Overview

overview

10

Static

static

3

82095408cb...8b.dll

windows7-x64

10

82095408cb...8b.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2024 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82095408cb1b096fdf360cc0ed6d8e2ba0232e62e4f37a01aa31b4fc69fc618b.dll

  • Size

    1.4MB

  • MD5

    6ad98a87dfac01169872c8d4fcfcf27d

  • SHA1

    e5c6476f15f2d64c0626335585f0f18ed917248a

  • SHA256

    82095408cb1b096fdf360cc0ed6d8e2ba0232e62e4f37a01aa31b4fc69fc618b

  • SHA512

    1fef8d13244cf1a724bdac23697f48ba5bfd3af84666d713ada3684d6fc7c1b0dd0ce05fdefc898298e5b1b8986160d85787ed0e728d72293344174696b0257b

  • SSDEEP

    12288:+kMZ+g4TyilMqFvPIV93i/S0hzmOBt5nihfSxI/mhjEvqJ0D/eAQsroXAkH64Cu5:+kMZ+gf4ltGd8H1fYO0q2G1Ahu5

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\82095408cb1b096fdf360cc0ed6d8e2ba0232e62e4f37a01aa31b4fc69fc618b.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1704
  • C:\Windows\system32\sethc.exe
    C:\Windows\system32\sethc.exe
    1⤵
      PID:2576
    • C:\Users\Admin\AppData\Local\YUKK9kmzA\sethc.exe
      C:\Users\Admin\AppData\Local\YUKK9kmzA\sethc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1308
    • C:\Windows\system32\raserver.exe
      C:\Windows\system32\raserver.exe
      1⤵
        PID:4792
      • C:\Users\Admin\AppData\Local\lP1\raserver.exe
        C:\Users\Admin\AppData\Local\lP1\raserver.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3588
      • C:\Windows\system32\dialer.exe
        C:\Windows\system32\dialer.exe
        1⤵
          PID:3020
        • C:\Users\Admin\AppData\Local\7VD1IPzi7\dialer.exe
          C:\Users\Admin\AppData\Local\7VD1IPzi7\dialer.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4632

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\7VD1IPzi7\TAPI32.dll
          Filesize

          1.4MB

          MD5

          2f07195901c82e76c52401be9b86c414

          SHA1

          82b2ea5339afc5780fb859c3a6cf2a6c883b72fc

          SHA256

          e08480a90bdd048d034784a0ce54c5760edaddac42360de24839c6b4720ef03d

          SHA512

          e4be44aa136017983fea61c6c206b1e0099875b2d10e29ab589add09b7370f31aa20ac4ad375235a7af45df05dbac93084ddf9b8f339a0283abed2e42905a96e

          Download Submit

        • C:\Users\Admin\AppData\Local\7VD1IPzi7\dialer.exe
          Filesize

          39KB

          MD5

          b2626bdcf079c6516fc016ac5646df93

          SHA1

          838268205bd97d62a31094d53643c356ea7848a6

          SHA256

          e3ac5e6196f3a98c1946d85c653866c318bb2a86dd865deffa7b52f665d699bb

          SHA512

          615cfe1f91b895513c687906bf3439ca352afcadd3b73f950af0a3b5fb1b358168a7a25a6796407b212fde5f803dd880bcdc350d8bac7e7594090d37ce259971

          Download Submit

        • C:\Users\Admin\AppData\Local\YUKK9kmzA\OLEACC.dll
          Filesize

          1.4MB

          MD5

          9877b146afc4a6bb183c2c54074fa49b

          SHA1

          e48b2237e422e1ac409b1c40abeeae53d97cb131

          SHA256

          e0b5580b4a2effc9f88ab640598f09c793413241eef970d461856ba43e9dba4d

          SHA512

          8a22afd607296efb8f993786d36bc2e4fb7fe983e878ace20f07f8cb414051b5ce6b66dbed4e191f4173b62e3adbd92881977b4e73d1e673ceec0444ea6a986e

          Download Submit

        • C:\Users\Admin\AppData\Local\YUKK9kmzA\sethc.exe
          Filesize

          104KB

          MD5

          8ba3a9702a3f1799431cad6a290223a6

          SHA1

          9c7dc9b6830297c8f759d1f46c8b36664e26c031

          SHA256

          615b2f2d7e3fce340839a9b54bdc3445eb2333d0fafee477d6113379e90935b8

          SHA512

          680c216d54f4fd2a14f0398e4461c8340ac15acdca75c36a42083625e1081d5e7d262c4c12296b6f21ba2f593f92816edf1c9a0cf4cbee23588e590713b87746

          Download Submit

        • C:\Users\Admin\AppData\Local\lP1\WTSAPI32.dll
          Filesize

          1.4MB

          MD5

          d99550df69c5d6d179cb009801d11dc7

          SHA1

          291363940ad50aa93a2eeef51a7aafb3d89929da

          SHA256

          65c090e042a7c7d360e63a14b47451a1c4b0ac44710c9ab5fa6560c76c5a2aa7

          SHA512

          5f9cc75bb5eb6fc2dfd07bd630d129c6c3f30ac1584deead88ef7c31027cf05bdeceff6ab473c56beba8548c4568a709a95ccac4421f467eb9c633c61c0206eb

          Download Submit

        • C:\Users\Admin\AppData\Local\lP1\raserver.exe
          Filesize

          132KB

          MD5

          d1841c6ee4ea45794ced131d4b68b60e

          SHA1

          4be6d2116060d7c723ac2d0b5504efe23198ea01

          SHA256

          38732626242988cc5b8f97fe8d3b030d483046ef66ea90d7ea3607f1adc0600d

          SHA512

          d8bad215872c5956c6e8acac1cd3ad19b85f72b224b068fb71cfd1493705bc7d3390853ba923a1aa461140294f8793247df018484a378e4f026c2a12cb3fa5c9

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Eswctkc.lnk
          Filesize

          1KB

          MD5

          8b980249dafdaff3a2a524939d4f04df

          SHA1

          734e033448a18fa233eea5f106f4f3bb2a2a16c2

          SHA256

          50417e82cf3b9caaea94128da6909002d5fe6b12b5315159b4c2ffff0bba5765

          SHA512

          f16f8fd9465c8b1dfab5a467300e267b57d7956034e0ec408c2a531b041785165454058678feee1af5cc33018be8f0d75fe548098699b245362c72c7e3914caa

          Download Submit

        • memory/1308-48-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1308-46-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1308-45-0x0000014E85390000-0x0000014E85397000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1704-38-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1704-0-0x000002D32AC70000-0x000002D32AC77000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1704-1-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-26-0x00007FFECCF30000-0x00007FFECCF40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3404-23-0x00000000008A0000-0x00000000008A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3404-11-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-9-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-6-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-35-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-10-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-12-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-13-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-24-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-25-0x00007FFECCF40000-0x00007FFECCF50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3404-15-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-14-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-8-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3404-4-0x00000000025B0000-0x00000000025B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3404-3-0x00007FFECC71A000-0x00007FFECC71B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3404-7-0x0000000140000000-0x0000000140162000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-66-0x0000000140000000-0x0000000140163000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3588-61-0x0000015BDF330000-0x0000015BDF337000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4632-77-0x0000000140000000-0x0000000140164000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/4632-79-0x0000000140000000-0x0000000140164000-memory.dmp

          Filesize

          1.4MB

          Download