Overview

overview

10

Static

static

3

525e592cad...40.dll

windows7-x64

10

525e592cad...40.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2024 07:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    525e592cad025c414c14cee1bcbaeb3a3be1cd42390fc21ce7ef34e028824a40.dll

  • Size

    1.3MB

  • MD5

    f84b2da4a842d7b705d104df3ff1dfac

  • SHA1

    bab36606ed69758eb3dc898583529bb0f6d3b46f

  • SHA256

    525e592cad025c414c14cee1bcbaeb3a3be1cd42390fc21ce7ef34e028824a40

  • SHA512

    c91d9c63d5e95a1f2413a7236fc1c70a6d406c9b498740eb0d0fd25d1a568a17bef6bffd1ef724e2a553ebfc6f330fbbeda92ae837191e2d6967154ba957a7e7

  • SSDEEP

    12288:xXBQ3fMQyWV0rbDxyBWZh2TvtgHoiemIKI1ydX7wmqzq3wkgJ:NB/Qn0rbD8UZUDtgIiemI51Mwtewkm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\525e592cad025c414c14cee1bcbaeb3a3be1cd42390fc21ce7ef34e028824a40.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4832
  • C:\Windows\system32\InfDefaultInstall.exe
    C:\Windows\system32\InfDefaultInstall.exe
    1⤵
      PID:3320
    • C:\Users\Admin\AppData\Local\t0PDs9mMS\InfDefaultInstall.exe
      C:\Users\Admin\AppData\Local\t0PDs9mMS\InfDefaultInstall.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1368
    • C:\Windows\system32\eudcedit.exe
      C:\Windows\system32\eudcedit.exe
      1⤵
        PID:1296
      • C:\Users\Admin\AppData\Local\JPQU0\eudcedit.exe
        C:\Users\Admin\AppData\Local\JPQU0\eudcedit.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1896
      • C:\Windows\system32\mblctr.exe
        C:\Windows\system32\mblctr.exe
        1⤵
          PID:3300
        • C:\Users\Admin\AppData\Local\DN3L0c\mblctr.exe
          C:\Users\Admin\AppData\Local\DN3L0c\mblctr.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1784

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\DN3L0c\WTSAPI32.dll
          Filesize

          1.3MB

          MD5

          e6b919dec1ded15907b80d273e2765f8

          SHA1

          2ac860f97fc7edf71e629c14af028f618d0fa98d

          SHA256

          787cc8eef104ef8d59387dabd4139b2816dc1159754113c914d6bc8a1337f092

          SHA512

          81615933573b98924e0a90cb06f0f42746804d3ccf4ff78001831b1d1c7e32ef2e368d0ac15511c8af2552870dbbb0e82ffcc31cba9e83daeee25dadae05a57f

          Download Submit

        • C:\Users\Admin\AppData\Local\DN3L0c\mblctr.exe
          Filesize

          790KB

          MD5

          d3db14eabb2679e08020bcd0c96fa9f6

          SHA1

          578dca7aad29409634064579d269e61e1f07d9dd

          SHA256

          3baa1dc0756ebb0c2c70a31be7147863d8d8ba056c1aa7f979307f8790d1ff69

          SHA512

          14dc895ae458ff0ca13d9c27aa5b4cfc906d338603d43389bb5f4429be593a587818855d1fe938f9ebebf46467fb0c1ab28247e8f9f5357098e8b822ecd8fffe

          Download Submit

        • C:\Users\Admin\AppData\Local\JPQU0\MFC42u.dll
          Filesize

          1.3MB

          MD5

          abfcd17d6c1953c0249047d15daf7125

          SHA1

          011a0feeac69a2fc696be4649b4105d0cb8ec300

          SHA256

          c9aa473071dfe307d6af7d8c7a5abc04e552ca0c0dc3c4cbc72acb22178a0f78

          SHA512

          28ff7cb006279fb33d3daa053af0e44889b7233f2beb6f0d3915390a038ffd913158336f2c272e77a4ae2ef5f6883ea7ef546876992d1a517c6dcd4f8cfe431f

