Overview

overview

10

Static

static

3

c4475b106f...b3.dll

windows7-x64

10

c4475b106f...b3.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 22:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c4475b106f900a335b0c2bcbcc307bb3.dll

  • Size

    1.6MB

  • MD5

    c4475b106f900a335b0c2bcbcc307bb3

  • SHA1

    b55ed915945e6e406c84b9c00b3ea8847b15759d

  • SHA256

    82a0cf7556d7fccd11408d9992431581bce1bf16e8e2aabc554083541ee1b6d5

  • SHA512

    55f4e0b6dcac1c8bd41f1d6576ddff7a6c8c31ac6289a8554f9dbcb97218e1239890de1738f12a1f98a40117ab3950bd4c0523c0113e3adfe8c406039f25156c

  • SSDEEP

    12288:KVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:XfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Drops startup file 3 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4475b106f900a335b0c2bcbcc307bb3.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2876
  • C:\Windows\system32\FXSCOVER.exe
    C:\Windows\system32\FXSCOVER.exe
    1⤵
      PID:2820
    • C:\Users\Admin\AppData\Local\09JuDF7\FXSCOVER.exe
      C:\Users\Admin\AppData\Local\09JuDF7\FXSCOVER.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3040
    • C:\Windows\system32\sigverif.exe
      C:\Windows\system32\sigverif.exe
      1⤵
        PID:2680
      • C:\Users\Admin\AppData\Local\CtZN8\sigverif.exe
        C:\Users\Admin\AppData\Local\CtZN8\sigverif.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2584
      • C:\Windows\system32\BdeUISrv.exe
        C:\Windows\system32\BdeUISrv.exe
        1⤵
          PID:1500
        • C:\Users\Admin\AppData\Local\jjY7wkr\BdeUISrv.exe
          C:\Users\Admin\AppData\Local\jjY7wkr\BdeUISrv.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2288

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\09JuDF7\MFC42u.dll
                Filesize

                512KB

                MD5

                f933a8e654a10d76289b0ad53fdfa5f6

                SHA1

                debddf290faabd240d320044d2dcd86213e75e1b

                SHA256

                978c73c72ffbaa91754400c17e8dc75a4f7e2e1381cd832b567f86da0e927990

                SHA512

                c21b54f1db78cb65fbde4d93ac6780457d8210a2fdf277165f346a71196bc2ba675d0b5ab2aa19f0b9baf6cef233ab9c987e93c484e60217fa2828d4097a8ebf

                Download Submit

              • C:\Users\Admin\AppData\Local\CtZN8\VERSION.dll
                Filesize

                1.6MB

                MD5

                e9531a594e9b329678554c0fb01f6f95

                SHA1

                770e213637afdecbcfb92e7f0403927b7520c7bd

                SHA256

                f3d117779c3c59b668c96ec14f48f5766a5ed4eea9e67fb3678f8743bf9c696c

                SHA512

                fcfe9219af1454580211c6e12305cf90b767e676d2fac76cac0a3028f5e739f699e48c10f8d58a02179aed593ac04cdf96ac90f4c5104beec82271cd2a831d27

                Download Submit

              • C:\Users\Admin\AppData\Local\jjY7wkr\BdeUISrv.exe
                Filesize

                47KB

                MD5

                1da6b19be5d4949c868a264bc5e74206

                SHA1

                d5ee86ba03a03ef8c93d93accafe40461084c839

                SHA256

                00330a0e0eb1dbb6ee84997963f8e15c7c15c1df787f1c7f109609d7b31bd35c

                SHA512

                9cee858c55eb0852e5bad53a675a094ae591b46b07afe9fb4224cac32e0be577fe36c1ed3e9f6bda4d4eb0c924a773d00e3181cd97f07e24c6c68c70f2b002c6

                Download Submit

              • C:\Users\Admin\AppData\Local\jjY7wkr\WTSAPI32.dll
                Filesize

                1.6MB

                MD5

                2eb3ecc215abbe08c7309292cb926596

                SHA1

                f2826ac8f9c436088378df0fdfe27ba46cd60303

                SHA256

                efd767213cad8eae5e1dbe53825fa649fb2724b1422cffcc508ea0627235a5b8

                SHA512

                8b8ac220502392cfea3c453693fe1feb98b0e680d9bcb7a4615fa45ae9fa7992641aa261c041badeea87891bad885420f701d291dce4871d7699248d476582e8

