Overview

overview

10

Static

static

3

7c3a8e39ca...0N.dll

windows7-x64

10

7c3a8e39ca...0N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13-08-2024 05:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c3a8e39caaba9e165b6efabcc252390N.dll

  • Size

    1.2MB

  • MD5

    7c3a8e39caaba9e165b6efabcc252390

  • SHA1

    60d37686a60274736af35b4c2b925d02fe78b551

  • SHA256

    95e951126f8b7bbc7efe78abad5a9d6db1a53675843cb48847377b8cbfbdc67f

  • SHA512

    e08a4c05041bbc83772e31d472547ee0ddb0c246e9eaa271952d40410cc8a573b920e7d1375d6708598a3b7ca9846b152466d4451bc16a3555ea36c84679f66d

  • SSDEEP

    12288:mZgJtlQepQn+NDo7nIgegQCLDF/B9wvj/cLvVZFuw:mZK6F7nVeRmDFJivohZFV

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c3a8e39caaba9e165b6efabcc252390N.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2696
  • C:\Windows\system32\RDVGHelper.exe
    C:\Windows\system32\RDVGHelper.exe
    1⤵
      PID:2748
    • C:\Users\Admin\AppData\Local\EKVqX\RDVGHelper.exe
      C:\Users\Admin\AppData\Local\EKVqX\RDVGHelper.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      PID:1684
    • C:\Windows\system32\SystemPropertiesComputerName.exe
      C:\Windows\system32\SystemPropertiesComputerName.exe
      1⤵
        PID:1620
      • C:\Users\Admin\AppData\Local\XHt\SystemPropertiesComputerName.exe
        C:\Users\Admin\AppData\Local\XHt\SystemPropertiesComputerName.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Suspicious behavior: EnumeratesProcesses
        PID:688
      • C:\Windows\system32\rstrui.exe
        C:\Windows\system32\rstrui.exe
        1⤵
          PID:2824
        • C:\Users\Admin\AppData\Local\8Q7IL4sp\rstrui.exe
          C:\Users\Admin\AppData\Local\8Q7IL4sp\rstrui.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1036

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\8Q7IL4sp\SPP.dll
          Filesize

          1.2MB

          MD5

          477623f520eae87fea2ec6b3bca368cf

          SHA1

          b46265f7fe521632d492d6dd386c22f157312ee0

          SHA256

          afbca36295a67a411bbdeb6c7ec78ca8a7ae9dbe429d6bc1e3d1a0d9eac25a1f

          SHA512

          8ed6b5b67d0b6032bc6497cae99756c970b7f24109423beffa5d27146247cce67c066faa10f336f39c07d542ac2450911513519048aa362a8a0e7011985f3492

          Download Submit

        • C:\Users\Admin\AppData\Local\EKVqX\RDVGHelper.exe
          Filesize

          93KB

          MD5

          53fda4af81e7c4895357a50e848b7cfe

          SHA1

          01fb2d0210f1c47aaf684e31a9fb78f89bba9c0f

          SHA256

          62ab8c2c5b5bd84fd07e96b6a3b87a4ea56946107ed9b7f8076580ae1fefd038

          SHA512

          dbbda90a57d27160c5a3a5e4e94cfc43b1663fcbfe424fdec851e52356f61492bdcf677c46be8aa4e8ccc8be7c389b6aa7bbbce8447e1fae32f03e5e409f4051

          Download Submit

        • C:\Users\Admin\AppData\Local\XHt\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          593fef5814bf41c18fb16f25fd32ef93

          SHA1

          dde910bdb3d180e35d89204235c45a0884b84a66

          SHA256

          23aff0e00854cb23e95f00d83237357dee740bfb7fdee0a07d6522f465bb7d07

          SHA512

          ab96d854ef13677c255911d8be67a63fc0cd4f94c31c5646b95830901ff7ae619b7e3de72607678f1a1ada3cd357d652f8407a97c43eaa8e814821361b35dfa1

