Overview

overview

10

Static

static

3

096c523389...a0.dll

windows7-x64

10

096c523389...a0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2024 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    096c5233892113f80a9ade6545c751fd5c7e049e3357f0be6a0dc8debd18f5a0.dll

  • Size

    1.1MB

  • MD5

    29b4a43d6fa90c2c28824982c991da5d

  • SHA1

    f4693227a98c1b9a031bb6ad182c5f20b83de5f1

  • SHA256

    096c5233892113f80a9ade6545c751fd5c7e049e3357f0be6a0dc8debd18f5a0

  • SHA512

    88fa077dc53d0bef81cdfc3d6da7f44ffc77ca3bdd5fd1818c37c0e9327fdd5b1749945393289b87f7aa2f0a2ddb11b924cea0861e83960bd858f7e353f43f2c

  • SSDEEP

    12288:LkMZ+g4TyilMqFvPIV93i/S0hzmOBt5nihfSxI/mhjEvqJ0D/eAQsroXAkH64C:LkMZ+gf4ltGd8H1fYO0q2G1Ah

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\096c5233892113f80a9ade6545c751fd5c7e049e3357f0be6a0dc8debd18f5a0.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:740
  • C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
    C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
    1⤵
      PID:1668
    • C:\Users\Admin\AppData\Local\OMOHlA\SystemPropertiesDataExecutionPrevention.exe
      C:\Users\Admin\AppData\Local\OMOHlA\SystemPropertiesDataExecutionPrevention.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3520
    • C:\Windows\system32\shrpubw.exe
      C:\Windows\system32\shrpubw.exe
      1⤵
        PID:888
      • C:\Users\Admin\AppData\Local\xqJXPev7\shrpubw.exe
        C:\Users\Admin\AppData\Local\xqJXPev7\shrpubw.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:720
      • C:\Windows\system32\consent.exe
        C:\Windows\system32\consent.exe
        1⤵
          PID:1268
        • C:\Users\Admin\AppData\Local\Inu\consent.exe
          C:\Users\Admin\AppData\Local\Inu\consent.exe
          1⤵
          • Executes dropped EXE
          PID:1308
        • C:\Windows\system32\wlrmdr.exe
          C:\Windows\system32\wlrmdr.exe
          1⤵
            PID:904
          • C:\Users\Admin\AppData\Local\oov2si3V\wlrmdr.exe
            C:\Users\Admin\AppData\Local\oov2si3V\wlrmdr.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:944

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Inu\consent.exe
            Filesize

            162KB

            MD5

            6646631ce4ad7128762352da81f3b030

            SHA1

            1095bd4b63360fc2968d75622aa745e5523428ab

            SHA256

            56b2d516376328129132b815e22379ae8e7176825f059c9374a33cc844482e64

            SHA512

            1c00ed5d8568f6ebd119524b61573cfe71ca828bd8fbdd150158ec8b5db65fa066908d120d201fce6222707bcb78e0c1151b82fdc1dccf3ada867cb810feb6da

            Download Submit

          • C:\Users\Admin\AppData\Local\OMOHlA\SYSDM.CPL
            Filesize

            1.1MB

            MD5

            ce475f2e1cf13b7e3c12a525b62041e3

            SHA1

            fc9f129a5c6552a83a3ee45bc53fdceea7e93fd1

            SHA256

            689ba3e0f398f3684698ed7f7491fd64f90216693e68b8d2dc3712911d083424

            SHA512

            3fb27972798b468c91eaa4b33016c1d1391e0800d0441e7c766ae401f41e22c5f3eaef8f4a5b0d94c69c73374f80fd07224c6f1b8e10d21b97cad56d96ed030f

            Download Submit

          • C:\Users\Admin\AppData\Local\OMOHlA\SystemPropertiesDataExecutionPrevention.exe
            Filesize

            82KB

            MD5

            de58532954c2704f2b2309ffc320651d

            SHA1

            0a9fc98f4d47dccb0b231edf9a63309314f68e3b

            SHA256

            1f810658969560f6e7d7a14f71d1196382e53b984ca190fa9b178ac4a32acfb3

            SHA512

            d4d57cc30d9079f4e9193ba42631e8e53d86b22e9c655d7a8c25e5be0e5e1d6dfff4714ddc23e3e392809d623b4f8d43c63893f74c325fc77459ac03c7a451ed

