Overview

overview

10

Static

static

3

Trojan.Win...KN.dll

windows7-x64

10

Trojan.Win...KN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-09-2024 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trojan.Win64.Dridex.AKN.dll

  • Size

    988KB

  • MD5

    faa52775467027ecef5464835e81dca0

  • SHA1

    7828dca05863145a3010264642e76ed54db422c1

  • SHA256

    31876c7c1c30dead73141dc79176c60ed2c28448ff7b233196841eef03df891a

  • SHA512

    8a45ee106468a7d634cf38b33168df6716f1f9dee47b70dbabb6e2abb225dee19c6fec9c7788f7a460297db947df2c5dd123e6577446c01ec317270aea2a2d95

  • SSDEEP

    12288:rw4UXJosZXoyOBTHE0wGxk8LyYB8OpFpG0JrbEvSdYmZbvnMEfI:LUolBrtw4k8LL8OpFpG0JXHZrf

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 8 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Trojan.Win64.Dridex.AKN.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3936
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3364,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:8
    1⤵
      PID:3900
    • C:\Windows\system32\SystemPropertiesHardware.exe
      C:\Windows\system32\SystemPropertiesHardware.exe
      1⤵
        PID:64
      • C:\Users\Admin\AppData\Local\dnOigyJ\SystemPropertiesHardware.exe
        C:\Users\Admin\AppData\Local\dnOigyJ\SystemPropertiesHardware.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3508
      • C:\Windows\system32\MusNotifyIcon.exe
        C:\Windows\system32\MusNotifyIcon.exe
        1⤵
          PID:3924
        • C:\Users\Admin\AppData\Local\TLo4E9Vma\MusNotifyIcon.exe
          C:\Users\Admin\AppData\Local\TLo4E9Vma\MusNotifyIcon.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3248
        • C:\Windows\system32\ApplySettingsTemplateCatalog.exe
          C:\Windows\system32\ApplySettingsTemplateCatalog.exe
          1⤵
            PID:5104
          • C:\Users\Admin\AppData\Local\cLR\ApplySettingsTemplateCatalog.exe
            C:\Users\Admin\AppData\Local\cLR\ApplySettingsTemplateCatalog.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:4556

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\TLo4E9Vma\MusNotifyIcon.exe
            Filesize

            629KB

            MD5

            c54b1a69a21e03b83ebb0aeb3758b6f7

            SHA1

            b32ee7e5b813554c4b8e8f96f176570e0f6e8b6c

            SHA256

            ac3e12011b70144cc84539bbccacdfae35bd4ea3ee61b4a9fca5f082d044d8bf

            SHA512

            2680ab501ffe7d40fed28eb207d812880c8a71d71a29d59ba3da27c0bae98c74893e04807d93fba7b5e673c3e13a1ad21bfaab10bdb871d83349ff4e7c614b19

            Download Submit

          • C:\Users\Admin\AppData\Local\TLo4E9Vma\XmlLite.dll
            Filesize

            992KB

            MD5

            45a3e4f4cc6e3a5b5e345bdd5725a9af

            SHA1

            c136dc40abd8b1df29f3ad104b596396b692168b

            SHA256

            58b97d9a913fb1173e96c709c5a73e28fedeaa68f3c7da34b01c2e5a818f4ac3

            SHA512

            9ecc1fac48085fbaecb2362ef62ff06c7c18e3eb98378b0c5c8c571d79e52d5c87d63b4f6243f24bc888dcca4acf4ff3fec12815575a3b07a4653c268339a12c

            Download Submit

          • C:\Users\Admin\AppData\Local\cLR\ACTIVEDS.dll
            Filesize

            992KB

            MD5

            ebf624f9eab39ab36a8be63e261b1626

            SHA1

            d1fe57d8d80425f942f448721da55e4267973919

            SHA256

            321bdec2d15d284b3fe21c7e7fb432f16e7b01af174fff7122b3e628578e520e

            SHA512

            c9dbe90f3f897605296a02b93fa089837fba01647c19f5c639e17a389c0cd015e828a2492eeb5558c6517b210dac7822e2aa320efd2572a78a35fb8269a806f5

