Overview

overview

10

Static

static

3

b9ecfcc555...fN.dll

windows7-x64

10

b9ecfcc555...fN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-09-2024 12:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9ecfcc555b3841fc24b5cb6c4a867e272ccfd9ab3e847dcea0a33f7da5de2cfN.dll

  • Size

    1.1MB

  • MD5

    a963e5563d9df9750d85194fad36f820

  • SHA1

    c9915fb3d1a2e116afdd1f72f4c33c24943c5978

  • SHA256

    b9ecfcc555b3841fc24b5cb6c4a867e272ccfd9ab3e847dcea0a33f7da5de2cf

  • SHA512

    b70b0d7dd65c59acf9609991bc3853926d06c557102a1a803007de42ce2efbc9291f587f1eac7ca91ab23b1f84be44f4403760397071406608bd349a17ee8eeb

  • SSDEEP

    12288:IGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve77:Z3JAvRl/fKQKCgFfx4P/va7

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 5 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9ecfcc555b3841fc24b5cb6c4a867e272ccfd9ab3e847dcea0a33f7da5de2cfN.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:4936
  • C:\Windows\system32\mstsc.exe
    C:\Windows\system32\mstsc.exe
    1⤵
      PID:2844
    • C:\Users\Admin\AppData\Local\89q7UvDh\mstsc.exe
      C:\Users\Admin\AppData\Local\89q7UvDh\mstsc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2416
    • C:\Windows\system32\DevicePairingWizard.exe
      C:\Windows\system32\DevicePairingWizard.exe
      1⤵
        PID:4756
      • C:\Users\Admin\AppData\Local\09Ggx\DevicePairingWizard.exe
        C:\Users\Admin\AppData\Local\09Ggx\DevicePairingWizard.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Suspicious behavior: GetForegroundWindowSpam
        PID:2472
      • C:\Windows\system32\dpapimig.exe
        C:\Windows\system32\dpapimig.exe
        1⤵
          PID:3488
        • C:\Users\Admin\AppData\Local\6OxDy4\dpapimig.exe
          C:\Users\Admin\AppData\Local\6OxDy4\dpapimig.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          • Suspicious behavior: GetForegroundWindowSpam
          PID:3432

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\09Ggx\DevicePairingWizard.exe
          Filesize

          93KB

          MD5

          d0e40a5a0c7dad2d6e5040d7fbc37533

          SHA1

          b0eabbd37a97a1abcd90bd56394f5c45585699eb

          SHA256

          2adaf3a5d3fde149626e3fef0e943c7029a135c04688acf357b2d8d04c81981b

          SHA512

          1191c2efcadd53b74d085612025c44b6cd54dd69493632950e30ada650d5ed79e3468c138f389cd3bc21ea103059a63eb38d9d919a62d932a38830c93f57731f

          Download Submit

        • C:\Users\Admin\AppData\Local\09Ggx\MFC42u.dll
          Filesize

          1.2MB

          MD5

          9de1e39dce5da4573a1cab8ce03d38b5

          SHA1

          ae4643f4c5e235c3aefd6980b59b67d71dd5f358

          SHA256

          dc4e6d0803257575131cc0453ed3f556c1ada3a16ee76ecdfe4781ce51563565

          SHA512

          13db648256313a930c97c6ecf568022db9c40c052a109fb18a58042e097b373c74bb0c81f3963f823b62c49dfbc78d5445dd7e396bd95b1bbb7a6a310aaaf6dc

          Download Submit

        • C:\Users\Admin\AppData\Local\6OxDy4\DUI70.dll
          Filesize

          1.4MB

          MD5

          0414d2cf8316db1c8cbcf15b15c728bf

          SHA1

          f5eeefa64d42d0789b9bd99b50fcde642a8a56f9

          SHA256

          62ec07d42c0c03b44d31458019938fc6f757104289bd1da0ce5fd76c6a7c2e10

          SHA512

          3403d8dadd9965eb6521444c45eac3d25932b99c1d8b4dbf40356624d1127d94b26c4226e3367d14771cbd389306b24ffa159d4f47b5a3bfc4312b5d6e319d1b

