Overview

overview

10

Static

static

3

a192b8c5ee...29.dll

windows7-x64

10

a192b8c5ee...29.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a192b8c5ee93ba20952ed6145cffed29.dll

  • Size

    2.0MB

  • MD5

    a192b8c5ee93ba20952ed6145cffed29

  • SHA1

    b2ca4c66e8e4aab00168a1a9d674c2a511e01084

  • SHA256

    74a366103bafcb5151e3296c9aa9e75179e8e7b3f7bc0e9995e94e4f24ac9969

  • SHA512

    74c4575331b38c35a707af51d631d561cdcddcbd44d29524bdece5d61b93679e393648502c1727c645b3209070ced2c3b525a7a5c5d00f3b40c698f4a66f6597

  • SSDEEP

    12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1ad:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnbad

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a192b8c5ee93ba20952ed6145cffed29.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2016
  • C:\Windows\system32\rdpclip.exe
    C:\Windows\system32\rdpclip.exe
    1⤵
      PID:4560
    • C:\Users\Admin\AppData\Local\78DC\rdpclip.exe
      C:\Users\Admin\AppData\Local\78DC\rdpclip.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4860
    • C:\Windows\system32\DisplaySwitch.exe
      C:\Windows\system32\DisplaySwitch.exe
      1⤵
        PID:892
      • C:\Users\Admin\AppData\Local\bgBNsgF\DisplaySwitch.exe
        C:\Users\Admin\AppData\Local\bgBNsgF\DisplaySwitch.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3804
      • C:\Windows\system32\WindowsActionDialog.exe
        C:\Windows\system32\WindowsActionDialog.exe
        1⤵
          PID:5112
        • C:\Users\Admin\AppData\Local\bwD\WindowsActionDialog.exe
          C:\Users\Admin\AppData\Local\bwD\WindowsActionDialog.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2768

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\78DC\WTSAPI32.dll
          Filesize

          2.0MB

          MD5

          849702d805cfdb65c4dd70bc75af6ef4

          SHA1

          9c85549d5728815c4571cd0a85d35902f860d800

          SHA256

          89bac729433873e2d9ff623eb8981705220bcc5c615041c0df20e17e6905e8ea

          SHA512

          e869487cc7dabf0b50db83065efa24b33e23d0b7f01f369848ddc7d1be7655a912e81ecb53e7883ef7fb47d555c6a7b966b5d559989937ab95f8592d56311e28

          Download Submit

        • C:\Users\Admin\AppData\Local\78DC\rdpclip.exe
          Filesize

          446KB

          MD5

          a52402d6bd4e20a519a2eeec53332752

          SHA1

          129f2b6409395ef877b9ca39dd819a2703946a73

          SHA256

          9d5be181d9309dea98039d2ce619afe745fc8a9a1b1c05cf860b3620b5203308

          SHA512

          632dda67066cff2b940f27e3f409e164684994a02bda57d74e958c462b9a0963e922be4a487c06126cecc9ef34d34913ef8315524bf8422f83c0c135b8af924e

          Download Submit

        • C:\Users\Admin\AppData\Local\bgBNsgF\DUser.dll
          Filesize

          2.0MB

          MD5

          63e03b94bc31f161ec3af6951d64a032

          SHA1

          4217c8d8fa4f49c9387c0dee25bac1a497ef191e

          SHA256

          8fddfafc3d2fc33c2248ff67166393e1402be628cbf967e565c13171d86668b1

          SHA512

          e964ae39921f3237ba325d84f6d905e8e11277210d1441528be7dfe48471651043c1985cb8afdd9e1fa695dc5e73c2b2fcdaf6912236cb247e894189a2eb1345

          Download Submit

        • C:\Users\Admin\AppData\Local\bgBNsgF\DisplaySwitch.exe
          Filesize

          1.8MB

          MD5

          5338d4beddf23db817eb5c37500b5735

          SHA1

          1b5c56f00b53fca3205ff24770203af46cbc7c54

          SHA256

          8b581f1d15a6920e4ecfe172d8ef753d0a2bf1a47e686a8d5d8e01147fa4c65e

          SHA512

          173170b83e0048ee05da18c0c957744204954da58a93c532b669d62edb632c4c73d0744c13eb864ecf357ff12831aa46c4f2445dc33b62a4547385b9e0297b0c

