Overview

overview

10

Static

static

3

aed4584863...30.dll

windows7-x64

10

aed4584863...30.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 22:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    aed4584863417e6f5b5769e1cfd366ec90e9e8df9e87e3c977212a12a7410530.dll

  • Size

    796KB

  • MD5

    ecf496cfed962afd923d73576633a810

  • SHA1

    62f53ef7db3f013f56271d65fb5177f29f215941

  • SHA256

    aed4584863417e6f5b5769e1cfd366ec90e9e8df9e87e3c977212a12a7410530

  • SHA512

    65cc989d2f47644d83de43c212ec20a5b68be5d34f679989bd801b893c7f69ff42ca148a93a14eae4023e8d30719b15f331f0b2aaad6584e47f674677b9637bf

  • SSDEEP

    12288:MBim9Tnts08FbKuPcA8NAc1l/XkGaZKoRQIpRX2/0Ak2ng/Zi66wNdufAdNo:o/nts0Q9K/0ooRQIxAk2wi0N/A

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\aed4584863417e6f5b5769e1cfd366ec90e9e8df9e87e3c977212a12a7410530.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1752
  • C:\Windows\system32\AdapterTroubleshooter.exe
    C:\Windows\system32\AdapterTroubleshooter.exe
    1⤵
      PID:2920
    • C:\Users\Admin\AppData\Local\XinptlYS\AdapterTroubleshooter.exe
      C:\Users\Admin\AppData\Local\XinptlYS\AdapterTroubleshooter.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1108
    • C:\Windows\system32\lpksetup.exe
      C:\Windows\system32\lpksetup.exe
      1⤵
        PID:284
      • C:\Users\Admin\AppData\Local\quBezSXc7\lpksetup.exe
        C:\Users\Admin\AppData\Local\quBezSXc7\lpksetup.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1392
      • C:\Windows\system32\EhStorAuthn.exe
        C:\Windows\system32\EhStorAuthn.exe
        1⤵
          PID:2320
        • C:\Users\Admin\AppData\Local\DkpELFqVW\EhStorAuthn.exe
          C:\Users\Admin\AppData\Local\DkpELFqVW\EhStorAuthn.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2324

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\DkpELFqVW\WTSAPI32.dll
                Filesize

                800KB

                MD5

                c81dab69e5fb8d8e5ee3f777e6d0cb38

                SHA1

                f33ad6e4a8aa73557901f2c1e5979e25b4ab9bb2

                SHA256

                cd78699799fae11feba21c449f7488a8b000a110166d6e2b67e34df66b7dfe9e

                SHA512

                d9e0ab2d3a7741b05a4e125906813a426232f7db6b0951f1e38eed5d47d3e4e256c4109e9526c6b0dff5c4ebb0175c707f5e04c079ccfd0ecc104e29d1bef4b4

                Download Submit

              • C:\Users\Admin\AppData\Local\XinptlYS\d3d9.dll
                Filesize

                800KB

                MD5

                2173b4303a0fcd070bbcc08901d6dcfd

                SHA1

                7c042c70257d335c75709cc589b02e2fbdb6ef94

                SHA256

                c13ee832d3833e56a75cd646ee769cd33fe4b0584f8d38925f9acdb9996bb1d4

                SHA512

                06d8592ede4d1d213aa5beaf2c15b1d09e0b787b5843796b344edbc3a630079236b5a4860944bbe8959290fdc53d0b692ec98844c7dd4fbbef1f94b534808c9e

                Download Submit

              • C:\Users\Admin\AppData\Local\quBezSXc7\dpx.dll
                Filesize

                800KB

                MD5

                50848610f74fddfcb3c1eda7030c1583

                SHA1

                a923295e1e3714e54116e3088eca0e5164f0b28a

                SHA256

                a372bcf7fc7d64478ea39d86cd10d4c7f1e799dd91c45390de64414cf6aa49af

                SHA512

                4226261de8af463c391115507a912a3f5ddf64d961f449d5adfea60c843eaee6b12d2c22670cb58dac2ceb995c8bf48bd8a23f0087a8d13fd60edd1311693a82

                Download Submit

              • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sufsomsdbcivkn.lnk
                Filesize