            Download Submit

          • C:\Users\Admin\AppData\Local\cLR\ApplySettingsTemplateCatalog.exe
            Filesize

            1.1MB

            MD5

            13af41b1c1c53c7360cd582a82ec2093

            SHA1

            7425f893d1245e351483ab4a20a5f59d114df4e1

            SHA256

            a462f29efaaa3c30411e76f32608a2ba5b7d21af3b9804e5dda99e342ba8c429

            SHA512

            c7c82acef623d964c520f1a458dbfe34099981de0b781fb56e14b1f82632e3a8437db6434e7c20988aa3b39efde47aab8d188e80845e841a13e74b079285706a

            Download Submit

          • C:\Users\Admin\AppData\Local\dnOigyJ\SYSDM.CPL
            Filesize

            992KB

            MD5

            82a37f7e9b5fdeda8fd2d9872dd09bbb

            SHA1

            df2f79d01fc7bab7e26568117023260f304c4500

            SHA256

            43a4668f6f3c9e854ec74ec11ad1734cd04a2426137a3b314bc15bb911258b73

            SHA512

            fd4d9da3673548fd26da1576f097d73ad99750efb2e9a16e1eaca8391680e0801859f9095c3c50456c23b976380e622cd7052b733e704d99258cff20a80f8df6

            Download Submit

          • C:\Users\Admin\AppData\Local\dnOigyJ\SystemPropertiesHardware.exe
            Filesize

            82KB

            MD5

            bf5bc0d70a936890d38d2510ee07a2cd

            SHA1

            69d5971fd264d8128f5633db9003afef5fad8f10

            SHA256

            c8ebd920399ebcf3ab72bd325b71a6b4c6119dfecea03f25059a920c4d32acc7

            SHA512

            0e129044777cbbf5ea995715159c50773c1818fc5e8faa5c827fd631b44c086b34dfdcbe174b105891ccc3882cc63a8664d189fb6a631d8f589de4e01a862f51

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Jmybglakcar.lnk
            Filesize

            1KB

            MD5

            c190aaf49f889385e39d73fb985a9216

            SHA1

            bd6b533dec12ac52dfd692b326c64c374af32230

            SHA256

            e6168e50e9d966800553be243c1b68cb1e93f405eeca7c367324076ea73a19e6

            SHA512

            2459411d3ede98d2080da9eb34a7044591b9a6ed1bca4b8456ec303b02523f9a2a2af5efdeae8a7d0e1657d8c8da1c1ce49d8896d5b7ebffcf36b3c6abffbf4a

            Download Submit

          • memory/3248-67-0x0000000140000000-0x00000001400F8000-memory.dmp

            Filesize

            992KB

            Download

          • memory/3248-62-0x000001AFE17B0000-0x000001AFE17B7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3460-9-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-15-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-25-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-13-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-12-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-11-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-10-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-3-0x00007FF8550EA000-0x00007FF8550EB000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3460-8-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-7-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-36-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-4-0x0000000002120000-0x0000000002121000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3460-27-0x00007FF856150000-0x00007FF856160000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3460-14-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-6-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3460-26-0x00007FF856160000-0x00007FF856170000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3460-24-0x00000000004E0000-0x00000000004E7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3460-16-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3508-51-0x0000000140000000-0x00000001400F8000-memory.dmp

            Filesize

            992KB

            Download

          • memory/3508-47-0x0000000140000000-0x00000001400F8000-memory.dmp

            Filesize

            992KB

            Download

          • memory/3508-46-0x00000206A5B40000-0x00000206A5B47000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3936-39-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/3936-0-0x0000020D641D0000-0x0000020D641D7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3936-1-0x0000000140000000-0x00000001400F7000-memory.dmp

            Filesize

            988KB

            Download

          • memory/4556-82-0x0000000140000000-0x00000001400F8000-memory.dmp

            Filesize

            992KB

            Download