Overview

overview

10

Static

static

3

8348572110...0d.dll

windows7-x64

10

8348572110...0d.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2024 07:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8348572110a99fe14e9b92ed34dfd3b5ae924110a02d9baed3061a23955c310d.dll

  • Size

    1.1MB

  • MD5

    d21a8a43c577339b6a431daa03dfe6c1

  • SHA1

    010199366ab7b43d93df5e690e72c8e62b2efd99

  • SHA256

    8348572110a99fe14e9b92ed34dfd3b5ae924110a02d9baed3061a23955c310d

  • SHA512

    d73918a13b8705d3b37eb2adf36eb11c1243517d8aee3b479d2bb00bd4bf96001f6f8b006ab1db6221e2082b02ed14545ece1e7cbbf8d773eb0083caba4e0b4e

  • SSDEEP

    12288:hkMZ+g4TyilMqFvPIV93i/S0hzmOBt5nihfSxI/mhjEvqJ0D/eAQsroXAkH64C:hkMZ+gf4ltGd8H1fYO0q2G1Ah

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 8 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8348572110a99fe14e9b92ed34dfd3b5ae924110a02d9baed3061a23955c310d.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1968
  • C:\Windows\system32\CloudNotifications.exe
    C:\Windows\system32\CloudNotifications.exe
    1⤵
      PID:2060
    • C:\Users\Admin\AppData\Local\06W\CloudNotifications.exe
      C:\Users\Admin\AppData\Local\06W\CloudNotifications.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1980
    • C:\Windows\system32\SystemPropertiesHardware.exe
      C:\Windows\system32\SystemPropertiesHardware.exe
      1⤵
        PID:1476
      • C:\Users\Admin\AppData\Local\Akx0W\SystemPropertiesHardware.exe
        C:\Users\Admin\AppData\Local\Akx0W\SystemPropertiesHardware.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4244
      • C:\Windows\system32\rdpinput.exe
        C:\Windows\system32\rdpinput.exe
        1⤵
          PID:3380
        • C:\Users\Admin\AppData\Local\4vopFDtbk\rdpinput.exe
          C:\Users\Admin\AppData\Local\4vopFDtbk\rdpinput.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4348

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\06W\CloudNotifications.exe
          Filesize

          59KB

          MD5

          b50dca49bc77046b6f480db6444c3d06

          SHA1

          cc9b38240b0335b1763badcceac37aa9ce547f9e

          SHA256

          96e7e1a3f0f4f6fc6bda3527ab8a739d6dfcab8e534aa7a02b023daebb3c0775

          SHA512

          2a0504ca336e86b92b2f5eff1c458ebd9df36c496331a7247ef0bb8b82eabd86ade7559ddb47ca4169e8365a97e80e5f1d3c1fc330364dea2450608bd692b1d3

          Download Submit

        • C:\Users\Admin\AppData\Local\06W\UxTheme.dll
          Filesize

          1.1MB

          MD5

          3f869472dd0f434fa0bca476e1029704

          SHA1

          d99a2bd31d4e8c3af588cbaf9a54e59236164db6

          SHA256

          2112762da82aa598a678bd58217f070d8837465035dbee7d5161477bbfd6460f

          SHA512

          c97c5cdfbac65167e190f3a00cedf6de8d3b9fe57f91da0c6ae24de261abfc6a0b5b4c3598c976caa264bed968f08942fce24d6f83f0de245a03896ca7e44378

          Download Submit

        • C:\Users\Admin\AppData\Local\4vopFDtbk\WTSAPI32.dll
          Filesize

          1.1MB

          MD5

          5035b757141a0edc1d873f1070b7fa2c

          SHA1

          094fe900fc67703aa5c5a28f415e0b72105e25e3

          SHA256

          2cc51092fee36cae2cb86db90afa3ce19f268bd26a36c7dc5df837de76f8c64f

          SHA512

          fa81bb645feb0b863732a340b1bc7b73b949f8da97d6107d3d134032b59268982b3a5007fe5bf399d87eec1e49cc431f31c543e1da2419a64db92dfce10a8a94

          Download Submit

        • C:\Users\Admin\AppData\Local\4vopFDtbk\rdpinput.exe
          Filesize

          180KB

          MD5

          bd99eeca92869f9a3084d689f335c734

          SHA1

          a2839f6038ea50a4456cd5c2a3ea003e7b77688c

          SHA256

          39bfb2214efeed47f4f5e50e6dff05541e29caeb27966520bdadd52c3d5e7143

          SHA512

          355433c3bbbaa3bcb849633d45713d8a7ac6f87a025732fbe83e259ec3a0cb4eabb18239df26609453f9fc6764c7276c5d0472f11cf12d15ef806aa7594d090e

          Download Submit

        • C:\Users\Admin\AppData\Local\Akx0W\SYSDM.CPL
          Filesize

          1.1MB

          MD5

          1570e794732a97ddad995b0f82985627

          SHA1

          e8757f56e6298b6f575ecb3ff97ba588cb46cc1f

          SHA256

          e17e4b3a49d7d8609d32b76e7e0ca1afb9b6f891552f2da76fd29126c3a9f32c

          SHA512

          d95d3e7594134ca6468d552f168cb171923c9562df8116ad12ea2cbd431b9df88da72b1f23f7b4e999a209862f6c98898c88a1e259646e13a2d6609b609ea149

          Download Submit

        • C:\Users\Admin\AppData\Local\Akx0W\SystemPropertiesHardware.exe
          Filesize

          82KB

          MD5

          bf5bc0d70a936890d38d2510ee07a2cd

          SHA1

          69d5971fd264d8128f5633db9003afef5fad8f10

          SHA256

          c8ebd920399ebcf3ab72bd325b71a6b4c6119dfecea03f25059a920c4d32acc7

          SHA512

          0e129044777cbbf5ea995715159c50773c1818fc5e8faa5c827fd631b44c086b34dfdcbe174b105891ccc3882cc63a8664d189fb6a631d8f589de4e01a862f51

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Iyqor.lnk
          Filesize

          1KB

          MD5

          9417af0163021e6f555051eb772e9cf8

          SHA1

          dd3c0ffd984d28fd0a86ef9a6dd51d1ca955a58f

          SHA256

          3106bbbee116d8b6dc0900668c9d3d690e22282c2a0899337f9e465c6ea358f6

          SHA512

          b31571439ea9b7edeba9f109c489c47e9fcf98cdeca03aade3df3d18e45f9a60771a49e7ac6470f59d3a108a901e285e368215efc968406d8d75479ec5756c85

          Download Submit

        • memory/1968-38-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1968-0-0x000001FB11290000-0x000001FB11297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1968-1-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1980-50-0x0000000140000000-0x000000014011E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1980-46-0x0000000140000000-0x000000014011E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1980-45-0x0000024A35360000-0x0000024A35367000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3460-13-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-11-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-26-0x00007FFFF8670000-0x00007FFFF8680000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3460-25-0x00007FFFF8680000-0x00007FFFF8690000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3460-24-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-35-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-7-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-8-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-9-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-6-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-12-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-15-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-23-0x00000000004D0000-0x00000000004D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3460-14-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3460-3-0x00000000025B0000-0x00000000025B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3460-4-0x00007FFFF7C0A000-0x00007FFFF7C0B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3460-10-0x0000000140000000-0x000000014011D000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4244-66-0x0000000140000000-0x000000014011E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/4244-61-0x0000016BE0340000-0x0000016BE0347000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4348-81-0x0000000140000000-0x000000014011E000-memory.dmp

          Filesize

          1.1MB

          Download