                1KB

                MD5

                c43cdeac856e2f0ac23a4057416c40ec

                SHA1

                dcbb740e4499f867619837efa06020d40c28bc3e

                SHA256

                c316ba012c7f63a9648582129a7e6b3aa061a6f3f014d6e95cd01e5ac378456c

                SHA512

                fffc153eef2abd89698716a97e1f388ad1caa91253500fca998d817935ac95c34d4066d604975162f3be0587787a148f1e072132c540dbd24cca9c82f233f7fe

                Download Submit

              • \Users\Admin\AppData\Local\DkpELFqVW\EhStorAuthn.exe
                Filesize

                137KB

                MD5

                3abe95d92c80dc79707d8e168d79a994

                SHA1

                64b10c17f602d3f21c84954541e7092bc55bb5ab

                SHA256

                2159d9d5c9355521de859d1c40907fcdfef19f8cf68eda7485b89e9aa119e3ad

                SHA512

                70fee5e87121229bba5c5e5aaa9f028ac0546dc9d38b7a00a81b882c8f8ce4abfdc364a598976b1463cca05e9400db715f8a4478ec61b03a693bbeee18c6ae5c

                Download Submit

              • \Users\Admin\AppData\Local\XinptlYS\AdapterTroubleshooter.exe
                Filesize

                39KB

                MD5

                d4170c9ff5b2f85b0ce0246033d26919

                SHA1

                a76118e8775e16237cf00f2fb79718be0dc84db1

                SHA256

                d05e010a2570cdd5a67f62c99483aeeecb6a8d5ecc523cd49b158a460c9be5da

                SHA512

                9c85a9ea4002bd55cf9c51e470dd1bec527ff04b5d0d6f83094a998c541416cd47c9f42c6ca7e35ffa2842877f79e3c2e989489b9bf81644c5c57bb406b89608

                Download Submit

              • \Users\Admin\AppData\Local\quBezSXc7\lpksetup.exe
                Filesize

                638KB

                MD5

                50d28f3f8b7c17056520c80a29efe17c

                SHA1

                1b1e62be0a0bdc9aec2e91842c35381297d8f01e

                SHA256

                71613ea48467d1a0b00f8bcaed270b7527fc5771f540a8eb0515b3a5fdc8604f

                SHA512

                92bc60402aacf1a62e47335adf8696a5c0d31637e624628d82b6ec1f17e1ee65ae8edf7e8dcd10933f59c892a4a74d8e461945df0991b706a4a53927c5fd3861

                Download Submit

              • memory/1108-69-0x000007FEF7BC0000-0x000007FEF7C88000-memory.dmp

                Filesize

                800KB

                Download

              • memory/1108-65-0x000007FEF7BC0000-0x000007FEF7C88000-memory.dmp

                Filesize

                800KB

                Download

              • memory/1108-64-0x0000000001B40000-0x0000000001B47000-memory.dmp

                Filesize

                28KB

                Download

              • memory/1300-15-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-38-0x0000000077B20000-0x0000000077B22000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1300-3-0x0000000077886000-0x0000000077887000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1300-14-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-16-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-18-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-20-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-21-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-22-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-25-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-26-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-28-0x0000000002600000-0x0000000002607000-memory.dmp

                Filesize

                28KB

                Download

              • memory/1300-29-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-27-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-24-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-23-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-19-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-17-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-36-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-13-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-37-0x0000000077AF0000-0x0000000077AF2000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1300-49-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-47-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-4-0x0000000002620000-0x0000000002621000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1300-12-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-11-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-9-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-10-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-8-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-74-0x0000000077886000-0x0000000077887000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1300-7-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1300-6-0x0000000140000000-0x00000001400C7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1392-84-0x0000000000100000-0x0000000000107000-memory.dmp

                Filesize

                28KB

                Download

              • memory/1392-87-0x000007FEF7BC0000-0x000007FEF7C88000-memory.dmp

                Filesize

                800KB

                Download

              • memory/1752-50-0x000007FEF7110000-0x000007FEF71D7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1752-1-0x000007FEF7110000-0x000007FEF71D7000-memory.dmp

                Filesize

                796KB

                Download

              • memory/1752-0-0x0000000000190000-0x0000000000197000-memory.dmp

                Filesize

                28KB

                Download

              • memory/2324-102-0x00000000000F0000-0x00000000000F7000-memory.dmp

                Filesize

                28KB

                Download

              • memory/2324-106-0x000007FEF7BC0000-0x000007FEF7C88000-memory.dmp

                Filesize

                800KB

                Download