Overview

overview

10

Static

static

3

dbfc91b3d6...88.dll

windows7-x64

10

dbfc91b3d6...88.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2024 16:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbfc91b3d66277b0c4c3ed7416f89b8e42ee567a6758596fccb112540ab7ab88.dll

  • Size

    944KB

  • MD5

    dc4b3d40467b02484bead9b93e12862a

  • SHA1

    2fa0d80d3ee72fbbe3a4c35c8ffc964f47449b4b

  • SHA256

    dbfc91b3d66277b0c4c3ed7416f89b8e42ee567a6758596fccb112540ab7ab88

  • SHA512

    de790f5c7fe3f32e19ea7eecc0d6fc0476d95dae957a06fa6b4a409c5f421a37d50d788787558d99496ad26590209bc226257bb9b0916dd6bbe0d03413c53286

  • SSDEEP

    12288:YPVKLvdxQPKSoVXxTaGcb68Uzx2TBeOWhZJpK8:YtKTrsKSKBTSb6DUXWq8

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dbfc91b3d66277b0c4c3ed7416f89b8e42ee567a6758596fccb112540ab7ab88.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2340
  • C:\Windows\system32\TpmInit.exe
    C:\Windows\system32\TpmInit.exe
    1⤵
      PID:2128
    • C:\Users\Admin\AppData\Local\vmCU\TpmInit.exe
      C:\Users\Admin\AppData\Local\vmCU\TpmInit.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      PID:1836
    • C:\Windows\system32\sethc.exe
      C:\Windows\system32\sethc.exe
      1⤵
        PID:2644
      • C:\Users\Admin\AppData\Local\ulwYI\sethc.exe
        C:\Users\Admin\AppData\Local\ulwYI\sethc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2700
      • C:\Windows\system32\SystemPropertiesHardware.exe
        C:\Windows\system32\SystemPropertiesHardware.exe
        1⤵
          PID:2016
        • C:\Users\Admin\AppData\Local\Dwn3x\SystemPropertiesHardware.exe
          C:\Users\Admin\AppData\Local\Dwn3x\SystemPropertiesHardware.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2000

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Dwn3x\SystemPropertiesHardware.exe
          Filesize

          80KB

          MD5

          c63d722641c417764247f683f9fb43be

          SHA1

          948ec61ebf241c4d80efca3efdfc33fe746e3b98

          SHA256

          4759296b421d60c80db0bb112a30425e04883900374602e13ed97f7c03a49df2

          SHA512

          7223d1c81a4785ed790ec2303d5d9d7ebcae9404d7bf173b3145e51202564de9977e94ac10ab80c6fe49b5f697af3ec70dfd922a891915e8951b5a1b5841c8be

          Download Submit

        • C:\Users\Admin\AppData\Local\ulwYI\OLEACC.dll
          Filesize

          948KB

          MD5

          f0c61f7c57a8655ecb0fdddc0984dcaf

          SHA1

          430ca70f9fada4447b6748ae7ad86fa848fa3781

          SHA256

          25d5bc3cbcb4a478c2b187e509ba8207b8cf45b04dbe0a783076f105b2350348

          SHA512

          ba8d6f8ae42322eb9723273876c98b7d50617988463b832168cba0d4bcf86ffb9c2f34808db1ab6a6a9c720167c581198a608e247464bdf48588b660f25b5a7f

          Download Submit

        • C:\Users\Admin\AppData\Local\vmCU\TpmInit.exe
          Filesize

          112KB

          MD5

          8b5eb38e08a678afa129e23129ca1e6d

          SHA1

          a27d30bb04f9fabdb5c92d5150661a75c5c7bc42

          SHA256

          4befa614e1b434b2f58c9e7ce947a946b1cf1834b219caeff42b3e36f22fd97c

          SHA512

          a7245cde299c68db85370ae1bdf32a26208e2cda1311afd06b0efd410664f36cafb62bf4b7ce058e203dcc515c45ebdef01543779ead864f3154175b7b36647d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Adlnwv.lnk
          Filesize

          1KB

          MD5

          7d7e1ef42b19aafa4ef2650aeeb15fef

          SHA1

          5d3d938acf45601c53be42addc5b1b185e3b1338

          SHA256

          3b677a6fd5cf908d596cebfd41dc51a8f55173bf410861353f3cfd09f4da9f94

          SHA512

          b4cfcbbba570d91e93f58b638696820386c1370a804da399e34eb4571b2cc26232271c388e36ce16b6e922aaff4a40ecd3fca59ecc615147d6f38b80f2207d30

          Download Submit

        • \Users\Admin\AppData\Local\Dwn3x\SYSDM.CPL
          Filesize

          948KB

          MD5

          94d06e983c0b4e9261b1e369b428ea8f

          SHA1

          e35967d37ba150274344186172908cd23e5d43c6

          SHA256

          6060317df9af82496fb67e759bd6b447843e28b324169fea2a52864db7c413a4

          SHA512

          cfeb81acd1b49df89406ecca411e10e876c050e5c0ab598ff6ae7db538165b45bdf18c8cdabd78a64aea8a2211734738a925a530919e94d5f6ab05ff8c046e02

          Download Submit

        • \Users\Admin\AppData\Local\ulwYI\sethc.exe
          Filesize

          272KB

          MD5

          3bcb70da9b5a2011e01e35ed29a3f3f3

          SHA1

          9daecb1ee5d7cbcf46ee154dd642fcd993723a9b

          SHA256

          dd94bf73f0e3652b76cfb774b419ceaa2082bc7f30cc34e28dfa51952fa9ccb5

          SHA512

          69d231132f488fd7033349f232db1207f88f1d5cb84f5422adf0dd5fb7b373dada8fdfac7760b8845e5aab00a7ae56f24d66bbb8aa70c3c8de6ec5c31982b4df

          Download Submit

        • \Users\Admin\AppData\Local\vmCU\ACTIVEDS.dll
          Filesize

          948KB

          MD5

          2ec69eb53069d1f6068fd3bbe4b74a93

          SHA1

          d7d832194f97f5f93b3dbfc7592514e9b7ee1f71

          SHA256

          e037494408e4e5110a60e7e80605e8b9452c320116156f75efba05f187689681

          SHA512

          9112d2657ee771180b650d8f37060b7c45d6c42bc0b189643ba6edad2d63d97d5593ddda2186f1d62f85dd246f7b44627ccdcbc58d154968d033ee4002d14ea9

          Download Submit

        • memory/1184-25-0x0000000076FA0000-0x0000000076FA2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1184-14-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-12-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-24-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-23-0x0000000002DE0000-0x0000000002DE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1184-13-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-10-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-8-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-7-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-3-0x0000000076D36000-0x0000000076D37000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-26-0x0000000076FD0000-0x0000000076FD2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1184-35-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-37-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-4-0x0000000002E00000-0x0000000002E01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-45-0x0000000076D36000-0x0000000076D37000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1184-11-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-6-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-15-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1184-9-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/1836-57-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1836-54-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1836-53-0x0000000000280000-0x0000000000287000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2000-90-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/2340-44-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/2340-2-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2340-0-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/2700-71-0x0000000001F20000-0x0000000001F27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2700-74-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download