Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b6a95716e5...d8.dll

windows7-x64

10

b6a95716e5...d8.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 05:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6a95716e500957dc3b9447faf3443d8.dll

  • Size

    688KB

  • MD5

    b6a95716e500957dc3b9447faf3443d8

  • SHA1

    efa033e42ed5c72417bb6cbe8d2dfb4705bce230

  • SHA256

    cfdf6cc09e2a199c461f5cab2c28a42e9d979cf64ac4af8e85d9ed5e97d9559a

  • SHA512

    9fb14331cd6b7a24c2ff6b0d9f196815e1774f66018af60cdb4405a1c251f9345e5c6a24172b813943f2be1e2a42c3e6d0595c9c9b5421facc6d29956e082c72

  • SSDEEP

    12288:VqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:VqGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6a95716e500957dc3b9447faf3443d8.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2848
  • C:\Windows\system32\SystemPropertiesPerformance.exe
    C:\Windows\system32\SystemPropertiesPerformance.exe
    1⤵
      PID:3000
    • C:\Users\Admin\AppData\Local\Vwd\SystemPropertiesPerformance.exe
      C:\Users\Admin\AppData\Local\Vwd\SystemPropertiesPerformance.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2560
    • C:\Windows\system32\mblctr.exe
      C:\Windows\system32\mblctr.exe
      1⤵
        PID:2404
      • C:\Users\Admin\AppData\Local\YMldp24JO\mblctr.exe
        C:\Users\Admin\AppData\Local\YMldp24JO\mblctr.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2420
      • C:\Windows\system32\msdt.exe
        C:\Windows\system32\msdt.exe
        1⤵
          PID:2288
        • C:\Users\Admin\AppData\Local\V5OI\msdt.exe
          C:\Users\Admin\AppData\Local\V5OI\msdt.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1864

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Vwd\SYSDM.CPL
          Filesize

          692KB

          MD5

          47eb1975345ca8934bcf9642a841b497

          SHA1

          76857cf1f7854a45d4316edf3f3cf5d353b42b01

          SHA256

          fd90937365a2638ed5bc02a95bc2c58fb5086494c6f0e27bdf62c2766f044c2f

          SHA512

          771b9791f5bb0b18c27aecb33a3d375017067073c543766ecd8e48ad44de0603fadcd45a7b38e006c5bcede36dcb099f90d11aa00cc398d091bd66a8e3079698

          Download Submit

        • C:\Users\Admin\AppData\Local\YMldp24JO\WINMM.dll
          Filesize

          696KB

          MD5

          14402e03d682709111c0e3456ae754c0

          SHA1

          e25016e696d11da0a0222c6aeaa4ff389d6682f1

          SHA256

          ec2d68418d748d3fc82e861d0c1365aa45258da651aa7ed8d4cbb4f220fa2eb4

          SHA512

          e34d4b166f4a3cd94c966adcddb73f406e54bf7a932df0b52ee694d2bcde93b77133e76bce14dd10b43e3d0b4472d4da68e00006ecc1839b3018e4726acefaf8

          Download Submit

        • C:\Users\Admin\AppData\Local\YMldp24JO\mblctr.exe
          Filesize

          935KB

          MD5

          fa4c36b574bf387d9582ed2c54a347a8

          SHA1

          149077715ee56c668567e3a9cb9842284f4fe678

          SHA256

          b71cdf708d4a4f045f784de5e5458ebf9a4fa2b188c3f7422e2fbfe19310be3f

          SHA512

          1f04ce0440eec7477153ebc2ce56eaabcbbac58d9d703c03337f030e160d22cd635ae201752bc2962643c75bbf2036afdd69d97e8cbc81260fd0e2f55946bb55

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sufsomsdbcivkn.lnk
          Filesize

          1KB

          MD5

          371e511d2e805da32b688cf6cb60f4a5

          SHA1

          9496893be6d7c6d0338ed0dc0aacada621ff328a

          SHA256

          68b4caff759665021fb10a797276fb3053c3a33e899abca8d0c1952d6559d764

          SHA512

          d2b9c49e4e68b163f3b918b29af3fd8cc40607cee5ff6fc26433a928c74d63a5ddb0704494276d71343e3cc0fef64308ee07e7b6d6b0c53453818607b0e7177b

