Analysis
-
max time kernel
131s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/03/2024, 01:40
General
-
Target
b9b70b4077ca44355b4850e19c6e17d6.dll
-
Size
2.1MB
-
MD5
b9b70b4077ca44355b4850e19c6e17d6
-
SHA1
01eff1a28fdfd36735a92e66ecc1b4ca7fb2c428
-
SHA256
0a65e748685b606573e04e320955af33a9fc673b50c7dc4ca6a4d53d9235cfc1
-
SHA512
acc2c62bc6103b766ce5df4bd207fe557e81b3490353e1f32b4b328a1c71769a056386f2497c3fa76bf22f87ccca82035aba269275ddf89e3ead1424d1d63ca6
-
SSDEEP
12288:5VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:4fP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 7 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b9b70b4077ca44355b4850e19c6e17d6.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\msinfo32.exeC:\Windows\system32\msinfo32.exe1⤵
-
C:\Users\Admin\AppData\Local\EDCzKNRt4\msinfo32.exeC:\Users\Admin\AppData\Local\EDCzKNRt4\msinfo32.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\ddodiag.exeC:\Windows\system32\ddodiag.exe1⤵
-
C:\Users\Admin\AppData\Local\Df85nZ1M\ddodiag.exeC:\Users\Admin\AppData\Local\Df85nZ1M\ddodiag.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\DmNotificationBroker.exeC:\Windows\system32\DmNotificationBroker.exe1⤵
-
C:\Users\Admin\AppData\Local\w8dRDms\DmNotificationBroker.exeC:\Users\Admin\AppData\Local\w8dRDms\DmNotificationBroker.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaaa999758,0x7ffaaa999768,0x7ffaaa9997782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1984,i,17020836030232812850,13040472275594038482,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1984,i,17020836030232812850,13040472275594038482,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1984,i,17020836030232812850,13040472275594038482,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1984,i,17020836030232812850,13040472275594038482,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1984,i,17020836030232812850,13040472275594038482,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4676 --field-trial-handle=1984,i,17020836030232812850,13040472275594038482,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1984,i,17020836030232812850,13040472275594038482,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4156 --field-trial-handle=1984,i,17020836030232812850,13040472275594038482,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1984,i,17020836030232812850,13040472275594038482,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5356 --field-trial-handle=1984,i,17020836030232812850,13040472275594038482,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
182KB
MD5ecade74a181eeb52f0be1f95bb8dce81
SHA165cd061e9971e0c4a4b286287252def5fd1e9ff8
SHA256d9fe020edf2c4898d03ddc75a54df5c0f5ae32441be0dcba6bd2eef6d19d7764
SHA512351fa1eccb103cd39346514778cc2283ab8caad84d56702b165ee84e69cf3d3528f2b81978e276192c85f8d4e787aaa1d406bf973a56497246a0a34dcc44ceae
-
Filesize
231KB
MD55fee977203290d52e66ff4964727b50b
SHA115cdccb7d22b11c4f83e6c41fc3b4ee7e5313ab6
SHA25633fc6ab842de6ca253b9d1d9462e6e857be9a06c19f79a9ad8eaa759260de465
SHA51273ebe84e01118c827baca0f9538d076043f21844244a9ddfbc9d7c8e14743777ed2e7a4cad5356d5b9e266383ba26efcc39c3700aa49807fb0031db01c72ca4f
