Overview

overview

10

Static

static

3

a192b8c5ee...29.dll

windows7-x64

10

a192b8c5ee...29.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a192b8c5ee93ba20952ed6145cffed29.dll

  • Size

    2.0MB

  • MD5

    a192b8c5ee93ba20952ed6145cffed29

  • SHA1

    b2ca4c66e8e4aab00168a1a9d674c2a511e01084

  • SHA256

    74a366103bafcb5151e3296c9aa9e75179e8e7b3f7bc0e9995e94e4f24ac9969

  • SHA512

    74c4575331b38c35a707af51d631d561cdcddcbd44d29524bdece5d61b93679e393648502c1727c645b3209070ced2c3b525a7a5c5d00f3b40c698f4a66f6597

  • SSDEEP

    12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1ad:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnbad

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a192b8c5ee93ba20952ed6145cffed29.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:548
  • C:\Windows\system32\sethc.exe
    C:\Windows\system32\sethc.exe
    1⤵
      PID:2540
    • C:\Users\Admin\AppData\Local\r2A\sethc.exe
      C:\Users\Admin\AppData\Local\r2A\sethc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2924
    • C:\Windows\system32\cmstp.exe
      C:\Windows\system32\cmstp.exe
      1⤵
        PID:2820
      • C:\Users\Admin\AppData\Local\Dg0TRe\cmstp.exe
        C:\Users\Admin\AppData\Local\Dg0TRe\cmstp.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2784
      • C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
        C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
        1⤵
          PID:876
        • C:\Users\Admin\AppData\Local\KQB6mceep\SystemPropertiesDataExecutionPrevention.exe
          C:\Users\Admin\AppData\Local\KQB6mceep\SystemPropertiesDataExecutionPrevention.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1676

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Dg0TRe\VERSION.dll
          Filesize

          2.0MB

          MD5

          a0878c3c28a754e12d457597ef7213fd

          SHA1

          ea026682b57ef1aed98ea7c6f6cfe6df77864a4d

          SHA256

          d4940cb75196454ab26f65b6934d403e1e4a12d631677e68ebc96814f735965f

          SHA512

          f3aa593f6603f8f38b03d8932e7912759e53c2381ff3d29f8a2e783d9e0678a77f7a0d0fea09bb036ab1fdad9073068d79389ae6709e2cfb70e7be0677ac86dc

          Download Submit

        • C:\Users\Admin\AppData\Local\KQB6mceep\SYSDM.CPL
          Filesize

          2.0MB

          MD5

          356aaddfd157f464a5ede10eef406cb2

          SHA1

          bd28dd4f62ac4cc0007e5b211aa25467bf6c308c

          SHA256

          a2f1b8ed8ea402ac7728e280712de3c49f1f8706bd47d46e3c3a6b942b7642e4

          SHA512

          67632205ddaa651ca14c4ac5f019fd01853fa8361a01146dc0cb02b4692cc959919490ff824d9c8dd61acb3fd8a9428b7c4e82e7cb0b2c7a6506880267e2637e

          Download Submit

        • C:\Users\Admin\AppData\Local\KQB6mceep\SystemPropertiesDataExecutionPrevention.exe
          Filesize

          80KB

          MD5

          e43ff7785fac643093b3b16a9300e133

          SHA1

          a30688e84c0b0a22669148fe87680b34fcca2fba

          SHA256

          c8e1b3ecce673035a934d65b25c43ec23416f5bbf52d772e24e48e6fd3e77e9b

          SHA512

          61260999bb57817dea2d404bcf093820679e597298c752d38db181fe9963b5fa47e070d6a3c7c970905035b396389bb02946b44869dc8b9560acc419b065999a

          Download Submit

        • C:\Users\Admin\AppData\Local\r2A\UxTheme.dll
          Filesize

          1.2MB

          MD5

          16e6303c160cb3f01850601986de13c1

          SHA1

          259277a4d10af6be982b6f4df69329f101d790ec

          SHA256

          28c7fd7143d7548967fcf4219385f073248445c18b510d6d17df613755b7896a

          SHA512

          c2a7a53cf6dcad394ca7723c1b17a3994aac21663303078c33d122f3bdb79cee787dc3addbfb8ee5cf7c018f799dedb8c2e9301c6b9985451d3f989b9b64fc71

