Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

4052ea9b3c...cd.dll

windows7-x64

10

4052ea9b3c...cd.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    17/07/2024, 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4052ea9b3c06054603457627da4cae9a63458f725fb8c5b017fc406b7b03fccd.dll

  • Size

    820KB

  • MD5

    09a70175b2dac63c54bdca38cf4262e8

  • SHA1

    1791add74d6e0cc4e3a2f3727a55abaab8ab0463

  • SHA256

    4052ea9b3c06054603457627da4cae9a63458f725fb8c5b017fc406b7b03fccd

  • SHA512

    99e09a0df392d62f34dcef06f210b897670bbc45cc5589957f339fe63f96f5d92168948a9aa515ecfa235aff981ddb9be4629a36f28b11122152dcb6811111f0

  • SSDEEP

    12288:uBim9Tnts08FbKuPcA8NAc1l/XkGaZKoRQIpRX2/0Ak2ng/Zi66wNdufAdND:6/nts0Q9K/0ooRQIxAk2wi0N/

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 12 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4052ea9b3c06054603457627da4cae9a63458f725fb8c5b017fc406b7b03fccd.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2324
  • C:\Windows\system32\DeviceDisplayObjectProvider.exe
    C:\Windows\system32\DeviceDisplayObjectProvider.exe
    1⤵
      PID:2636
    • C:\Users\Admin\AppData\Local\SXjERE\DeviceDisplayObjectProvider.exe
      C:\Users\Admin\AppData\Local\SXjERE\DeviceDisplayObjectProvider.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2772
    • C:\Windows\system32\mmc.exe
      C:\Windows\system32\mmc.exe
      1⤵
        PID:2272
      • C:\Users\Admin\AppData\Local\9cPkkz\mmc.exe
        C:\Users\Admin\AppData\Local\9cPkkz\mmc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2296
      • C:\Windows\system32\perfmon.exe
        C:\Windows\system32\perfmon.exe
        1⤵
          PID:2140
        • C:\Users\Admin\AppData\Local\l0miSrx\perfmon.exe
          C:\Users\Admin\AppData\Local\l0miSrx\perfmon.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1808

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\9cPkkz\UxTheme.dll
          Filesize

          824KB

          MD5

          ce4b367c11421e361b192f0878e1cdfb

          SHA1

          9b27fb21beaaaea15eca37e235c38fafdd65e855

          SHA256

          654acd3ea098787f5a2f357a833f37baaee42f51b353ab259ed18e8d5f5a4c74

          SHA512

          1caf33ddb5a5144fe7645789a13c00ddb532da75873c273f79b77815060b9f23f39d7587e487acc5caf2dc4b7e977206f5863fa26c18dc7fb00557b00d321b26

          Download Submit

        • C:\Users\Admin\AppData\Local\SXjERE\XmlLite.dll
          Filesize

          824KB

          MD5

          f226fef0d67a9f88b1f46f2066f6e9d7

          SHA1

          13758c78fce73ce326f603dfd9398c107a0556c2

          SHA256

          f7c4ba0dced54d55aa7adb49150503520ec77e315d693fd1b6ba04bca3fed960

          SHA512

          a7d64a81629a1c3f8667a1971f3ae3ebd2417f77eb4070abd4ebb46f0c49273cd1448353b951bcfe02ff4f2e20e70835358cd1fc64675bcedaca134869097042

          Download Submit

        • C:\Users\Admin\AppData\Local\l0miSrx\Secur32.dll
          Filesize

          824KB

          MD5

          a1a2a4b7e38185932822565e5926f79e

          SHA1

          2ec7b9848dda69365aa3d15b5be1c869295e0dac

          SHA256

          6098dde826b4124170278546b4b6ad6ee634e62b880e1911e2cfa29fee5fae60

          SHA512

          ce565f95ea7d5e79b18c8bcf84bd81205de6e58d86ba204f6df45df020fd332b114ad267cc86330ec69eaa56010b41c7091e8f3d2d3ff5a0d3d76131fd6c37b8

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Jgencdimntyj.lnk
          Filesize