-
Filesize
39KB
MD585feee634a6aee90f0108e26d3d9bc1f
SHA1a7b1fa32fe7ed67bd51dea438f2f767e3fef0ca2
SHA25699c63175504781e9278824d487da082da7c014e99f1024227af164986d3a27c6
SHA512b81a3e1723a5180c5168cd7bb5181c631f4f57c59780bb82a502160b7874777f3eef1ebe1b14f66c97f9f1a4721af13b6fbcdff2045c8563c18b5d12540953ff
-
Filesize
360KB
MD5f8120f27e1f21b42a023902c09865476
SHA12ad81c4408f81268c7c6670cbb71043ba1320f88
SHA2564ceef0cbc0716556c15fdf6fab533614aa261486c71f6c4d16f251f5258036d9
SHA512a64a2f6f0a658f7f0552c591f66cb11297705925b5f2b0da82ba9733a4ef55c4bb033be4b47934d3f370e176717a944deba67fcbb4e589bfd798685825d4d361
-
Filesize
272KB
MD510dcb558fbd2331bb8f5cf21dc1474e1
SHA1c3b07b9559b6080066803ee06d73b21f8a90b7ea
SHA2563250dd49e4aee161557188fee82f3f8b86cd48fc36301cd5e3af824493c8f4e9
SHA512303d601d22ddaccc1d45b76523e41c7c920bf741288d8c7919e06e5e48121fd61ad1b49efb1e608c3efe17db2ce13172c16677bb75271290275c58d64493e8a1
-
Filesize
264KB
MD5d715cda90b0a54fc93b726e98aee6289
SHA186bbd261efb58d9384f6a90a2f2bf37f0945515e
SHA256f39282dbf1aa593bab9a77e295d8fc072f3c6db120fa0ae184522a8ea728f447
SHA512d705cefaba24c029712055156957c9ae9367de8fff88ba9505d267a58596333142bf4eff362882ca38b3f1b697b58be2e67cc15d33229d740ce9073590e27cf7
-
Filesize
274KB
MD56271eee550d89e8d3d9ccba53864a5f3
SHA1057b5921df57a13657e05dbff6ac2024b456196e
SHA25602c2ca4ffa06cb4cd5abf6a460110e1b933380ff13f78382aa72f1f4843e34b5
SHA512b1e97ba4f3ec068ed4e735caa7f6028517067f133d82f5c08d8c0db7212331e86889f7db855fbd15d9f77d29b7a5661f3aa682100fc51b71cf2e41675c99225b
-
Filesize
44KB
MD52a9e3893621dca7996cb3e45d828f593
SHA1db11adb446f72c13943084620923a4682d127e73
SHA256606703bb8886c616db3a33bc88657624851bf0ad98091ee62f3cb0f2b5b96e0e
SHA5129f9b3b407bf623d3ae2571cbbc3e7e23b94b636235fa83753e266c06ca207e12dd883bd205731489c3870805a864fdfdd8e648933b8bf7677faec7a92226e4b7
-
Filesize
264KB
MD5a0c9a87e19c1892b177c56487b7d716e
SHA11cb37a6857367237c6ace6ad6b96a3802bb46e57
SHA256e1e9baaa90dbfe4444f2c29575c0fe389bcd45b290565de44a6d706f26a994b3
SHA51242b86598cfabd5d02c25d4841e5bc70fe31bb8a8e0c4b144bbba6d49161296301d0f855dce6c88a17312dced8eea29e1ad51dd158504689f0b8f22a7dd5b5ca1
-
Filesize
4.0MB
MD5ffe27858711d0ee09fd2c9d0fbafcae3
SHA10b18ecdfdb53ca4bfbffd898b5e51304112d28cd
SHA2569232e1cf5284f738158065cbcac267a722df8bc005a968c700a2be3e787cc77d
SHA5129beb2f8d0cf6794abb572fee1113ef833dbf20b78c2d51f997a449438d2b81545d8c04938aae933f13b4bb27c617bf84c4821c6ac0ed35b6893016144f040b80
-
Filesize
371B
MD574375e036c832d770e8dc73cb92644d4
SHA1df488a3aaece267c41eade817300ee6463c79a78
SHA256998adedb2596909214f178f83332cda9f45395a543e6754967c035e6f0141404
SHA51245d7634a54a8eeb43005d11a428d26d2d0f684425cfdb686b8491676b20dd7aee398eeffef261e90d61db80c6c2293b6f9ee5db8f8efb73e04371a0922bce160
-
Filesize
6KB
MD5d8f6c910dded20bb5883d5602a56728c
SHA1008a9dce7a77ad0f2205c0b69bf553fd1b0b9bab
SHA256b35bc748c7f3c2d0fe47002f739b306049567c4958eeae71d7847b697af87679
SHA5120ce3aea461192fd0c8e7b130e5ff5e78d83398f0da10c1806dccff0dcf6230e41251acc7b54101611753e1908b2ad3b5d4baad9cdfa94a7dbc2eec30fd9c6fcb
-
Filesize
15KB
