Overview

overview

10

Static

static

3

2c95150a2a...eN.dll

windows7-x64

10

2c95150a2a...eN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c95150a2a42eb2f3393614566c343be1775ec323f2e468cef069e91a6feb7deN.dll

  • Size

    1.2MB

  • MD5

    19bc6fec7b7314abf0768d9d7164a4d0

  • SHA1

    36c9ef09c516d62c1b1bc07062764c7cf4619e43

  • SHA256

    2c95150a2a42eb2f3393614566c343be1775ec323f2e468cef069e91a6feb7de

  • SHA512

    0f229a6c8546871b01e8ebb60720bc037a4d31bab95d49d843afdbc45d532f201fe0406550f74cc900eb8b3eadbcd2a0024529a2c223147f346f52c4b663b8ac

  • SSDEEP

    12288:qxE0waBckFdlxVRZ1hcyknDb3PTdcGvnx10k2d2Y6q2mQpx:aZLVJxVHfcLnDTZcG/xmk2d2qZw

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c95150a2a42eb2f3393614566c343be1775ec323f2e468cef069e91a6feb7deN.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3032
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3932,i,4356837537417149674,16553092232944545509,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:8
    1⤵
      PID:2504
    • C:\Windows\system32\dpapimig.exe
      C:\Windows\system32\dpapimig.exe
      1⤵
        PID:3952
      • C:\Users\Admin\AppData\Local\cpyW2B\dpapimig.exe
        C:\Users\Admin\AppData\Local\cpyW2B\dpapimig.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4928
      • C:\Windows\system32\perfmon.exe
        C:\Windows\system32\perfmon.exe
        1⤵
          PID:1436
        • C:\Users\Admin\AppData\Local\FpeN3Uod\perfmon.exe
          C:\Users\Admin\AppData\Local\FpeN3Uod\perfmon.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3328
        • C:\Windows\system32\FXSCOVER.exe
          C:\Windows\system32\FXSCOVER.exe
          1⤵
            PID:2200
          • C:\Users\Admin\AppData\Local\1rv9Nc\FXSCOVER.exe
            C:\Users\Admin\AppData\Local\1rv9Nc\FXSCOVER.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:1144

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\1rv9Nc\FXSCOVER.exe
            Filesize

            242KB

            MD5

            5769f78d00f22f76a4193dc720d0b2bd

            SHA1

            d62b6cab057e88737cba43fe9b0c6d11a28b53e8

            SHA256

            40e8e6dabfa1485b11cdccf220eb86eeaa8256e99e344cf2b2098d4cdb788a31

            SHA512

            b4b3448a2635b21690c71254d964832e89bf947f7a0d32e79dcc84730f11d4afb4149a810a768878e52f88fc8baec45f1a2fec8e22c5301e9f39fe4fc6a57e3f

            Download Submit

          • C:\Users\Admin\AppData\Local\1rv9Nc\MFC42u.dll
            Filesize

            1.2MB

            MD5

            33df89df1d35dc77f92cf581dee1f88e

            SHA1

            f4fb7c13fbf8a7bb6775d712156072178d427564

            SHA256

            8bd16a3271471dec1fbfd35c58b50ce7713fa3a0ef8a2ab0b7c3f0b62646bb37

            SHA512

            c71321f142e000915c715861a8749f73ab3cf9b63cbf99d9677cdc1fbede1c6518ab5b4122802c0827b1a4bbfd17e741590325326c7513dccd42db309d57b9ec

            Download Submit

          • C:\Users\Admin\AppData\Local\FpeN3Uod\credui.dll
            Filesize

            1.2MB

            MD5

            f920fa13fb2506aa7381144b1c71c435

            SHA1

            e8ab03e894f3e83ef9e77549cc3eed6202321a40

            SHA256

            4b7956d0639bb04dfa51ca2e2f550523cc4c1b7e62e680dfbd87610ed13e00a2

            SHA512

            2ad357e3a5a585cb1371e1d05b4a1d12b59603c310037c97ea68f5edcb56a48e5fc751085ee0b4a4ba8492b73a24f545927c557a52f8af83190c04c079a3e20e

