Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
17-09-2024 07:35
General
-
Target
NoThreatDetectedddc50ab4f6757dd5480e6aa78969bc0b5cd646742b59bd90855436618a44ebbdN.dll
-
Size
1.8MB
-
MD5
e14d296a8d3172360c2d73bd3baab2b0
-
SHA1
0898ae4f9a6926d308a1e24e7f7a2fab85580541
-
SHA256
ddc50ab4f6757dd5480e6aa78969bc0b5cd646742b59bd90855436618a44ebbd
-
SHA512
1874fce4ac65204917ba183d5eb10ae607f9403b3a878f1bc402c80b36959e2cc71fc49f8115710d1a76d07efa5e2bc39429d075d9b4c5c517121add23a23856
-
SSDEEP
12288:PxE0waBckFdlxVRZ1hcyknDb3PTdcGvnx10k2d2Y6q2mQpxVOa:ZZLVJxVHfcLnDTZcG/xmk2d2qZwq
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Dridex payload 10 IoCs
Detects Dridex x64 core DLL in memory.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NoThreatDetectedddc50ab4f6757dd5480e6aa78969bc0b5cd646742b59bd90855436618a44ebbdN.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4276,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=1044 /prefetch:81⤵
-
C:\Windows\system32\shrpubw.exeC:\Windows\system32\shrpubw.exe1⤵
-
C:\Users\Admin\AppData\Local\pmLzs3ra\shrpubw.exeC:\Users\Admin\AppData\Local\pmLzs3ra\shrpubw.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\ie4ushowIE.exeC:\Windows\system32\ie4ushowIE.exe1⤵
-
C:\Users\Admin\AppData\Local\CoNwJNWdy\ie4ushowIE.exeC:\Users\Admin\AppData\Local\CoNwJNWdy\ie4ushowIE.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\osk.exeC:\Windows\system32\osk.exe1⤵
-
C:\Users\Admin\AppData\Local\rWzWj\osk.exeC:\Users\Admin\AppData\Local\rWzWj\osk.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Accessibility Features
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD5bbf7689d58bda6298324b054cbe3a1cb
SHA179d00ba0e6aaa686e37b90affe3ef91c5eefda97
SHA2565a8c86eeac979ff79bc3dcdb4b50ffb88c4cbc31a5fa14e869125ff346e5ef87
SHA51234995b5567dca8d9e8b84b22c76e8072279e839290beb69376814b48aebb6bb9676eb944210b7789660dc38444295324691a0a5e9273d6b3c0a64a7baa778498
-
Filesize
76KB
MD59de952f476abab0cd62bfd81e20a3deb
SHA1109cc4467b78dad4b12a3225020ea590bccee3e6
SHA256e9cb6336359ac6f71ac75af2836efb28daa3bafd10a1f0b775dcdc2ec8850a6b
SHA5123cbe50a146ca50b0657a78a2d89a34630c69823005668906785b2d2015cc6139c8dbbf7aefa5fe55957ef55ae06e758933b3b41eaf822e49dba3b7700582e2c9
-
Filesize
1.8MB
MD571f1e90d6bbe943d01b46f2555da9bee
SHA11b1b7cf87084e7f4c126273ae0082387e93d04ae
SHA25615d5cf3d3d79a7ed7bc9a8c824eb483ee29d87de968cb9bbcf5d38785ea8ae35
SHA51264d2fddbe89d10011b2997bc2b2a226ea58d4aff9764d352c0cde70ffdc9bf225505cdc42a029cf9731b58ca75bd8aeb5908aee1d6f6e18e947c29ce3f3d79e3
-
Filesize
59KB
MD59910d5c62428ec5f92b04abf9428eec9
SHA105f27d7515e8ae1fa3bc974ec65b864ec4c9ac8b
SHA2566b84e6e55d8572d7edf0b6243d00abb651fcb0cddddac8461de5f9bb80035a2e
SHA51201be043f7ff879a683e53962eec58456ba200d6787ea66581bb62669ae65d5e58a5577cdf23441165f7a535fce1dec933e3ad2465c72172b4a1488b24ce722cb
-
Filesize
1.8MB
MD555e8af491b985585e914e31f209f5e0e
SHA15c55bc22204cf6c1a4f9687ee83b50ec63bfb989
SHA2561319142429f9abdc21db8b364d79f166e7638a1158f81f91f046797efca9f4db
SHA51297183d9deba516c5aab5e0c30bc352d09b9fee9fa0db067f4c1c79d24735642c9907bab3874c8fd6e01dbd36b3a747b6668392933c4127d40976664af63353f6
-
Filesize
638KB
MD5745f2df5beed97b8c751df83938cb418
SHA12f9fc33b1bf28e0f14fd75646a7b427ddbe14d25
SHA256f67ef6e31fa0eaed44bfbab5b908be06b56cbc7d5a16ab2a72334d91f2bb6a51
SHA5122125d021e6f45a81bd75c9129f4b098ad9aa15c25d270051f4da42458a9737bff44d6adf17aa1f2547715d159fb621829f7cd3b9d42f1521c919549cc7deb228
-
Filesize
1KB
MD58d82da2d8e3bb05949e661388421e3f9
SHA1e23cfbaba2d280f491680d5fdfd0658c4e676a7d
SHA256ff1bbd91d11275b481aa5781cfbdc13891159ea43068edea35ddfad1433992c2
SHA5129a20c2875e21631ce3011fc6f777780e93fb264fcb73d073c9de2c97f1e6f681d534e40ba6204f5091ba79a3ba311697f918f13ddfb463203b905e2a2ca59718
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
28KB
-
Filesize
1.8MB
-
Filesize
28KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
64KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
64KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
28KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
28KB