Overview

overview

10

Static

static

3

NoThreatDe...fN.dll

windows7-x64

10

NoThreatDe...fN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NoThreatDetected-d2a9857b2a44d8a2cf5c90cb47040135626aaa7e4312cc91be2bc36c64edd08fN.dll

  • Size

    1.2MB

  • MD5

    4c701019b6ecf3b6447881b611b63ec0

  • SHA1

    38708fd32051761d67ae4eedfe9a3de15bee50fe

  • SHA256

    d2a9857b2a44d8a2cf5c90cb47040135626aaa7e4312cc91be2bc36c64edd08f

  • SHA512

    102b79e9ed116b503d106a44e3214354c0dd30b2c29d6be3d19df4236a5c7a5acb2238cb8268358ec216d2aa41f5ed33ccf96114834cea226b369f788268af06

  • SSDEEP

    12288:lxE0waBckFdlxVRZ1hcyknDb3PTdcGvnx10k2d2Y6q2mQpxU1:XZLVJxVHfcLnDTZcG/xmk2d2qZwy1

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\NoThreatDetected-d2a9857b2a44d8a2cf5c90cb47040135626aaa7e4312cc91be2bc36c64edd08fN.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3036
  • C:\Windows\system32\ProximityUxHost.exe
    C:\Windows\system32\ProximityUxHost.exe
    1⤵
      PID:2244
    • C:\Users\Admin\AppData\Local\8xT\ProximityUxHost.exe
      C:\Users\Admin\AppData\Local\8xT\ProximityUxHost.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4948
    • C:\Windows\system32\quickassist.exe
      C:\Windows\system32\quickassist.exe
      1⤵
        PID:4400
      • C:\Users\Admin\AppData\Local\ObBnq\quickassist.exe
        C:\Users\Admin\AppData\Local\ObBnq\quickassist.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4276
      • C:\Windows\system32\MusNotifyIcon.exe
        C:\Windows\system32\MusNotifyIcon.exe
        1⤵
          PID:3604
        • C:\Users\Admin\AppData\Local\Coseyi8y9\MusNotifyIcon.exe
          C:\Users\Admin\AppData\Local\Coseyi8y9\MusNotifyIcon.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1164

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\8xT\ProximityUxHost.exe
          Filesize

          263KB

          MD5

          9ea326415b83d77295c70a35feb75577

          SHA1

          f8fc6a4f7f97b242f35066f61d305e278155b8a8

          SHA256

          192bfde77bf280e48f92d1eceacdc7ec4bf31cda46f7d577c7d7c3ec3ac89d8f

          SHA512

          2b1943600f97abcd18778101e33eac00c2bd360a3eff62fef65f668a084d8fa38c3bbdedfc6c2b7e8410aa7c9c3df2734705dc502b4754259121adc9198c3692

          Download Submit

        • C:\Users\Admin\AppData\Local\8xT\WINMM.dll
          Filesize

          1.2MB

          MD5

          8322b7c9cd5812fed57f870abaa91663

          SHA1

          e181c9d2ea61b3b5ceae7ab5c71e13a82775777f

          SHA256

          424ca2d67af5bfa41d3999f4e6c94030fcf8a8871ccab4b2183603ebd5236941

          SHA512

          7cf715cd1377f7b0b95bb72a2eb00c8fd86ebff325d85d775b766f822b77e263313d560255cf708388a4ddfd2f2a44f027a66e11f794a376deab61b0dd4cc8b1

          Download Submit

        • C:\Users\Admin\AppData\Local\Coseyi8y9\MusNotifyIcon.exe
          Filesize

          629KB

          MD5

          c54b1a69a21e03b83ebb0aeb3758b6f7

          SHA1

          b32ee7e5b813554c4b8e8f96f176570e0f6e8b6c

          SHA256

          ac3e12011b70144cc84539bbccacdfae35bd4ea3ee61b4a9fca5f082d044d8bf

          SHA512

          2680ab501ffe7d40fed28eb207d812880c8a71d71a29d59ba3da27c0bae98c74893e04807d93fba7b5e673c3e13a1ad21bfaab10bdb871d83349ff4e7c614b19