          Download Submit

        • C:\Users\Admin\AppData\Local\6OxDy4\dpapimig.exe
          Filesize

          76KB

          MD5

          b6d6477a0c90a81624c6a8548026b4d0

          SHA1

          e6eac6941d27f76bbd306c2938c0a962dbf1ced1

          SHA256

          a8147d08b82609c72d588a0a604cd3c1f2076befcc719d282c7cbd6525ae89eb

          SHA512

          72ec8b79e3438f0f981129a323ad39db84df7dd14a796a820bdbc74ea8fa13eee843d1ea030a0c1caeda2e2d69952f14a821a73825b38dd9415047aca597b1fe

          Download Submit

        • C:\Users\Admin\AppData\Local\89q7UvDh\VERSION.dll
          Filesize

          1.1MB

          MD5

          1369df7d2fce79daa798c4dd86d45206

          SHA1

          508cfcce56a99cd851677234f38ab955944b1ea7

          SHA256

          d9b49932eb6b188afe17b5e539ec3c5970747e441e99ba84f52dc3d1f58d8484

          SHA512

          d75ee0581de3aa47983dcd34ac4e4b1d50099bda73a3d138ad65375c68e27bc4dcd8301d71f57b7a8e43189728c17928d11d36fa34463857bee2b7bf7274acc9

          Download Submit

        • C:\Users\Admin\AppData\Local\89q7UvDh\mstsc.exe
          Filesize

          1.5MB

          MD5

          3a26640414cee37ff5b36154b1a0b261

          SHA1

          e0c28b5fdf53a202a7543b67bbc97214bad490ed

          SHA256

          1d1b6b2edac7ac6494c9eecda3afb804f679d7190f4d1a80929380e85743823f

          SHA512

          76fc70ead57ddacd3dbcec1a4772bd46924d30b30018a36b13052d2f7272cc86b63bf85d5e4ec04aac08630d4b2637ca6e7d35c08ce6b675d63ed011f7d95ba2

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Wyfsbgf.lnk
          Filesize

          1KB

          MD5

          070528b4b7ac7262fa442705d3911346

          SHA1

          8ab9352be17aad417de4831e1ce5a65b0272010a

          SHA256

          96b74970d4e3d6b310853ffa30fc7169227df012b72d1425674d56082c0b1c07

          SHA512

          ff6d3f44fe3d7a79266fad273c61988ce3b987a817e4f4f06b3b1efaf63d56880801d3b615e5b5519b4859ccecb2097a5b5df6d60f30587d4b4a4c554aad1e4e

          Download Submit

        • memory/2416-57-0x0000000140000000-0x0000000140126000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2416-63-0x0000000140000000-0x0000000140126000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2416-62-0x000001DE9A240000-0x000001DE9A247000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2472-80-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2472-74-0x0000000140000000-0x000000014012C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2472-77-0x0000024418B10000-0x0000024418B17000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3432-91-0x00000204337D0000-0x00000204337D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3432-92-0x0000000140000000-0x000000014016B000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3432-97-0x0000000140000000-0x000000014016B000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3476-21-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-11-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-26-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-24-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-23-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-22-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-5-0x0000000002D80000-0x0000000002D81000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3476-20-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-19-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-4-0x00007FF97817A000-0x00007FF97817B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3476-17-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-16-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-15-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-14-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-12-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-27-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-10-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-9-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-8-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-25-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-35-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-44-0x00000000026B0000-0x00000000026B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3476-45-0x00007FF9789A0000-0x00007FF9789B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3476-46-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-48-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-28-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-13-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3476-7-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4936-18-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4936-0-0x000001ACE28A0000-0x000001ACE28A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4936-1-0x0000000140000000-0x0000000140125000-memory.dmp

          Filesize

          1.1MB

          Download