Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
30/08/2024, 21:15
General
-
Target
3d8aaef7ac5e11347cccaf0609c0a340N.dll
-
Size
892KB
-
MD5
3d8aaef7ac5e11347cccaf0609c0a340
-
SHA1
804e66f0e767d99513fee66120a02cf34c99c563
-
SHA256
f2d3547486c1256d9dee8136cb89334f3850dd225c50af407f9f6fb66745d997
-
SHA512
b2d86426d7e485d14dfa7ac9080ef36d8141e7e55d04aa11cc94a8238998e5c6cff80bc1644052d87e9a4ab542fd4feedf7e2b5a1b02558a4f21a4872b300dee
-
SSDEEP
12288:VGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve7:43JAvRl/fKQKCgFfx4P/va
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d8aaef7ac5e11347cccaf0609c0a340N.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\usocoreworker.exeC:\Windows\system32\usocoreworker.exe1⤵
-
C:\Users\Admin\AppData\Local\tX31cuk\usocoreworker.exeC:\Users\Admin\AppData\Local\tX31cuk\usocoreworker.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\mmc.exeC:\Windows\system32\mmc.exe1⤵
-
C:\Users\Admin\AppData\Local\5yl\mmc.exeC:\Users\Admin\AppData\Local\5yl\mmc.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4160,i,4356837537417149674,16553092232944545509,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:81⤵
-
C:\Windows\system32\DeviceEnroller.exeC:\Windows\system32\DeviceEnroller.exe1⤵
-
C:\Users\Admin\AppData\Local\Gn6Et\DeviceEnroller.exeC:\Users\Admin\AppData\Local\Gn6Et\DeviceEnroller.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
920KB
MD5f92ecfd87b90f95d53332dd9987a2644
SHA143c7118aa2da11b1518dfa9c558f937e95efd0b5
SHA25619039fca1b39d4c5cebe311809d60b7fb118ac60acbb19c228431a65ad4eddc6
SHA512d64665265d9b078541b9acd11832932025d188bf884b2f6e30e4d638cdb62b5d02ae5d490e751d78ebf0397591254f178f8228254d3de49543715ab97ea98759
-
Filesize
1.8MB
MD58c86b80518406f14a4952d67185032d6
SHA19269f1fbcf65fefbc88a2e239519c21efe0f6ba5
SHA256895eef1eda5700a425934ae3782d4741dfefb7deafa53891bde490150187b98a
SHA5121bbdaa3ae8b5716ad2bd517055533e286ddb8a6c23cbc7aa602143dbb1ae132b513088ab61527c49737c554269c51416cceb80206ac8128ac6b003f1864eb099
-
Filesize
448KB
MD5946d9474533f58d2613078fd14ca7473
SHA1c2620ac9522fa3702a6a03299b930d6044aa5e49
SHA256cf5f5fe084f172e9c435615c1dc6ae7d3bd8c5ec8ea290caa0627c2f392760cb
SHA5123653d41a0553ee63a43490f682c9b528651a6336f28adafc333d4d148577351122db8279ff83ee59bb0a9c17bb384e9f6c9c78677c8c5ed671a42036dec1f8c1
-
Filesize
896KB
MD52099352fbc69cec29d0c8b3e9a511217
SHA1f0090a99a80a0babfae3ba05d505341e00fd129b
SHA256571878b485264e2fbd4f305a2b6bbd243ed67a5de5343b217b929118b83d1511
SHA512dabe6836830cf7827c9b73d7022aa30ce09af1c5a44339f2d7d3dac547a77165b37e585e08b31bad669d16104f97f551f6cc8654b824b440065da8aa61c77189
-
Filesize
896KB
MD5da26e25594d9c381cb07cb034bba0906
SHA19c3c4d03f74162fa93b414fbee8ec94d83dcd3c3
SHA2568849d7238bd2f68087b68df0db27de416983300097db85d714e0539a4cffa5cd
SHA512b776e0e1337a432ad8c3bf3d12c09ba8767117d93bb1b02e5617a2e9b1fa86ccb05b8ceda56ef86463a74f183250b2b49de558700b3d0bb4ff2aafb6540163e8
-
Filesize
1.3MB
MD52c5efb321aa64af37dedc6383ce3198e
SHA1a06d7020dd43a57047a62bfb443091cd9de946ba
SHA2560fb6688a32340036f3eaab4a09a82dee533bfb2ca266c36f6142083134de6f0e
SHA5125448ea01b24af7444505bda80064849a2efcc459011d32879e021e836fd573c9b1b9d3b37291d3f53ff536c691ac13a545b12f318a16c8a367421986bbf002ed
-
Filesize
1016B
MD553d92be9c4cd15580c7a4098d94e91ea
SHA1ce3ff51c1f56d6da7ba200ca57eb513e342eb7ec
SHA25639cb300210f0aabe0ce0bda87474bf700bce78202fc3876f11108a3c2a1b57b3
SHA51266cf9f23f7f0c952b748477824bc9b32a336e12519ad428d7f937c747fa1d17ed3db70f86e9ab406d0d3dc40249742ab8f6cf3dcd20386b9e2e15e547e1d338d
-
Filesize
892KB
-
Filesize
28KB
-
Filesize
892KB
-
Filesize
920KB
-
Filesize
920KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
896KB
-
Filesize
896KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
4KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
28KB
-
Filesize
64KB
-
Filesize
892KB
-
Filesize
4KB
-
Filesize
896KB
-
Filesize
28KB