                Download Submit

              • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Tkjddllshxzvy.lnk
                Filesize

                1KB

                MD5

                a7f69339344f677cdbdb2deffe4606a0

                SHA1

                d597a9eba41d8210f8fb744f0009e94698f56319

                SHA256

                5e4da2b0992aba9104244832859bf88a0975873ca244475d009e5a95bc78b8d4

                SHA512

                dc3c93804cfa91fc1fb616945c3415a058ec17b6be1555c5a54812cbf24844dbb649b6f6509087089f46578293878354dd50f89a876f60eaa1adf1130b886ac1

                Download Submit

              • \Users\Admin\AppData\Local\09JuDF7\FXSCOVER.exe
                Filesize

                261KB

                MD5

                5e2c61be8e093dbfe7fc37585be42869

                SHA1

                ed46cda4ece3ef187b0cf29ca843a6c6735af6c0

                SHA256

                3d1719c1caa5d6b0358830a30713c43a9710fbf7bcedca20815be54d24aa9121

                SHA512

                90bf180c8f6e3d0286a19fcd4727f23925a39c90113db979e1b4bbf8f0491471ad26c877a6e2cf49638b14050d952a9ee02a3c1293129843ec6bba01bc325d0b

                Download Submit

              • \Users\Admin\AppData\Local\09JuDF7\MFC42u.dll
                Filesize

                1.6MB

                MD5

                53ecd7e44f66f3f4677777e3a59b5be4

                SHA1

                2caa753ffc08dfb7d1f63fd4f245dd9613c95164

                SHA256

                4f76bf6ed056dd4b5c954d99b6b0b4265255ff59b2561cfc7d01ad72bc312bc3

                SHA512

                394af5f84f667b00b8d43e32a5cf783e24e58b08d2c2618fc6c831c291119af4c2cf9dca02e1899a6130e2462ee79169c9bb8955440e1ab061d5bcc7553eaf1f

                Download Submit

              • \Users\Admin\AppData\Local\CtZN8\sigverif.exe
                Filesize

                73KB

                MD5

                e8e95ae5534553fc055051cee99a7f55

                SHA1

                4e0f668849fd546edd083d5981ed685d02a68df4

                SHA256

                9e107fd99892d08b15c223ac17c49af75a4cbca41b5e939bb91c9dca9f0d0bec

                SHA512

                5d3c32d136a264b6d2cfba4602e4d8f75e55ba0e199e0e81d7a515c34d8b9237db29647c10ab79081173010ff8e2c6a59b652c0a9cfa796433aed2d200f02da6

                Download Submit

              • memory/1192-17-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-37-0x0000000002D70000-0x0000000002D77000-memory.dmp

                Filesize

                28KB

                Download

              • memory/1192-9-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-134-0x0000000077B26000-0x0000000077B27000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1192-7-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-18-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-4-0x0000000077B26000-0x0000000077B27000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1192-23-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-24-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-22-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-21-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-20-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-19-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-16-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-27-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-26-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-25-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-29-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-28-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-32-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-31-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-35-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-34-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-33-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-30-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-10-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-36-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-44-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-45-0x0000000077C31000-0x0000000077C32000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1192-46-0x0000000077D90000-0x0000000077D92000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1192-55-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-61-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-65-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-11-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-12-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-13-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-5-0x0000000002D90000-0x0000000002D91000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1192-14-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/1192-15-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2288-111-0x0000000000100000-0x0000000000107000-memory.dmp

                Filesize

                28KB

                Download

              • memory/2584-91-0x0000000140000000-0x00000001401A0000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2584-92-0x0000000000110000-0x0000000000117000-memory.dmp

                Filesize

                28KB

                Download

              • memory/2584-97-0x0000000140000000-0x00000001401A0000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2876-0-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2876-1-0x0000000000230000-0x0000000000237000-memory.dmp

                Filesize

                28KB

                Download

              • memory/2876-8-0x0000000140000000-0x000000014019F000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/3040-79-0x0000000140000000-0x00000001401A6000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/3040-73-0x0000000140000000-0x00000001401A6000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/3040-74-0x0000000000420000-0x0000000000427000-memory.dmp

                Filesize

                28KB

                Download