          Download Submit

        • C:\Users\Admin\AppData\Local\bwD\DUI70.dll
          Filesize

          960KB

          MD5

          2a791ead40639c6936f956f1845c3a3f

          SHA1

          e037a9e739a27e3fd6fed5d9a5777426e9971af0

          SHA256

          97ca2c314e32d34f38914b5de7c3e4824c4edf1276c6964acebd6fcbc272ce64

          SHA512

          8f3918e7aa79a8ea1d7586c72402d57a19c58b9e3493f55edf29d935bdcada5360185eeb4ecf96f272ca062808b7c8ce7d92036da9921e3dbcb3afb908aec44e

          Download Submit

        • C:\Users\Admin\AppData\Local\bwD\DUI70.dll
          Filesize

          1024KB

          MD5

          6203994c979925ddabace7a213b00cdd

          SHA1

          6f94829d6857e8b7ceb7d9beb51ddb3896773b9c

          SHA256

          744e2e61e3ced9f63de4c44b21f317ecc0ff937876e45ba1033f775ef58b3af9

          SHA512

          3a59d7991ece90beb6cb1da47849d04aaf4997560532cd000abd8a9195752f2b4006a48e9219e49fdda78f0fe90318df7f380a6f909582e02d3e45d09bee6726

          Download Submit

        • C:\Users\Admin\AppData\Local\bwD\WindowsActionDialog.exe
          Filesize

          61KB

          MD5

          73c523b6556f2dc7eefc662338d66f8d

          SHA1

          1e6f9a1d885efa4d76f1e7a8be2e974f2b65cea5

          SHA256

          0c6397bfbcd7b1fcefb6de01a506578e36651725a61078c69708f1f92c41ea31

          SHA512

          69d0f23d1abaad657dd4672532936ef35f0e9d443caf9e19898017656a66ed46e75e7e05261c7e7636799c58feccd01dc93975d6a598cbb73242ddb48c6ec912

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Itlwy.lnk
          Filesize

          1KB

          MD5

          f3a66381932b6cce9d0f15d723d90ee2

          SHA1

          b832312cb998b60dedce05e0ee78a3ccd322c2c7

          SHA256

          b987a8cde54ba9d106b8ec6488f34220907be4c4c89986118e08ddd1bf7637d6

          SHA512

          d4b2f0c67ba94dc7545be73aa83276aa7b18ed19b179e349a1ae2669ccc3542fc61bc96b233c7c79ba6e4007f8e2a0fde786e692eb75d6760342dc5c8b6086cb

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\FD\DUI70.dll
          Filesize

          2.3MB

          MD5

          8b421354242763f11064a19dd3b42451

          SHA1

          964b13414fc61f78e4990a788f8263afbfdd332d

          SHA256

          66a00dc484b2b2974feef6d2517d1dbf2a85909d67319dd7fc74d5abd2a6a4e7

          SHA512

          3a11671ae57f1b42372379f4bb74bd666d472a6a8f10118731ba0f15d488ca2d8e517903caa2024fd034c21b0e8514912518342d8c93ab5de043ffa6ae011bc3

          Download Submit

        • memory/2016-9-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2016-1-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2016-0-0x0000000000590000-0x0000000000597000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2768-111-0x0000020B37BF0000-0x0000020B37BF7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3356-19-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-42-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-18-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-16-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-20-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-21-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-22-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-23-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-24-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-25-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-26-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-27-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-28-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-29-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-30-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-31-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-32-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-33-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-35-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-34-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-36-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-37-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-38-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-39-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-40-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-17-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-43-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-44-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-41-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-46-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-45-0x0000000000E10000-0x0000000000E17000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3356-53-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-54-0x00007FFCDF540000-0x00007FFCDF550000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3356-63-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-65-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-15-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-14-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-5-0x00007FFCDD78A000-0x00007FFCDD78B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3356-4-0x0000000002A60000-0x0000000002A61000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3356-7-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-13-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-12-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-8-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-10-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3356-11-0x0000000140000000-0x0000000140206000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3804-97-0x0000000140000000-0x0000000140208000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3804-91-0x0000000140000000-0x0000000140208000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3804-92-0x0000027253030000-0x0000027253037000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4860-80-0x0000000140000000-0x0000000140207000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/4860-75-0x0000000140000000-0x0000000140207000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/4860-74-0x0000028F16D80000-0x0000028F16D87000-memory.dmp

          Filesize

          28KB

          Download