Overview

overview

10

Static

static

3

5e8681d346...f9.dll

windows7-x64

10

5e8681d346...f9.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-04-2024 21:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e8681d346f5ccaf1626cfc6d89c697e22de14a91644f71ea4217c88fe0e47f9.dll

  • Size

    1.0MB

  • MD5

    51a75f6aeda5db4e23cb7ca20e26c2c9

  • SHA1

    c0f4e297aa0e2ec7ce340f0e33778d0345e88028

  • SHA256

    5e8681d346f5ccaf1626cfc6d89c697e22de14a91644f71ea4217c88fe0e47f9

  • SHA512

    c815ca336be0635096323df11a166985915990936e601af39ed222caa0a56fd204193c69895d7ad4174e3daf5df9d4e267b5dde8d5dcf7797722c36e7390078d

  • SSDEEP

    12288:C38uea4w46+K1FZPfxyMs2SRXTajPomqkpyrJXy6mfvHELWUbxdewWRa7CkhkgjS:g8uea4w467D5/0ypyFYELW8xFZmMXJZ

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5e8681d346f5ccaf1626cfc6d89c697e22de14a91644f71ea4217c88fe0e47f9.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4116
  • C:\Windows\system32\SystemPropertiesAdvanced.exe
    C:\Windows\system32\SystemPropertiesAdvanced.exe
    1⤵
      PID:4320
    • C:\Users\Admin\AppData\Local\HRru97X\SystemPropertiesAdvanced.exe
      C:\Users\Admin\AppData\Local\HRru97X\SystemPropertiesAdvanced.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1404
    • C:\Windows\system32\GamePanel.exe
      C:\Windows\system32\GamePanel.exe
      1⤵
        PID:1960
      • C:\Users\Admin\AppData\Local\Qip7B\GamePanel.exe
        C:\Users\Admin\AppData\Local\Qip7B\GamePanel.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2400
      • C:\Windows\system32\Narrator.exe
        C:\Windows\system32\Narrator.exe
        1⤵
          PID:1100
        • C:\Users\Admin\AppData\Local\Vn21\Narrator.exe
          C:\Users\Admin\AppData\Local\Vn21\Narrator.exe
          1⤵
          • Executes dropped EXE
          PID:532
        • C:\Windows\system32\ddodiag.exe
          C:\Windows\system32\ddodiag.exe
          1⤵
            PID:3160
          • C:\Users\Admin\AppData\Local\j0o\ddodiag.exe
            C:\Users\Admin\AppData\Local\j0o\ddodiag.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:1468

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\HRru97X\SYSDM.CPL
            Filesize

            1.0MB

            MD5

            137f52cdc73e9506b12ff8497e1aeb44

            SHA1

            ad9195e1be09682e40de0c8ad213a34ac45c8005

            SHA256

            2b186e0a44c7b7a0c483649ec7287cb85458c94b00b5d3df7d73cc97c8de4e21

            SHA512

            56a33ab516c0e3ce2e498916b83072f1e8ec54c7cdccd292fcb110d5d77d36e793daff506f526fc46b536f08ff413dd7b33fa50e64447f064f0ee4b1d51a721a

            Download Submit

          • C:\Users\Admin\AppData\Local\HRru97X\SystemPropertiesAdvanced.exe
            Filesize

            82KB

            MD5

            fa040b18d2d2061ab38cf4e52e753854

            SHA1

            b1b37124e9afd6c860189ce4d49cebbb2e4c57bc

            SHA256

            c61fa0f8c5d8d61110adbcceaa453a6c1d31255b3244dc7e3b605a4a931c245c

            SHA512

            511f5981bd2c446f1f3039f6674f972651512305630bd688b1ef159af36a23cb836b43d7010b132a86b5f4d6c46206057abd31600f1e7dc930cb32ed962298a4

            Download Submit

          • C:\Users\Admin\AppData\Local\Qip7B\GamePanel.exe
            Filesize

            1.2MB

            MD5

            266f6a62c16f6a889218800762b137be

            SHA1

            31b9bd85a37bf0cbb38a1c30147b83671458fa72

            SHA256

            71f8f11f26f3a7c1498373f20f0f4cc960513d0383fe24906eeb1bc9678beecd

            SHA512

            b21d9b0656ab6bd3b158922722a332f07096ddd4215c802776c5807c9cf6ece40082dd986ea6867bdc8d22878ce035a5c8dfcc26cfae94aeee059701b6bf1e68

