Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27-01-2024 16:21

General

  • Target

    7ab57693dbdaf787706d0da8c151df4e.dll

  • Size

    2.9MB

  • MD5

    7ab57693dbdaf787706d0da8c151df4e

  • SHA1

    5b10dab0b2ce302bfb48a8e2f039479231102c48

  • SHA256

    d7de92fab29dd63724f0ecac51deaa9b343500a61f164029de7d1c8e19457914

  • SHA512

    8b5995d735812a3707faee91854a183c52de45145024eb6064d181185b188adafd21b2b574c1b7f80c8da8424792b8cd26e625900a6514d3f31e5dfccf122bca

  • SSDEEP

    12288:rVI0W/Ttl/LPJCm3WIYxJ9yK5oQNPElOlidGgmilgm5Qq0nB6wtt4AenZ1:qf/LfWsK5TNA+WGgm+V5SB6Ct4bnb

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ab57693dbdaf787706d0da8c151df4e.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2224
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 1240 -s 1604
    1⤵
      PID:3068

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1240-4-0x0000000077586000-0x0000000077587000-memory.dmp

      Filesize

      4KB

    • memory/1240-5-0x0000000002550000-0x0000000002551000-memory.dmp

      Filesize

      4KB

    • memory/1240-9-0x0000000077586000-0x0000000077587000-memory.dmp

      Filesize

      4KB

    • memory/2224-0-0x00000000006B0000-0x00000000006B7000-memory.dmp

      Filesize

      28KB

    • memory/2224-1-0x0000000140000000-0x00000001402E0000-memory.dmp

      Filesize

      2.9MB

    • memory/2224-7-0x0000000140000000-0x00000001402E0000-memory.dmp

      Filesize

      2.9MB