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bxxouhrcnfnreok.lnk
          Filesize

          1KB

          MD5

          13d913ea2c05f83a8e605179acf70acf

          SHA1

          30e8ac2e847dc865d562a3dd9319ff93866fdcd9

          SHA256

          707f3fc8e4001b0258e1e740902bba7dc2a5539f55f6864ad396bd42124b8db5

          SHA512

          ce99470a212fef34bc1599df02d639d10fc248bbbb2c5a5317c52f4170900ac10a2e6e6c6cd499fc981bcd58ad03b6d999ef8eaf0137601defc72d986f3cc1c1

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\oeKXMkBK2rt\UxTheme.dll
          Filesize

          2.0MB

          MD5

          402de6586098ffbc59716e77c16708a6

          SHA1

          73791c5cc935fb8db7cd4cd996c91af8d26a00ba

          SHA256

          9cf8e267f718873346eaadcf151e362b91959f2d9d8396d483d747ea6dc7feca

          SHA512

          68ef1a0f742eea65759264067974a51f8a1ecd22c3d88bbe2bc9004fa775bea7f27ec7ddd3b4f7fc1b90b95add22f831ccd950d9191d0c3234b8c60691cf2386

          Download Submit

        • \Users\Admin\AppData\Local\Dg0TRe\cmstp.exe
          Filesize

          90KB

          MD5

          74c6da5522f420c394ae34b2d3d677e3

          SHA1

          ba135738ef1fb2f4c2c6c610be2c4e855a526668

          SHA256

          51d298b1a8a2d00d5c608c52dba0655565d021e9798ee171d7fa92cc0de729a6

          SHA512

          bfd76b1c3e677292748f88bf595bfef0b536eb22f2583b028cbf08f6ae4eda1aa3787c4e892aad12b7681fc2363f99250430a0e7019a7498e24db391868e787a

          Download Submit

        • \Users\Admin\AppData\Local\r2A\UxTheme.dll
          Filesize

          267KB

          MD5

          e83b5471defa325c60bf1a1ef9fa6a49

          SHA1

          b6fbcf31709fb99b4bcefbf2ec3374e635527467

          SHA256

          4bcfb120aa6e4f302738d982b1ab692d88b97c88720226200ddf52db6dae0cab

          SHA512

          bd8c2f887cbd8b3f96ccabac4d165162a2529fb2a531fef3513cf5435f538893e357b95716227a1f2ba36de25819513a75b2cfb5ef25d66ea24ccdc7933e6510

          Download Submit

        • \Users\Admin\AppData\Local\r2A\sethc.exe
          Filesize

          272KB

          MD5

          3bcb70da9b5a2011e01e35ed29a3f3f3

          SHA1

          9daecb1ee5d7cbcf46ee154dd642fcd993723a9b

          SHA256

          dd94bf73f0e3652b76cfb774b419ceaa2082bc7f30cc34e28dfa51952fa9ccb5

          SHA512

          69d231132f488fd7033349f232db1207f88f1d5cb84f5422adf0dd5fb7b373dada8fdfac7760b8845e5aab00a7ae56f24d66bbb8aa70c3c8de6ec5c31982b4df

          Download Submit

        • memory/548-1-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/548-0-0x00000000000B0000-0x00000000000B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/548-8-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-31-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-36-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-14-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-13-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-15-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-16-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-19-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-18-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-21-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-20-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-22-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-17-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-23-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-24-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-25-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-26-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-27-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-28-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-29-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-30-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-11-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-33-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-32-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-34-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-35-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-12-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-37-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-38-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-39-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-40-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-41-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-42-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-43-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-44-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-45-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-46-0x0000000002710000-0x0000000002717000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1360-53-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-54-0x0000000076EC1000-0x0000000076EC2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-55-0x0000000077020000-0x0000000077022000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1360-64-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-70-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-71-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-4-0x0000000076DB6000-0x0000000076DB7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-10-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-5-0x0000000002740000-0x0000000002741000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1360-9-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-7-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1360-140-0x0000000076DB6000-0x0000000076DB7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1676-119-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2784-100-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2924-83-0x0000000140000000-0x0000000140207000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2924-82-0x00000000000A0000-0x00000000000A7000-memory.dmp

          Filesize

          28KB

          Download