Overview

overview

10

Static

static

3

5610f2cff2...c7.dll

windows7-x64

10

5610f2cff2...c7.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2024 17:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5610f2cff2a5352f2aea2e2d85f83d8dd8d44bc56b776a938ef4826f621adcc7.dll

  • Size

    700KB

  • MD5

    f361ea6f535b8b1dfbfe86aea88cc345

  • SHA1

    43d2f136fbf4fe3918efcc246de89783158bd17b

  • SHA256

    5610f2cff2a5352f2aea2e2d85f83d8dd8d44bc56b776a938ef4826f621adcc7

  • SHA512

    476b50c70ef7d07a5cb77413824783bc3ae00c1df5e8bb0cd4d6482eec8087121fbaa3fe1a4f47f20422d655699493baaef14ee9b93bd091c0ac625481d0ae59

  • SSDEEP

    12288:RqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:RqGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 8 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5610f2cff2a5352f2aea2e2d85f83d8dd8d44bc56b776a938ef4826f621adcc7.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3972
  • C:\Windows\system32\msra.exe
    C:\Windows\system32\msra.exe
    1⤵
      PID:2188
    • C:\Users\Admin\AppData\Local\L8fY\msra.exe
      C:\Users\Admin\AppData\Local\L8fY\msra.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1108
    • C:\Windows\system32\msconfig.exe
      C:\Windows\system32\msconfig.exe
      1⤵
        PID:2360
      • C:\Users\Admin\AppData\Local\IPj\msconfig.exe
        C:\Users\Admin\AppData\Local\IPj\msconfig.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2732
      • C:\Windows\system32\SystemPropertiesHardware.exe
        C:\Windows\system32\SystemPropertiesHardware.exe
        1⤵
          PID:4988
        • C:\Users\Admin\AppData\Local\vEd\SystemPropertiesHardware.exe
          C:\Users\Admin\AppData\Local\vEd\SystemPropertiesHardware.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2660

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\IPj\VERSION.dll
          Filesize

          704KB

          MD5

          94300b115dcf0d9933e6b46361689a5e

          SHA1

          27989b2d1a03355fce4c4c5c5555fa0e0ad92f69

          SHA256

          bc1f447bd89595714b1e8c6a9c4b4f8d6dd4db3b24d7db33d3e7da853605615c

          SHA512

          a4907062e7de4fc499eb22f68474fcf3ed178f470d360dad2cd4b78b3e90e683065eb1be6d1a03bd8f74e72184d4688c18e09c621aae1da1af8b3bb58ef4f613

          Download Submit

        • C:\Users\Admin\AppData\Local\IPj\msconfig.exe
          Filesize

          193KB

          MD5

          39009536cafe30c6ef2501fe46c9df5e

          SHA1

          6ff7b4d30f31186de899665c704a105227704b72

          SHA256

          93d2604f7fdf7f014ac5bef63ab177b6107f3cfc26da6cbd9a7ab50c96564a04

          SHA512

          95c9a8bc61c79108634f5578825544323e3d980ae97a105a325c58bc0e44b1d500637459969602f08d6d23d346baec6acd07d8351803981000c797190d48f03a

          Download Submit

        • C:\Users\Admin\AppData\Local\L8fY\UxTheme.dll
          Filesize

          704KB

          MD5

          5e23247d58064592b4b774eda5a7decf

          SHA1

          ae9a85e1f357af5472684ede470df3876a1d47c2

          SHA256

          4b6c6d444e3a8e08c1d19a58303ade4209632dd618f912bf53347ecd65d1cfb0

          SHA512

          ea2a5cc24439908b40957f7f450a8fa2ebd362587606be09b7cfcb73d0ceeeff1a713cf999b3fb7eaecd4e80c7107b43c4bae9e33d57937df99ac3209cc251e5

          Download Submit

        • C:\Users\Admin\AppData\Local\L8fY\msra.exe
          Filesize

          579KB

          MD5

          dcda3b7b8eb0bfbccb54b4d6a6844ad6

          SHA1

          316a2925e451f739f45e31bc233a95f91bf775fa

          SHA256

          011e1decd6683afe5f1e397fe9697f2cf592ae21766a7629e234682f721658ae

          SHA512

          18e8c99f8b86375627aba0d2b10cf4db24ee5ac61a3d6a73d382a83ec63217c7e455570d4fa7dcdbb188dcc73988689661f8cab2337ae8c615fa6bc9a08f71f5

          Download Submit

        • C:\Users\Admin\AppData\Local\vEd\SYSDM.CPL
          Filesize

          704KB

          MD5

          4b9fcc5cf7fab5de80d204ee1c9b0760

          SHA1

          ffe48fa7cf9bef03d5dea46a1aa163610ab195d0

          SHA256

          d4bd0042ea602f27bf3a73aa0b5dc1dcbaf48560dd5cde385633e724b57650d9

          SHA512

          48fcd7294fc6066870aa04eb4fd2d0fd09bdc3290a09df4496782b1e19fa70c55f2059264c4d013fedc55c429dadab65bda96972adb6f5afdba68b831c52c541

          Download Submit

        • C:\Users\Admin\AppData\Local\vEd\SystemPropertiesHardware.exe
          Filesize

          82KB

          MD5

          bf5bc0d70a936890d38d2510ee07a2cd

          SHA1

          69d5971fd264d8128f5633db9003afef5fad8f10

          SHA256

          c8ebd920399ebcf3ab72bd325b71a6b4c6119dfecea03f25059a920c4d32acc7

          SHA512

          0e129044777cbbf5ea995715159c50773c1818fc5e8faa5c827fd631b44c086b34dfdcbe174b105891ccc3882cc63a8664d189fb6a631d8f589de4e01a862f51

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ehuvmtvuxjwd.lnk
          Filesize

          1KB

          MD5

          9d3bb82393f4da363f368a8b31c8e10a

          SHA1

          e880cedd0d439a6204184dd9f4fa78c42f7b4bb1

          SHA256

          18e6c5c739cf381080048befa0e19d29dd38ab8a33f71d6cf27ebade393aba1b

          SHA512

          5ceca0b27b410f10f3b0e4a29ff30667fd6cdac44acd2df67dcec33dbf86c86e328043ac28eb9246370e7aaad5b6adc38da5a445ff9d1f307774ca9f40f5ac4f

          Download Submit

        • memory/1108-50-0x0000000140000000-0x00000001400B0000-memory.dmp

          Filesize

          704KB

          Download

        • memory/1108-46-0x0000000140000000-0x00000001400B0000-memory.dmp

          Filesize

          704KB

          Download

        • memory/1108-45-0x000002D3B4320000-0x000002D3B4327000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2660-81-0x0000000140000000-0x00000001400B0000-memory.dmp

          Filesize

          704KB

          Download

        • memory/2732-61-0x000001B720640000-0x000001B720647000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2732-66-0x0000000140000000-0x00000001400B0000-memory.dmp

          Filesize

          704KB

          Download

        • memory/3540-23-0x0000000000C00000-0x0000000000C07000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3540-14-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-9-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-8-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-7-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-6-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-3-0x00007FFA252AA000-0x00007FFA252AB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3540-10-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-12-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-35-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-26-0x00007FFA26130000-0x00007FFA26140000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3540-25-0x00007FFA26140000-0x00007FFA26150000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3540-4-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3540-24-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-15-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-13-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3540-11-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3972-0-0x0000029ACDA60000-0x0000029ACDA67000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3972-38-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3972-1-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download