Overview

overview

10

Static

static

3

772c9a9a59...20.dll

windows7-x64

10

772c9a9a59...20.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2024 17:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    772c9a9a5936ebf7ae74095e3bbc84543b533e0c07cfadc1f9359c3b95586e20.dll

  • Size

    908KB

  • MD5

    b0125ea2f2268bfbaf1303fbe6ed2b19

  • SHA1

    046b69664e5e091563dbcf675197e076aca32e79

  • SHA256

    772c9a9a5936ebf7ae74095e3bbc84543b533e0c07cfadc1f9359c3b95586e20

  • SHA512

    b3550b5eb6f07cdb4ec5e81a2c64470bea8191dda4920007fd2bdfa7c6fec977c90b7d62247b9f5d488e8df64c1abfb98494f986e353c9e143cc26eed1476099

  • SSDEEP

    12288:6qJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:6qGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\772c9a9a5936ebf7ae74095e3bbc84543b533e0c07cfadc1f9359c3b95586e20.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2328
  • C:\Windows\system32\javaws.exe
    C:\Windows\system32\javaws.exe
    1⤵
      PID:3040
    • C:\Users\Admin\AppData\Local\vSvS4E\javaws.exe
      C:\Users\Admin\AppData\Local\vSvS4E\javaws.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      PID:2792
    • C:\Windows\system32\msra.exe
      C:\Windows\system32\msra.exe
      1⤵
        PID:2600
      • C:\Users\Admin\AppData\Local\ftUtjPI7t\msra.exe
        C:\Users\Admin\AppData\Local\ftUtjPI7t\msra.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3012
      • C:\Windows\system32\xpsrchvw.exe
        C:\Windows\system32\xpsrchvw.exe
        1⤵
          PID:1664
        • C:\Users\Admin\AppData\Local\bIYY5WaOG\xpsrchvw.exe
          C:\Users\Admin\AppData\Local\bIYY5WaOG\xpsrchvw.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2840

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\bIYY5WaOG\WINMM.dll
          Filesize

          916KB

          MD5

          d60360d8d4a80aaa689ebe23987ea0af

          SHA1

          ed3b06508b4bca4fd4788de729e1f918a406f6ae

          SHA256

          f23812210726241db7fe5e6ee1b01624044cb9de415f01e52294290dbb73e7ee

          SHA512

          040c28344bb0ad8318376f74c72647ac06953058e4dc5e4254861746e519fd16adb56d1ecddbbfbd88f809dbdd42a7041cb79f684a75713781f37baff082c35b

          Download Submit

        • C:\Users\Admin\AppData\Local\ftUtjPI7t\UxTheme.dll
          Filesize

          912KB

          MD5

          d3dfc8de3ad253a6051f4a4bd398f092

          SHA1

          432fdb4b126dff69cc78aa397427e247d4c92d35

          SHA256

          bff92cf120a18b1f84444595923d3ac97f1f8a1093221cd46c67618e8dd20830

          SHA512

          ead41c0c8547975da515883c452717809cd4aaf66c4000b519b34e6c723fdc2ca3ad228a95524b23843e95674b6cba5516c4af09b72766063c16101233f26a4c

          Download Submit

        • C:\Users\Admin\AppData\Local\vSvS4E\VERSION.dll
          Filesize

          912KB

          MD5

          76674afde48b1f77a70c6359956b57a3

          SHA1

          6aa27693d3986b52c6505241946421e73d80ab37

          SHA256

          cb80b044285845567f71aeb8d06264cd5f8f93290090e54bb19e7b6912dfb635

          SHA512

          e90ae739d00a84153eaa5c08e324b17e89811498b3ce47e93b2321fb01bb035d3bf8df2d81372f684a662398adb03be6bdf4870f9258dfec9776b8b5eaf68781

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ygxjfqh.lnk
          Filesize

          1022B

          MD5

          409e4e17989afd42e4f29f50c52d3ced

          SHA1

          60fb274bb2d148f9fca0aabe651757dcc553cc2c

          SHA256

          1d448039871135cfd680850eb69bf5d8e3f2c7b999e51d8c4fe2be0481ac5c81

          SHA512

          36b6695a43ef88683f27fe90f87c2e469e5e3da883057b00fb0df49aa7e35625bac101a20e7c87dbf13c9a61f083796af34ae829a27622c6e117a662e0dd1e1c

          Download Submit

        • \Users\Admin\AppData\Local\bIYY5WaOG\xpsrchvw.exe
          Filesize

          4.6MB

          MD5

          492cb6a624d5dad73ee0294b5db37dd6

          SHA1

          e74806af04a5147ccabfb5b167eb95a0177c43b3

          SHA256

          ccb4ecd48561ce024ea176b7036f0f2713b98bc82aa37347a30d8187762a8784

          SHA512

          63bf2931764efe767fb42f9576702dd585a032f74ad2be2481eaf309f34950f05974d77b5cb220a3ff89c92af0c7693dc558f8e3a3ee2a0be6c5c07171d03835

          Download Submit

        • \Users\Admin\AppData\Local\ftUtjPI7t\msra.exe
          Filesize

          636KB

          MD5

          e79df53bad587e24b3cf965a5746c7b6

          SHA1

          87a97ec159a3fc1db211f3c2c62e4d60810e7a70

          SHA256

          4e7c22648acf664ab13dfeb2dc062ae90af1e6c621186981f395fb279bbc9b9d

          SHA512

          9a329c39ce0bc5aede01e96c4190cc7ccd17729fbc3a2b6df73057be8efaa3fa92cfef6e26a25bde6f7f94f64f6d6d0e4c5459aef2aead367e43178dd275acfb

          Download Submit

        • \Users\Admin\AppData\Local\vSvS4E\javaws.exe
          Filesize

          312KB

          MD5

          f94bc1a70c942621c4279236df284e04

          SHA1

          8f46d89c7db415a7f48ccd638963028f63df4e4f

          SHA256

          be9f8986a6c86d9f77978105d48b59eebfec3b9732dbf19e0f3d48bf7f20120c

          SHA512

          60edf20ca3cae9802263446af266568d0b5e0692eddcfcfc3b2f9a39327b3184613ca994460b919d17a6edc5936b4da16d9033f5138bcfd9bc0f09d88c8dcd52

          Download Submit

        • memory/1228-26-0x0000000077DB0000-0x0000000077DB2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1228-46-0x0000000077B46000-0x0000000077B47000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1228-15-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-13-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-12-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-11-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-10-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-9-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-8-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-7-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-27-0x0000000077DE0000-0x0000000077DE2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1228-3-0x0000000077B46000-0x0000000077B47000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1228-36-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-37-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-4-0x0000000002D50000-0x0000000002D51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1228-16-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-24-0x0000000002AC0000-0x0000000002AC7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1228-25-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-6-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/1228-14-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2328-45-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2328-2-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2328-0-0x0000000140000000-0x00000001400E3000-memory.dmp

          Filesize

          908KB

          Download

        • memory/2792-59-0x0000000140000000-0x00000001400E4000-memory.dmp

          Filesize

          912KB

          Download

        • memory/2792-54-0x0000000140000000-0x00000001400E4000-memory.dmp

          Filesize

          912KB

          Download

        • memory/2792-56-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2840-88-0x0000000140000000-0x00000001400E5000-memory.dmp

          Filesize

          916KB

          Download

        • memory/2840-91-0x0000000140000000-0x00000001400E5000-memory.dmp

          Filesize

          916KB

          Download

        • memory/3012-75-0x0000000140000000-0x00000001400E4000-memory.dmp

          Filesize

          912KB

          Download