MD5e4799de13898e292a0dcc0c403422e8c
SHA1c96b78461ca06edc59df42eeef6409bdbd5e47b6
SHA25630a1450e9186d6b0ba51dbabd88459592ab0fe196f48b4460888c46f8f096be9
SHA512d0ce2cd7ba25c19512fdd9386cee9222e4a7e18066da64135477ed30377d20a74569736e2d38cd35ff22397461bc8bf63fdca6071ee6f07f69f8570f3e74e721
-
Filesize
257KB
MD5b2502ce6f52a9a3e642463aa4c8f459a
SHA1691915a6f1877ac92bd45f5160dcb80fd6923966
SHA256dc5837b0334fb7cc77a24a2a77cf43af98d1ce24d51746ee0648eb14f25ab68d
SHA512465910b74099b6e8bc7815b25242a7433c43ed735de092290dc9767dad896e94b6e3fee6e50331d1fb56490cd6c4bcf48aaa75c539d0779cc21eb0e60ecf1da5
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
544KB
MD5e4f7249d7a0b96e94ce4b60786d09975
SHA1e0325fc7a79726be45de0f6d1be9ffa4fb518c5e
SHA25693b9ea50d86db548c43e26099d73e3687b9d6642e3ff9d92707d00d33351dabe
SHA51270e122f44ce2b3f238f2e976a748145b9b3d0c4560675fb3d8330fa43bfedef479e14d3ebbfd46a221e6001cd6f51a47c59e873df0e36c49c5c57855e5fe0321
-
Filesize
501KB
MD59b0b2be0f469d36ba9898b32a6bd031f
SHA10143fca2c3294bacfea5b769057519659d072873
SHA256fa366c8d4cbed46d641e2e24bc82c7658b8b0127adb83bdc175323f2a17f7da1
SHA512f84a215395b00f12c8764edb7f0b53f73192160035052d62c8a1fe7b8b698a8a2f1df95fb92b345ca3216c43c377605452accb2dbb7181ad4a304347f2bfacce
-
Filesize
32KB
MD5f0bdc20540d314a2aad951c7e2c88420
SHA14ab344595a4a81ab5f31ed96d72f217b4cee790b
SHA256f87537e5f26193a2273380f86cc9ac16d977f65b0eff2435e40be830fd99f7b5
SHA512cb69e35b2954406735264a4ae8fe1eca1bd4575f553ab2178c70749ab997bda3c06496d2fce97872c51215a19093e51eea7cc8971af62ad9d5726f3a0d2730aa
-
Filesize
1.6MB
MD52a219bc6b17824e109429971d686f828
SHA1a63c7c72ae8143c7d36d0f98f95911dd3ac3c1ea
SHA2564fa5233f042d6738d903dc54492c140ca487f05c56fa8dc95d0398f7b4c311de
SHA51261474b4dc4f871e54b69a30968a37b712c3f0a70918d719b5aafa750dc5b8a7f1bccdb81aad0c1e52190e08facf2f190cfe2cc12c6497fe00bdc3603126cf7ed
-
Filesize
1KB
MD5f6df99fc6c5885f076893dfdd817a74a
SHA187d808a6cf45c9abe8a560adfde9c63af139af78
SHA256bf2dbacd57e02d57a16d34b73a9472b0067b0decf32d87a38b91b87d7e4c6c48
SHA512293b4534a284e06b841ce389e80e69ca82c749a877950c2ae0c28809f1a8a5df4a211aa709c63c2c01a42b021e4122fe8df99a4afb0a840904373c52c11b9d6b
-
Filesize
2.1MB
MD5129cc6a81900ca5e92a4c4656343e39c
SHA10936a095a211130172852e2f094ab52520932109
SHA256dcab1304ac82b4e1a8c9f81b382ea2fe2552f07aa3dda4fd3da0de347283e101
SHA512275b6bab3afe65116c98d3a2794163a84e7ad5aea2cb821f22634b71945a96c8033aa1dac135aa4c1d85793b7f5fb45584a9cd04ff7fe759780de952a393c716
-
Filesize
2.1MB
MD5761898f1fdb848883eef6b20c180ca1d
SHA127eeb2ad97c1d2b5ca8b0e6ba760ac4d741de190
SHA25696b4d2ade63d71e6cf3ff4695fa26b03d1521123c730590885fc1e3031889ea4
SHA512cd0cb6a3f9671c701f894df2c2a1dbb8a5b1cae3faecfea1b9f9c77fad0c6d5267657baf62b423d3b94fb12644c4041cc81eb316efcc82fe582425cb4e13f928
-
Filesize
28KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
28KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
28KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
64KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
4KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
4KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
28KB
-
Filesize
28KB