Overview

overview

10

Static

static

3

3cc4b7ea1a...e8.dll

windows7-x64

10

3cc4b7ea1a...e8.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3cc4b7ea1abe6edba734f9be8de5a30d2486816545a6bbb6886b7138921bfde8.dll

  • Size

    1.7MB

  • MD5

    fe0231fafe84b0cc6597d9a92d2fb425

  • SHA1

    dd78e81942b70120c0549ef8c8f6bb86e672cbd3

  • SHA256

    3cc4b7ea1abe6edba734f9be8de5a30d2486816545a6bbb6886b7138921bfde8

  • SHA512

    761c15381e5fd2836f8b53f2ccc70f16066e06fb6c279fbfd039df17749a14fbbb9200f5014330574a5375253c46d5ab5219133393aee480839f925ecc877452

  • SSDEEP

    12288:VVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:MfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Drops startup file 6 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cc4b7ea1abe6edba734f9be8de5a30d2486816545a6bbb6886b7138921bfde8.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2776
  • C:\Windows\system32\dpapimig.exe
    C:\Windows\system32\dpapimig.exe
    1⤵
      PID:2760
    • C:\Users\Admin\AppData\Local\RPG\dpapimig.exe
      C:\Users\Admin\AppData\Local\RPG\dpapimig.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:852
    • C:\Windows\system32\spinstall.exe
      C:\Windows\system32\spinstall.exe
      1⤵
        PID:3048
      • C:\Users\Admin\AppData\Local\ZUpZLE\spinstall.exe
        C:\Users\Admin\AppData\Local\ZUpZLE\spinstall.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2260
      • C:\Windows\system32\FXSCOVER.exe
        C:\Windows\system32\FXSCOVER.exe
        1⤵
          PID:1404
        • C:\Users\Admin\AppData\Local\6sCu0DgCh\FXSCOVER.exe
          C:\Users\Admin\AppData\Local\6sCu0DgCh\FXSCOVER.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2476

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\6sCu0DgCh\MFC42u.dll
          Filesize

          1.7MB

          MD5

          3aa5d9a3fc668b167748474f33ad527e

          SHA1

          632ffa402d6412114913e165812ddcf219274509

          SHA256

          19f76891332cb64580382a3635d9106eeb5053ba4eb11c3ec21b5b3135f3fa6d

          SHA512

          9e0a2b2c7774592e4a463bc7cde3dc0095fe61fa8859bfb451d4f4b81901a0b90a754f396f5e7a76d7dcdeaa7fb208cf7de425ed00e20e67725c8ee01434053d

          Download Submit

        • C:\Users\Admin\AppData\Local\RPG\DUI70.dll
          Filesize

          1.9MB

          MD5

          91ae122106d4770d3d0751d995bb6c07

          SHA1

          e32f317da4f49c8c35e6adc4a0e2440014878e0a

          SHA256

          5b110f288ce8965e173f0e62183700ad3b1f104b8678e21589413204dcf1baef

          SHA512

          33619543b8e812d3a1961ca4f74d7fe46aadcc7887d20893c21b4022915c2a3e1e648e780c31823ed7bb384dd82467813894ed0c168e548de679b5ba8b878430

          Download Submit

        • C:\Users\Admin\AppData\Local\ZUpZLE\sqmapi.dll
          Filesize

          1.7MB

          MD5

          60bfa1e9e95a86d6da1e67fc31f61190

          SHA1

          8f260baf47deca4237c79b2b041db871f7313e06

          SHA256

          eeed5b6432c1ae0a5375d6aeb5c2994d7a0e599772298ed3a862eb174cf82c9c

          SHA512

          ec801f87ea618e2198ab9f0a49986e04dfeeb80c351b3ede18d458960d2573a2196912c669b98c69490f9a5c730908afe31b635fdbcccb8c7f78ac25726dcb0d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rinzzkcfiw.lnk
          Filesize

          1KB

          MD5

          d5f4b71aeb2dcd52469cd85fe4a7b4eb

          SHA1

          24dd049e38284624b25d1d0b04cc41ca33503bdd

          SHA256

          2ee9793cb452f925290559acd3dda774b6a98e873cf1d9f09f4040757e5b904d

          SHA512

          c5f6ab79d4fcfbbe9871f44f497e95aff9990eb283290dd46cb4de3c5fff68fc246e7f57e5efca8fe599f63a1168cadf763608be1f140cfb5e1eaeb29a301211

          Download Submit

        • \Users\Admin\AppData\Local\6sCu0DgCh\FXSCOVER.exe
          Filesize

          261KB

          MD5

          5e2c61be8e093dbfe7fc37585be42869

          SHA1

          ed46cda4ece3ef187b0cf29ca843a6c6735af6c0

          SHA256

          3d1719c1caa5d6b0358830a30713c43a9710fbf7bcedca20815be54d24aa9121

          SHA512

          90bf180c8f6e3d0286a19fcd4727f23925a39c90113db979e1b4bbf8f0491471ad26c877a6e2cf49638b14050d952a9ee02a3c1293129843ec6bba01bc325d0b

          Download Submit

        • \Users\Admin\AppData\Local\RPG\dpapimig.exe
          Filesize

          73KB

          MD5

          0e8b8abea4e23ddc9a70614f3f651303

          SHA1

          6d332ba4e7a78039f75b211845514ab35ab467b2

          SHA256

          66fc6b68e54b8840a38b4de980cc22aed21009afc1494a9cc68e892329f076a1

          SHA512

          4feded78f9b953472266693e0943030d00f82a5cc8559df60ae0479de281164155e19687afc67cba74d04bb9ad092f5c7732f2d2f9b06274ca2ae87dc2d4a6dc

          Download Submit

        • \Users\Admin\AppData\Local\ZUpZLE\spinstall.exe
          Filesize

          584KB

          MD5

          29c1d5b330b802efa1a8357373bc97fe

          SHA1

          90797aaa2c56fc2a667c74475996ea1841bc368f

          SHA256

          048bd22abf158346ab991a377cc6e9d2b20b4d73ccee7656c96a41f657e7be7f

          SHA512

          66f4f75a04340a1dd55dfdcc3ff1103ea34a55295f56c12e88d38d1a41e5be46b67c98bd66ac9f878ce79311773e374ed2bce4dd70e8bb5543e4ec1dd56625ee

          Download Submit

        • memory/852-74-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/852-75-0x0000000140000000-0x00000001401E0000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/852-69-0x0000000140000000-0x00000001401E0000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1300-31-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-11-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-32-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-4-0x0000000077956000-0x0000000077957000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1300-30-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-29-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-28-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-27-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-26-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-25-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-23-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-22-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-21-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-20-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-19-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-18-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-5-0x0000000002A50000-0x0000000002A51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1300-15-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-14-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-13-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-12-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-39-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-51-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-45-0x0000000077CC0000-0x0000000077CC2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1300-41-0x0000000077B61000-0x0000000077B62000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1300-55-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-57-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-61-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-40-0x0000000002A30000-0x0000000002A37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1300-24-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-8-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-9-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-7-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-17-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-10-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1300-98-0x0000000077956000-0x0000000077957000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2260-87-0x0000000000270000-0x0000000000277000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2260-93-0x0000000140000000-0x00000001401AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2260-88-0x0000000140000000-0x00000001401AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2476-106-0x0000000140000000-0x00000001401B3000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2476-111-0x0000000140000000-0x00000001401B3000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2776-16-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2776-1-0x0000000140000000-0x00000001401AC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2776-0-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download