submit

        • C:\Users\Admin\AppData\Local\WRTOxBC9\unregmp2.exe
          Filesize

          259KB

          MD5

          a6fc8ce566dec7c5873cb9d02d7b874e

          SHA1

          a30040967f75df85a1e3927bdce159b102011a61

          SHA256

          21f41fea24dddc8a32f902af7b0387a53a745013429d8fd3f5fa6916eadc839d

          SHA512

          f83e17dd305eb1bc24cca1f197e2440f9b501eafb9c9d44ede7c88b1520030a87d059bdcb8eadeac1eaedabcbc4fe50206821965d73f0f6671e27edd55c01cbc

          Download Submit

        • C:\Users\Admin\AppData\Local\ZIuMPKX\MFPlat.DLL
          Filesize

          1.5MB

          MD5

          8969354e93d15389acba7da524ee708a

          SHA1

          f5dc42611d8791a0132083340fb1f9f8dbe63897

          SHA256

          30daa541ebdb2c58c97b981c4a005b1d58d3397335fd8c36354b4603294e5e4e

          SHA512

          d77b6710d481e5fd86dd2be07a8334e21ad5ca98dc66a978cf4fd58a0813e6d58476d8ca4ffc6f2fe6283a694b224c89453ae6679c9456e33401540458d1f0b7

          Download Submit

        • C:\Users\Admin\AppData\Local\ZIuMPKX\mfpmp.exe
          Filesize

          46KB

          MD5

          8f8fd1988973bac0c5244431473b96a5

          SHA1

          ce81ea37260d7cafe27612606cf044921ad1304c

          SHA256

          27287ac874cef86be03aee7b6d34fdc3bd208070ed20e44621a305865fb7579e

          SHA512

          a91179e1561168b3b58f5ca893bce425d35f4a02aec20ac3d6fb944f5eb3c06b0a1b9d9f3fb9ea87869d65671d2b89b4ae19acf794372bdbd27f5e9756c5a8ab

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Enpllr.lnk
          Filesize

          1KB

          MD5

          1259ad42d4052e0327d10d11b8fe7969

          SHA1

          067a3a1859ebbb148c37b1bd9cc6ed14ce069bc2

          SHA256

          6b02847baa38707f50de2ef4be14d88ef3b98469cccde11ad557d4f07a664700

          SHA512

          18faf5364d5b0de209e29181feea8a8020c03c74b592ea8823e35af6b14c26ca2ec9b73aec1154621eb7beb48fc88d974b55325772364a3b7937d2f7c87f7af8

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\AddIns\ZTieW\XmlLite.dll
          Filesize

          1024KB

          MD5

          ffa3bb2b045132ed5fe943bea33c41c5

          SHA1

          cf062344ba7ed55fd35e2f97a0ad777541d5d17f

          SHA256

          267d8febf02e6ee86b4a45991341c90e093bf066e9ad7160308ad07a3f2c6313

          SHA512

          039de7782beb8e6cc1927b013dd4355a3f982dcd97a01a2e8877750340ee351f4612f96e8be2ac663c3eec202899535c35562cf2e05dc46c9cbb0051ec3d91a7

          Download Submit

        • memory/960-122-0x0000000140000000-0x0000000140181000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/960-117-0x00000255E14E0000-0x00000255E14E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3444-40-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-41-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-18-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-19-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-20-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-21-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-22-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-24-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-26-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-28-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-27-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-25-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-29-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-30-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-31-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-32-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-23-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-33-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-35-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-36-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-37-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-38-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-6-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3444-43-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-42-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-45-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-44-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-17-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-39-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-47-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-46-0x0000000000910000-0x0000000000917000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3444-34-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-54-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-55-0x00007FFDA6E80000-0x00007FFDA6E90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3444-64-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-66-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-9-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-11-0x00007FFDA5C4A000-0x00007FFDA5C4B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3444-10-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-12-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-13-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-14-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-15-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3444-16-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4316-1-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4316-0-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4316-8-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4316-3-0x0000028116120000-0x0000028116127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4316-5-0x0000000140000000-0x0000000140180000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4660-93-0x0000000140000000-0x0000000140182000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4660-94-0x00000244EFB20000-0x00000244EFB27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4660-95-0x0000000140000000-0x0000000140182000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4660-100-0x0000000140000000-0x0000000140182000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4760-79-0x000001AFDA470000-0x000001AFDA477000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4760-82-0x0000000140000000-0x0000000140181000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4760-76-0x0000000140000000-0x0000000140181000-memory.dmp

          Filesize

          1.5MB

          Download