          Download Submit

        • C:\Users\Admin\AppData\Local\JPQU0\eudcedit.exe
          Filesize

          365KB

          MD5

          a9de6557179d371938fbe52511b551ce

          SHA1

          def460b4028788ded82dc55c36cb0df28599fd5f

          SHA256

          83c8d1a7582b24b4bbc0d453c813487185c2b05c483bd1759ef647a7e7e92dfe

          SHA512

          5790cac8dae16a785b48f790e6645b137f211c1587fb64ea88e743b846ff3a886324afcfef4bebc61f869023b9a22ba925c461dfb2e12497b70f501e6b79153c

          Download Submit

        • C:\Users\Admin\AppData\Local\t0PDs9mMS\InfDefaultInstall.exe
          Filesize

          13KB

          MD5

          ee18876c1e5de583de7547075975120e

          SHA1

          f7fcb3d77da74deee25de9296a7c7335916504e3

          SHA256

          e59127b5fe82714956c7a1f10392a8673086a8e1f609e059935c7da1fa015a5d

          SHA512

          08bc4d28b8f528582c58175a74871dd33ac97955c3709c991779fc34b5ba4b2ba6ff40476d9f59345b61b0153fd932b0ea539431a67ff5012cb2ac8ab392f73c

          Download Submit

        • C:\Users\Admin\AppData\Local\t0PDs9mMS\newdev.dll
          Filesize

          1.3MB

          MD5

          6ee372d94b086050cf5b35a481fbb235

          SHA1

          97154838650450db0f52f9896181419a6177b38b

          SHA256

          b33c0bedc4836fd31b48365d880f061fd0be62523f95fa1b4b693425ca8ca26c

          SHA512

          a0b36553a40a5432282b4f33685851c0e011561b60c8bdcb521405801461b9869c3e1dbd6d837d7cba4ce55cd3fd54c5ec6b3db0f5849c393bcb1a51c83e020b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Zcgcwwxuxxxcbkn.lnk
          Filesize

          1KB

          MD5

          86749d24177ecc4e99d5e4d684f4d91d

          SHA1

          0164ebaba71e4f0c73f7406e6a4b03b19a764c39

          SHA256

          cba820ac354f8c7826b67261f54d4099da436a65d7cc3cc6718488119ded9255

          SHA512

          84f31ecd75689b7ba52c97f05ee7b9b1f40467d5834431131a3d52c0668bcff242a36f4f765341fb4a965fba68406eae11eca979e2a9f48591a3bde6443e2632

          Download Submit

        • memory/1368-55-0x00007FFDCCBF0000-0x00007FFDCCD3C000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1368-52-0x000002A6D9930000-0x000002A6D9937000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1368-50-0x00007FFDCCBF0000-0x00007FFDCCD3C000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1784-86-0x00007FFDCCBF0000-0x00007FFDCCD3C000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1896-71-0x00007FFDCCBE0000-0x00007FFDCCD32000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1896-68-0x0000026AC2140000-0x0000026AC2147000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1896-66-0x00007FFDCCBE0000-0x00007FFDCCD32000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-30-0x00007FFDDAD40000-0x00007FFDDAD50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3356-18-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-15-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-14-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-13-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-12-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-10-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-9-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-8-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-7-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-6-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-5-0x00007FFDD935A000-0x00007FFDD935B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3356-17-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-16-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-20-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-29-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-3-0x0000000002D40000-0x0000000002D41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3356-40-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-31-0x00007FFDDAD30000-0x00007FFDDAD40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3356-21-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-28-0x0000000000CF0000-0x0000000000CF7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3356-19-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/3356-11-0x0000000140000000-0x000000014014B000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4832-0-0x000001BA47BA0000-0x000001BA47BA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4832-43-0x00007FFDCCB90000-0x00007FFDCCCDB000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4832-1-0x00007FFDCCB90000-0x00007FFDCCCDB000-memory.dmp

          Filesize

          1.3MB

          Download