            Download Submit

          • C:\Users\Admin\AppData\Local\oov2si3V\DUI70.dll
            Filesize

            1.4MB

            MD5

            d7818d0140c14893e6ebaae4c6e9c439

            SHA1

            9b50da69f3c1755d637d08cbec94c85eab458c08

            SHA256

            8c49ffe904089cd9bc6b05b28f8bb9cede299c2030d225485f095e28de3bca1c

            SHA512

            5f64e2aac760af3b3483fed0368032363bf1071f0e8986a6d17c5f3babdbbfb7faab7e776b505127d7742bf6978dcf1fa83fd282756bc02d1d7688709269b117

            Download Submit

          • C:\Users\Admin\AppData\Local\oov2si3V\wlrmdr.exe
            Filesize

            66KB

            MD5

            ef9bba7a637a11b224a90bf90a8943ac

            SHA1

            4747ec6efd2d41e049159249c2d888189bb33d1d

            SHA256

            2fda95aafb2e9284c730bf912b93f60a75b151941adc14445ed1e056140325b1

            SHA512

            4c1fdb8e4bf25546a2a33c95268593746f5ae2666ce36c6d9ba5833357f13720c4722231224e82308af8c156485a2c86ffd97e3093717a28d1300d3787ef1831

            Download Submit

          • C:\Users\Admin\AppData\Local\xqJXPev7\shrpubw.exe
            Filesize

            59KB

            MD5

            9910d5c62428ec5f92b04abf9428eec9

            SHA1

            05f27d7515e8ae1fa3bc974ec65b864ec4c9ac8b

            SHA256

            6b84e6e55d8572d7edf0b6243d00abb651fcb0cddddac8461de5f9bb80035a2e

            SHA512

            01be043f7ff879a683e53962eec58456ba200d6787ea66581bb62669ae65d5e58a5577cdf23441165f7a535fce1dec933e3ad2465c72172b4a1488b24ce722cb

            Download Submit

          • C:\Users\Admin\AppData\Local\xqJXPev7\srvcli.dll
            Filesize

            1.1MB

            MD5

            a4b229cb3100d8b0853696d4ce475dab

            SHA1

            70dde302b0892349af0f7df773313024b198358f

            SHA256

            47194b3cf9706fcc599d5c4e454238ce1c5acc7ad4305abd79316e1e8f8a605d

            SHA512

            3bb28e63e9ae753591cd2df94e101bebed3c13e4b9cf7e4c994e549344537acb310699c420521a7c4e61697a16cd6b6512c8b4eb0a408e3177ebcae526a3d038

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Zcgcwwxuxxxcbkn.lnk
            Filesize

            1KB

            MD5

            1498bc2ffcd22fccfabc3fb6fdc5e715

            SHA1

            559e127dcb3dde5d1c38a37cc02069dcfa2677cb

            SHA256

            d72c74bd0be359ea3c9ef82cf8515c7bc8820036df3b66b85ec5584f36b1ce78

            SHA512

            dbd26e14c98f83357fa6148d1739758dbda6e2a87b93f67d6e0e34880c1b9a7e58356bb41a6f8486ab8b2383457053fb27febf8c10759860980e63709569f4bf

            Download Submit

          • memory/720-61-0x0000026DF3B90000-0x0000026DF3B97000-memory.dmp

            Filesize

            28KB

            Download

          • memory/720-66-0x0000000140000000-0x000000014011F000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/740-0-0x0000026FBCBC0000-0x0000026FBCBC7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/740-1-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/740-38-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/944-85-0x0000000140000000-0x0000000140164000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/944-89-0x0000000140000000-0x0000000140164000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/3500-9-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-14-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-7-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-10-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-12-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-13-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-35-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-4-0x00000000033D0000-0x00000000033D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3500-3-0x00007FFBC97CA000-0x00007FFBC97CB000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3500-6-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-25-0x00007FFBCB2E0000-0x00007FFBCB2F0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3500-26-0x00007FFBCB2D0000-0x00007FFBCB2E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3500-24-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-11-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-23-0x0000000001350000-0x0000000001357000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3500-15-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3500-8-0x0000000140000000-0x000000014011E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3520-50-0x0000000140000000-0x000000014011F000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3520-46-0x0000000140000000-0x000000014011F000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/3520-45-0x0000029BF13E0000-0x0000029BF13E7000-memory.dmp

            Filesize

            28KB

            Download