          Download Submit

        • C:\Users\Admin\AppData\Local\Coseyi8y9\XmlLite.dll
          Filesize

          1.2MB

          MD5

          f1cbe57fcdb3176a39de95d3c78bd7f2

          SHA1

          0feeaea56349e9bb9dc7bdecf27558a2fb1d1491

          SHA256

          cdc416a435b9e999862e245e63a18a51dff2c8b6921b6995d987357cbde03ae5

          SHA512

          8e4c516143c4783c395765b0fb33b860d0da6be8b9a04c9828db4687c61ed719de87ec8a50a772fedee467d3f1226af48871d9ad6609280e0805236a62bc7cb4

          Download Submit

        • C:\Users\Admin\AppData\Local\ObBnq\UxTheme.dll
          Filesize

          1.2MB

          MD5

          c8e2534ed632df4b79f916b993d4d24b

          SHA1

          0b5991d1bd0cfc4ec7ac5ad224821431163e92d8

          SHA256

          3f68ca70a6a7b83d29e6d4fcc3d5d07fa906ae34a75b66796329a5b9d86e4a4f

          SHA512

          0bc06403d52ece5a44466f8573b874998a37385ddad88fa73e15b1bbef1abe90b47ede7517f2a1ba08cd1e737457bdb966cc63c8d8b1f99c8d200f36f5a504c0

          Download Submit

        • C:\Users\Admin\AppData\Local\ObBnq\quickassist.exe
          Filesize

          665KB

          MD5

          d1216f9b9a64fd943539cc2b0ddfa439

          SHA1

          6fad9aeb7780bdfd88a9a5a73b35b3e843605e6c

          SHA256

          c1e8fda00da574e8759ba262d76b6edc1d5f4a80620730ef0be7527e0d803db2

          SHA512

          c5fd7d81d1d478056fcbed0ba887ce551832f0104e7c31753c3c8760b4d63f38324f74e996684042acc8f9682fce8a8c85172741a868257e87d5e0f988c4e567

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ppmzgvduo.lnk
          Filesize

          1KB

          MD5

          a7e79af3004463f26cbd929aeb5b2de7

          SHA1

          b878f406c34694e05cb64faeafba641117597229

          SHA256

          8e0206b1a0eb37ea53d790f5460c4fc9d9559ace1e56ad3a2f5d74b660c54f04

          SHA512

          325505ba030bdeb379ec355233533227fa67f6469d403c933a486fc75dcba69014f3bf355b5aa48f39efa08e71e3ec98c6795f4d7d470d4fb95be7c0593f46da

          Download Submit

        • memory/1164-89-0x00007FFF40D20000-0x00007FFF40E59000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1164-85-0x00007FFF40D20000-0x00007FFF40E59000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3036-0-0x00000251548E0000-0x00000251548E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3036-2-0x00007FFF44890000-0x00007FFF449C8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3036-47-0x00007FFF44890000-0x00007FFF449C8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-15-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-33-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-13-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-12-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-10-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-9-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-8-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-7-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-25-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-21-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-16-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-11-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-6-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-35-0x00007FFF52F70000-0x00007FFF52F80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3452-34-0x00007FFF52F80000-0x00007FFF52F90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3452-14-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-44-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-17-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-19-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-20-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-5-0x00007FFF525FA000-0x00007FFF525FB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3452-3-0x00000000026B0000-0x00000000026B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3452-18-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-23-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-32-0x0000000002690000-0x0000000002697000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3452-22-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-24-0x0000000140000000-0x0000000140138000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4276-74-0x00007FFF358B0000-0x00007FFF359E9000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4276-70-0x00007FFF358B0000-0x00007FFF359E9000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4948-59-0x00007FFF35700000-0x00007FFF3583A000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4948-54-0x00007FFF35700000-0x00007FFF3583A000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4948-56-0x0000028D1CB60000-0x0000028D1CB67000-memory.dmp

          Filesize

          28KB

          Download