          1KB

          MD5

          7da966fe0eeab4eda42267d33b27a2fa

          SHA1

          21abcda6c1f42d81944cfdf16d69fb5f152548f4

          SHA256

          660a4998fceb16d88014ce9a4bdff2451c0a68c11343c3e18cd753a0358fd7a7

          SHA512

          4233711609ee1e212ad5c0d842644d24a6158fd0ad459903ac58c5117f70f59912b62aa1af739ab5648b04542ec0bed93a8579c511d1612f5fe1b99b7d02b761

          Download Submit

        • \Users\Admin\AppData\Local\9cPkkz\mmc.exe
          Filesize

          2.0MB

          MD5

          9fea051a9585f2a303d55745b4bf63aa

          SHA1

          f5dc12d658402900a2b01af2f018d113619b96b8

          SHA256

          b212e59e4c7fe77f6f189138d9d8b151e50eb83a35d6eadfb1e4bb0b4262c484

          SHA512

          beba79f0b6710929871fbdf378d3c0a41f230ac30cbfa87173f7b77c35e06425f48db42ed3b16d5d9bcb7ef0098dffcd0d2947da8fb7ec1136ea62205f1afc76

          Download Submit

        • \Users\Admin\AppData\Local\SXjERE\DeviceDisplayObjectProvider.exe
          Filesize

          109KB

          MD5

          7e2eb3a4ae11190ef4c8a9b9a9123234

          SHA1

          72e98687a8d28614e2131c300403c2822856e865

          SHA256

          8481a8ec19cb656ce328c877d5817d317203ba34424a2e9d169ddce5bf2cd2b0

          SHA512

          18b1a0637f48929972a463d441182307725ebf1410dd461a1966bd040ac5dcced138155b7c713bfc924ea2f7b39527a084a08b44fa24c3eb9c654871f99caabf

          Download Submit

        • \Users\Admin\AppData\Local\l0miSrx\perfmon.exe
          Filesize

          168KB

          MD5

          3eb98cff1c242167df5fdbc6441ce3c5

          SHA1

          730b27a1c92e8df1e60db5a6fc69ea1b24f68a69

          SHA256

          6d8d5a244bb5a23c95653853fec3d04d2bdd2df5cff8cffb9848bddeb6adb081

          SHA512

          f42be2a52d97fd1db2ed5a1a1a81a186a0aab41204980a103df33a4190632ba03f3cbb88fcea8da7ed9a5e15f60732d49a924b025fe6d3e623195ec1d37dfb35

          Download Submit

        • memory/1252-15-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-19-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-21-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-11-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-12-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-3-0x0000000077466000-0x0000000077467000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1252-16-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-14-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-13-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-17-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-18-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-24-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-28-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-36-0x0000000002860000-0x0000000002867000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1252-29-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-27-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-26-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-25-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-23-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-22-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-20-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-10-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-39-0x0000000077800000-0x0000000077802000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1252-38-0x00000000777D0000-0x00000000777D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1252-37-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-48-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-49-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-4-0x0000000002880000-0x0000000002881000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1252-9-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-8-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-84-0x0000000077466000-0x0000000077467000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1252-6-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1252-7-0x0000000140000000-0x00000001400CD000-memory.dmp

          Filesize

          820KB

          Download

        • memory/1808-101-0x000007FEF6760000-0x000007FEF682E000-memory.dmp

          Filesize

          824KB

          Download

        • memory/1808-104-0x000007FEF6760000-0x000007FEF682E000-memory.dmp

          Filesize

          824KB

          Download

        • memory/2296-82-0x000007FEF6190000-0x000007FEF625E000-memory.dmp

          Filesize

          824KB

          Download

        • memory/2296-85-0x0000000001C90000-0x0000000001C97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2296-87-0x000007FEF6190000-0x000007FEF625E000-memory.dmp

          Filesize

          824KB

          Download

        • memory/2324-57-0x000007FEF6D90000-0x000007FEF6E5D000-memory.dmp

          Filesize

          820KB

          Download

        • memory/2324-0-0x000007FEF6D90000-0x000007FEF6E5D000-memory.dmp

          Filesize

          820KB

          Download

        • memory/2324-2-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2772-70-0x000007FEF6DF0000-0x000007FEF6EBE000-memory.dmp

          Filesize

          824KB

          Download

        • memory/2772-67-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2772-65-0x000007FEF6DF0000-0x000007FEF6EBE000-memory.dmp

          Filesize

          824KB

          Download