Overview

overview

10

Static

static

3

5258d21fdd...90.dll

windows7-x64

10

5258d21fdd...90.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    35s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 02:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5258d21fdd3d1c76b00f2956c8ac9690.dll

  • Size

    1.9MB

  • MD5

    5258d21fdd3d1c76b00f2956c8ac9690

  • SHA1

    2cdfbb9a16cd0eb818fff344f85daaea59a5a10b

  • SHA256

    b21c536b39b5035840c086d58ac7d339344c4a02ba9f5e536010e6d0046acf46

  • SHA512

    2c7e813694f46b18c619e6b808b5545db35df1e1573693b3d76fc576f90269b03155f6189cfed4c49996b0ed58e6f37d9e2b789dfb3187b8383e012f921f98e1

  • SSDEEP

    12288:LVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:KfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5258d21fdd3d1c76b00f2956c8ac9690.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1340
  • C:\Windows\system32\rstrui.exe
    C:\Windows\system32\rstrui.exe
    1⤵
      PID:4364
    • C:\Users\Admin\AppData\Local\MXEnr\printfilterpipelinesvc.exe
      C:\Users\Admin\AppData\Local\MXEnr\printfilterpipelinesvc.exe
      1⤵
        PID:740
      • C:\Windows\system32\printfilterpipelinesvc.exe
        C:\Windows\system32\printfilterpipelinesvc.exe
        1⤵
          PID:4004
        • C:\Users\Admin\AppData\Local\vJR\rstrui.exe
          C:\Users\Admin\AppData\Local\vJR\rstrui.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3120
        • C:\Users\Admin\AppData\Local\Lp28GVr\msconfig.exe
          C:\Users\Admin\AppData\Local\Lp28GVr\msconfig.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1636
        • C:\Windows\system32\msconfig.exe
          C:\Windows\system32\msconfig.exe
          1⤵
            PID:4084
          • C:\Windows\system32\backgroundTaskHost.exe
            "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:740

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/740-104-0x000001F41F530000-0x000001F41F537000-memory.dmp

            Filesize

            28KB

            Download

          • memory/740-110-0x0000000140000000-0x00000001401E7000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/1340-0-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/1340-7-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/1340-1-0x0000000002710000-0x0000000002717000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1636-69-0x0000000140000000-0x00000001401E7000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/1636-71-0x000001B3C1F80000-0x000001B3C1F87000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1636-75-0x0000000140000000-0x00000001401E7000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3120-92-0x0000000140000000-0x00000001401E7000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3120-89-0x000001CC623F0000-0x000001CC623F7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3472-38-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-31-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-32-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-37-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-22-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-15-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-6-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-40-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-43-0x0000000006AD0000-0x0000000006AD7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3472-48-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-60-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-58-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-49-0x00007FFD09E00000-0x00007FFD09E10000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3472-39-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-4-0x0000000006AF0000-0x0000000006AF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3472-36-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-35-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-34-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-33-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-27-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-30-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-29-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-28-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-26-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-25-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-24-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-23-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-21-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-20-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-19-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-18-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-17-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-16-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-14-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-13-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-12-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-11-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-10-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3472-9-0x00007FFD09D5A000-0x00007FFD09D5B000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3472-8-0x0000000140000000-0x00000001401E6000-memory.dmp

            Filesize

            1.9MB

            Download