            Download Submit

          • C:\Users\Admin\AppData\Local\FpeN3Uod\perfmon.exe
            Filesize

            177KB

            MD5

            d38aa59c3bea5456bd6f95c73ad3c964

            SHA1

            40170eab389a6ba35e949f9c92962646a302d9ef

            SHA256

            5f041cff346fb37e5c5c9dab3c1272c76f8b5f579205170e97d2248d04a4ea0c

            SHA512

            59fa552a46e5d6237c7244b03d09d60e9489217b4319a212e822c73fe1f31a81837cb906ae7da92072bd3d9263fe0b967e073110ba81da3a90126f25115fff68

            Download Submit

          • C:\Users\Admin\AppData\Local\cpyW2B\DUI70.dll
            Filesize

            1.5MB

            MD5

            4fe27af07f365ab310c64a3ac97a7a38

            SHA1

            a2f08750563bef40106ad69c969cea404be560f5

            SHA256

            721c14f8dfb51882bffb789a4fba8dfe80478da0ee67c377919b7ff79e2b7533

            SHA512

            51a5cfcd999aa0a40a0c1285c08abcff6670795a3844ba8bf976ca9a69e095c54bccc4530521d5e77538af5dbc149a0fc505dabb8e2d0e5395507aecbf34205f

            Download Submit

          • C:\Users\Admin\AppData\Local\cpyW2B\dpapimig.exe
            Filesize

            76KB

            MD5

            b6d6477a0c90a81624c6a8548026b4d0

            SHA1

            e6eac6941d27f76bbd306c2938c0a962dbf1ced1

            SHA256

            a8147d08b82609c72d588a0a604cd3c1f2076befcc719d282c7cbd6525ae89eb

            SHA512

            72ec8b79e3438f0f981129a323ad39db84df7dd14a796a820bdbc74ea8fa13eee843d1ea030a0c1caeda2e2d69952f14a821a73825b38dd9415047aca597b1fe

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Jmybglakcar.lnk
            Filesize

            1KB

            MD5

            2b33be6f70dd633d9a2e5aa92befb443

            SHA1

            5abcfcf4e07399f350d03f92b15a9459a0d3c5c3

            SHA256

            8212131754a9b517ce3b0edbe0e42217e7d080f461794085bb0c15c44d98004d

            SHA512

            e6a8cef222213ca4f840382d2e37ee2d4a568c496d34ce4ca9b714e49b76766ba3e400f57f5077f039c2bd84b90545e2cebe91cf8e453f815bf32f87721f3ebb

            Download Submit

          • memory/1144-91-0x00007FFAC74B0000-0x00007FFAC75F0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1144-87-0x00007FFAC74B0000-0x00007FFAC75F0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3032-1-0x00007FFAD7030000-0x00007FFAD7169000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3032-0-0x0000027CEA5D0000-0x0000027CEA5D7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3032-48-0x00007FFAD7030000-0x00007FFAD7169000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3328-72-0x00007FFAC74B0000-0x00007FFAC75EA000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3328-73-0x0000019AFD580000-0x0000019AFD587000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3328-76-0x00007FFAC74B0000-0x00007FFAC75EA000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-12-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-20-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-17-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-16-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-15-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-14-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-13-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-19-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-11-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-10-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-9-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-8-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-7-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-26-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-6-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-18-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-21-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-22-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-3-0x00007FFAE5C5A000-0x00007FFAE5C5B000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3412-4-0x0000000003290000-0x0000000003291000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3412-23-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-34-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-35-0x00007FFAE6120000-0x00007FFAE6130000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3412-45-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-36-0x00007FFAE6110000-0x00007FFAE6120000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3412-25-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3412-33-0x00000000014F0000-0x00000000014F7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3412-24-0x0000000140000000-0x0000000140139000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4928-58-0x00007FFAC7470000-0x00007FFAC75EF000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/4928-57-0x00000288B0D60000-0x00000288B0D67000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4928-55-0x00007FFAC7470000-0x00007FFAC75EF000-memory.dmp

            Filesize

            1.5MB

            Download