            Download Submit

          • C:\Users\Admin\AppData\Local\Qip7B\dxgi.dll
            Filesize

            1.0MB

            MD5

            c1feb59ad1943c8f9d6176e0cf2ebb3b

            SHA1

            08c974f0480d007dab2b1010f891bf616912b9d6

            SHA256

            1a3d476551cff254ceb1c2879b7cd6078e091a382a7e87e02e64c6224d900a74

            SHA512

            993e4050a4f5d66423a598b54d124ab096f9d8209987c9c213ac65f89bfa15eeec27cdf9ed6beed4b19574321042f98117c4a6fe5b07472c7d066c65da040cd9

            Download Submit

          • C:\Users\Admin\AppData\Local\Vn21\Narrator.exe
            Filesize

            521KB

            MD5

            d92defaa4d346278480d2780325d8d18

            SHA1

            6494d55b2e5064ffe8add579edfcd13c3e69fffe

            SHA256

            69b8c93d9b262b36e2bdc223cc0d6e312cc471b49d7cc36befbba1f863a05d83

            SHA512

            b82c0fbc07361e4ad6e4ab171e55e1e41e9312ba995dce90696ca90f734f5d1ea11371ca046e8680ea566a1c2e0643ab86f1f6dcf6cbd05aed8448425a2830b5

            Download Submit

          • C:\Users\Admin\AppData\Local\j0o\XmlLite.dll
            Filesize

            1.0MB

            MD5

            dbf4f125f757e85dd40daeee193582a7

            SHA1

            3845dc1d3b14eee2eea22af114d53bfd83a9f096

            SHA256

            d33c684cc1a27d86a76b7b28ec52307ac8421a51639a055957b8c5eaa61864f4

            SHA512

            624cdaa99dedcc14c94768180918d408c55a07ad7d99f677f53b5ddbaff710fb23be608d8d87796797ad203a802ff29812d9ae58c6cf1d28de3e9bf59bd78df6

            Download Submit

          • C:\Users\Admin\AppData\Local\j0o\ddodiag.exe
            Filesize

            39KB

            MD5

            85feee634a6aee90f0108e26d3d9bc1f

            SHA1

            a7b1fa32fe7ed67bd51dea438f2f767e3fef0ca2

            SHA256

            99c63175504781e9278824d487da082da7c014e99f1024227af164986d3a27c6

            SHA512

            b81a3e1723a5180c5168cd7bb5181c631f4f57c59780bb82a502160b7874777f3eef1ebe1b14f66c97f9f1a4721af13b6fbcdff2045c8563c18b5d12540953ff

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rnysjhcczxaxza.lnk
            Filesize

            1KB

            MD5

            29ce63c3342e3d580da6376232339f9b

            SHA1

            d2a2a81ca84bdef94bc239ec36b3af5cf5def6a3

            SHA256

            3f057456a711a34d0bfb56b42259ffd2172b5a945aaadf5da0c407d03af5bccf

            SHA512

            db6b49fe8648a7d8ef6700c22e9862cb428b43042b471e665c9052508bc71b3b769a13c9f2317b9a73d07a9e35a05b4459153a19a5ed12dc23b52b8cff784ee0

            Download Submit

          • memory/1404-66-0x0000000140000000-0x000000014010A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/1404-62-0x000001B6E58D0000-0x000001B6E58D7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1404-60-0x0000000140000000-0x000000014010A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/1404-59-0x0000000140000000-0x000000014010A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/1468-105-0x0000000140000000-0x000000014010A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/1468-111-0x0000000140000000-0x000000014010A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2400-86-0x0000000140000000-0x000000014010A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2400-81-0x0000000140000000-0x000000014010A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2400-82-0x0000021A8E220000-0x0000021A8E227000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2400-80-0x0000021A8E220000-0x0000021A8E32A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-35-0x00007FFCE732A000-0x00007FFCE732B000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3556-21-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-17-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-16-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-15-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-13-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-12-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-11-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-10-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-9-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-8-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-7-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-22-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-14-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-4-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3556-19-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-20-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-18-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-24-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-25-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-26-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-6-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-37-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-38-0x00007FFCE8320000-0x00007FFCE8330000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3556-48-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-39-0x00007FFCE8310000-0x00007FFCE8320000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3556-36-0x0000000001320000-0x0000000001327000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3556-27-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3556-23-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/4116-3-0x0000000000730000-0x0000000000737000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4116-52-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/4116-0-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/4116-2-0x0000000140000000-0x0000000140109000-memory.dmp

            Filesize

            1.0MB

            Download