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ygxjfqh.lnk
          Filesize

          899B

          MD5

          2e55162794be907f0d94ff83b623f85a

          SHA1

          47f80c811df98c179fd487c26dac46bbd733381b

          SHA256

          a0625cd8315f435c8056e641a586808ccebee614baf381496e159428b846cce4

          SHA512

          d31c2df12ae2e88cc765b8323126ab635d7e7d49d9bac9b2e59a27d2e5fc5c068f251815ba34ff262c47ea967ef5e1a6ec5b529ca2ce17f28a7d5db67e5086e3

          Download Submit

        • \Users\Admin\AppData\Local\8Q7IL4sp\rstrui.exe
          Filesize

          290KB

          MD5

          3db5a1eace7f3049ecc49fa64461e254

          SHA1

          7dc64e4f75741b93804cbae365e10dc70592c6a9

          SHA256

          ba8387d4543b8b11e2202919b9608ee614753fe77f967aad9906702841658b49

          SHA512

          ea81e3233e382f1cf2938785c9ded7c8fbbf11a6a6f5cf4323e3211ae66dad4a2c597cb589ff11f9eae79516043aba77d4b24bfa6eb0aa045d405aabdea4a025

          Download Submit

        • \Users\Admin\AppData\Local\EKVqX\WTSAPI32.dll
          Filesize

          1.2MB

          MD5

          9da91652e10f45dd8a865394dd0156dd

          SHA1

          184fca5e26d296c3ca4d0cc4b0c7e95d72495195

          SHA256

          4adf7bc79b81388145ce6dd3e91eadd7efcd190b30950a37f3bfcfd15125ab74

          SHA512

          e6b6a2cd65e8f3db918ac47cd4e0a6ba11e09eb58a348dc8f323711d687aa153864097e90011e35fa08cefba35de96c4d903c049b084896b0bed8446c7d46cc5

          Download Submit

        • \Users\Admin\AppData\Local\XHt\SystemPropertiesComputerName.exe
          Filesize

          80KB

          MD5

          bd889683916aa93e84e1a75802918acf

          SHA1

          5ee66571359178613a4256a7470c2c3e6dd93cfa

          SHA256

          0e22894595891a9ff9706e03b3db31a751541c4a773f82420fce57237d6c47cf

          SHA512

          9d76de848b319f44657fb7fbe5a3b927774ae999362ff811a199002ffa77ad9e1638a65a271388e605ab5e5a7cb6ce5aa7fcabc3ed583ade00eaa4c265552026

          Download Submit

        • memory/688-93-0x000007FEF65D0000-0x000007FEF670F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/688-90-0x0000000000020000-0x0000000000027000-memory.dmp

          Filesize

          28KB

          Download

        • memory/688-87-0x000007FEF65D0000-0x000007FEF670F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1036-112-0x000007FEF65D0000-0x000007FEF670F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1036-105-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1212-29-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-21-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-5-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-40-0x0000000002AB0000-0x0000000002AB7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1212-60-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-55-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-51-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-44-0x0000000077640000-0x0000000077642000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1212-43-0x00000000774E1000-0x00000000774E2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-39-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-33-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-32-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-31-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-30-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-4-0x00000000772D6000-0x00000000772D7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-28-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-27-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-26-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-25-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-23-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-22-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-8-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-20-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-19-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-18-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-17-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-15-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-109-0x00000000772D6000-0x00000000772D7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-13-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-14-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-9-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-24-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-10-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-12-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-7-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1212-16-0x0000000140000000-0x000000014013E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1684-75-0x000007FEF6BF0000-0x000007FEF6D2F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1684-69-0x000007FEF6BF0000-0x000007FEF6D2F000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1684-72-0x00000000000E0000-0x00000000000E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2696-0-0x000007FEF65D0000-0x000007FEF670E000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2696-3-0x0000000000330000-0x0000000000337000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2696-11-0x000007FEF65D0000-0x000007FEF670E000-memory.dmp

          Filesize

          1.2MB

          Download