          Download Submit

        • \Users\Admin\AppData\Local\V5OI\UxTheme.dll
          Filesize

          692KB

          MD5

          70a6bacca8c068e3069190227b616825

          SHA1

          e57fdbac2f0860827b35f84e1546540662de257e

          SHA256

          b20140bfb62f6a354e90169e8a8b90e34faf5b868501272c6ab4e65081b4f7b1

          SHA512

          0ed1308749fc5505f320f01f5912a392dee528dc4279fee799d4e3515ca3bf7c6793ebcb26fe9f720324a852d9bc38588d27c80abe3d369c288311b2a39a00a6

          Download Submit

        • \Users\Admin\AppData\Local\V5OI\msdt.exe
          Filesize

          1.0MB

          MD5

          aecb7b09566b1f83f61d5a4b44ae9c7e

          SHA1

          3a4a2338c6b5ac833dc87497e04fe89c5481e289

          SHA256

          fbdbe7a2027cab237c4635ef71c1a93cf7afc4b79d56b63a119b7f8e3029ccf5

          SHA512

          6e14200262e0729ebcab2226c3eac729ab5af2a4c6f4f9c3e2950cc203387d9a0a447cf38665c724d4397353931fd10064dc067e043a3579538a6144e33e4746

          Download Submit

        • \Users\Admin\AppData\Local\Vwd\SystemPropertiesPerformance.exe
          Filesize

          80KB

          MD5

          870726cdcc241a92785572628b89cc07

          SHA1

          63d47cc4fe9beb75862add1abca1d8ae8235710a

          SHA256

          1ab77fa1ee0cbe59ca185c228c3c11abeba2b2008a162c91a06d3c40542e7fc6

          SHA512

          89b961c2a2716fe0800e54e0206c8b349a26f1bc2a463ec9bd12f3ab22bfcb13e6402b4c20ddcf284d838a3c66e73335af8f6dc4554d76646382e387242c6f72

          Download Submit

        • \Users\Admin\AppData\Local\YMldp24JO\WINMM.dll
          Filesize

          328KB

          MD5

          3ff65c9b2ebac933660b8e43469c51a3

          SHA1

          20c093f57a67e7f5010fe191c8dd86a2b808013b

          SHA256

          bd59780b96a914f0e5aea223d27f4d480df46ce57de24bdb473d1ae0c96864f7

          SHA512

          66c61bf8382ee5271cc32c68db8c2d8282d8ab9ed69a73aeab6d8a90ba74f0663cb08445e6b4bbb9a1a420b2cb3a09368439bc7a2e5bba4ef5c9797afd91a657

          Download Submit

        • \Users\Admin\AppData\Local\YMldp24JO\mblctr.exe
          Filesize

          832KB

          MD5

          d14f57062e670ffb3dcb35afd5fe4c2b

          SHA1

          39b75862a6b904cf0c3a7866324da609d7f0ad65

          SHA256

          ad3dfb1f9ede749f41fdec97791978295bd191dabe31a97b3747319daea35a3a

          SHA512

          fa266ce2065925159fbdcc7686b95cee42ede6c79c646c0f427c8a0f7f38e475f5be6258493c0b638529e0d5852b361e378177c1efc67458e60fac850fddf0f7

          Download Submit

        • memory/1396-10-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1396-13-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1396-12-0x0000000002650000-0x0000000002657000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1396-21-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1396-23-0x0000000077BA0000-0x0000000077BA2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1396-22-0x0000000077B70000-0x0000000077B72000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1396-33-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1396-32-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1396-6-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1396-7-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1396-11-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1396-3-0x0000000077806000-0x0000000077807000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1396-4-0x0000000002670000-0x0000000002671000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1396-66-0x0000000077806000-0x0000000077807000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1396-9-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1396-8-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1864-85-0x00000000000B0000-0x00000000000B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1864-89-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/2420-67-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2420-68-0x0000000000180000-0x0000000000187000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2420-72-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2560-54-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/2560-51-0x00000000000F0000-0x00000000000F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2560-49-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/2848-0-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/2848-41-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/2848-1-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download