Overview

overview

10

Static

static

3

82bbb37f2e...8b.dll

windows7-x64

10

82bbb37f2e...8b.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2024 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82bbb37f2ea3e1afd819a87eba997c908ba7b061bdb28880e11bf490f6b6c48b.dll

  • Size

    720KB

  • MD5

    063b08ece19964bb44c048bdaf338d0c

  • SHA1

    629c98179cd6f9dd0d642305ba7ce56525833c6c

  • SHA256

    82bbb37f2ea3e1afd819a87eba997c908ba7b061bdb28880e11bf490f6b6c48b

  • SHA512

    c9374043f8b06799b2fc49c88c5b26e838dbd9ac28f87fa4293cbd1775b67d1ded3eacd62c02c4230c694114f65b078dfa6fb196510e0106c9e32a96bd1484f7

  • SSDEEP

    12288:HqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4BaedXlS:HqGBHTxvt+g2gYedXlS

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\82bbb37f2ea3e1afd819a87eba997c908ba7b061bdb28880e11bf490f6b6c48b.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4580
  • C:\Windows\system32\consent.exe
    C:\Windows\system32\consent.exe
    1⤵
      PID:3680
    • C:\Users\Admin\AppData\Local\zXv7E\consent.exe
      C:\Users\Admin\AppData\Local\zXv7E\consent.exe
      1⤵
      • Executes dropped EXE
      PID:212
    • C:\Windows\system32\WindowsActionDialog.exe
      C:\Windows\system32\WindowsActionDialog.exe
      1⤵
        PID:3656
      • C:\Users\Admin\AppData\Local\9frz\WindowsActionDialog.exe
        C:\Users\Admin\AppData\Local\9frz\WindowsActionDialog.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4956
      • C:\Windows\system32\SystemSettingsRemoveDevice.exe
        C:\Windows\system32\SystemSettingsRemoveDevice.exe
        1⤵
          PID:3748
        • C:\Users\Admin\AppData\Local\MY19L\SystemSettingsRemoveDevice.exe
          C:\Users\Admin\AppData\Local\MY19L\SystemSettingsRemoveDevice.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:620
        • C:\Windows\system32\SystemPropertiesProtection.exe
          C:\Windows\system32\SystemPropertiesProtection.exe
          1⤵
            PID:940
          • C:\Users\Admin\AppData\Local\jrzU\SystemPropertiesProtection.exe
            C:\Users\Admin\AppData\Local\jrzU\SystemPropertiesProtection.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:3684

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\9frz\DUI70.dll
            Filesize

            1000KB

            MD5

            82083e9b551cff4a623abef34578e1f4

            SHA1

            8da7158c3376307a362c7c607a877986d3e53f87

            SHA256

            3eac02bbd4fb391f100c6667ee1461aa560ec739d34717b1b6e582d853d67bad

            SHA512

            1bfdd4345ed6377a42a331176a1b7e85cacfa121f8c73783815a8379102fda30106a3f748cade08b71e3287a6407fde00609bc94bb60ba193a398d7c301154ac

            Download Submit

          • C:\Users\Admin\AppData\Local\9frz\WindowsActionDialog.exe
            Filesize

            61KB

            MD5

            73c523b6556f2dc7eefc662338d66f8d

            SHA1

            1e6f9a1d885efa4d76f1e7a8be2e974f2b65cea5

            SHA256

            0c6397bfbcd7b1fcefb6de01a506578e36651725a61078c69708f1f92c41ea31

            SHA512

            69d0f23d1abaad657dd4672532936ef35f0e9d443caf9e19898017656a66ed46e75e7e05261c7e7636799c58feccd01dc93975d6a598cbb73242ddb48c6ec912

            Download Submit

          • C:\Users\Admin\AppData\Local\MY19L\DUI70.dll
            Filesize

            1000KB

            MD5

            ac83e27df6f34a16db1ee84e8625f544

            SHA1

            a999764fc190cfba83d36e4dff5cc87816c8e375

            SHA256

            876b58890c2ceb4aad14fc6e363b388bd1fa2f3c9cce3fb3ce1f2f9d26c73893

            SHA512

            d407574e6e00d59c4346a8fa5811d22534cdbb34592c4ef53e4f0772bc08725be64d4faf014fcf0ec3a1cb03e9533e51c8b06532dc7c1d960eb33609c75701c9

            Download Submit

          • C:\Users\Admin\AppData\Local\MY19L\SystemSettingsRemoveDevice.exe
            Filesize

            39KB

            MD5

            7853f1c933690bb7c53c67151cbddeb0

            SHA1

            d47a1ad0ccba4c988c8ffc5cbf9636fd4f4fa6e6

            SHA256

            9500731b2a3442f11dfd08a8adfe027e7f32ef5834c628eed4b78be74168470d

            SHA512

            831993d610539d44422d769de6561a4622e1b9cb3d73253774b6cecabf57654a74cd88b4ebe20921585ea96d977225b9501f02a0f6a1fc7d2cad6824fd539304

            Download Submit

          • C:\Users\Admin\AppData\Local\jrzU\SYSDM.CPL
            Filesize

            724KB

            MD5

            8d6c7f2b8c4e105e473b2a37ec864610

            SHA1

            3d8f1c3fd0df75f4fa4caa50a09c7cce2e4d9d63

            SHA256

            547aa4e3fe1a342daadefc8d05239bd43d4e0b6db4237eda1a699fad7588d753

            SHA512

            0f3e35c9c3f14ffae4fa03f12d44839bf976d21161c949f813e7c98a1cab9f1682b62591cdf58e559a4f26fd3d566a909d03460b4d0f4ae4ce8b986dc3a7cd46

            Download Submit

          • C:\Users\Admin\AppData\Local\jrzU\SystemPropertiesProtection.exe
            Filesize

            82KB

            MD5

            26640d2d4fa912fc9a354ef6cfe500ff

            SHA1

            a343fd82659ce2d8de3beb587088867cf2ab8857

            SHA256

            a8ddf1b17b0cbc96a7eaedb0003aa7b1631da09ebfe85b387f8f630222511b37

            SHA512

            26162a3d9d4a8e3290dbcf6fe387b5c48ab1d9552aa02a38954649d877f408cb282e57580f81e15128e3a41da0eb58328d1d6253e1b57232f9a8cecdd99991dc

            Download Submit

          • C:\Users\Admin\AppData\Local\zXv7E\consent.exe
            Filesize

            162KB

            MD5

            6646631ce4ad7128762352da81f3b030

            SHA1

            1095bd4b63360fc2968d75622aa745e5523428ab

            SHA256

            56b2d516376328129132b815e22379ae8e7176825f059c9374a33cc844482e64

            SHA512

            1c00ed5d8568f6ebd119524b61573cfe71ca828bd8fbdd150158ec8b5db65fa066908d120d201fce6222707bcb78e0c1151b82fdc1dccf3ada867cb810feb6da

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rasxaa.lnk
            Filesize

            1KB

            MD5

            a33e2f8917716ee13d2b6ff2149f4726

            SHA1

            039075f6bac959f5563b81bf08f028d03672ed74

            SHA256

            6f277c29d4799f7d6e06ce0e0c28d6a113600c0888f7bf1d7799eea59e9ce879

            SHA512

            87976c87bb9ff253ef2138f92ec0c80f369c54eb951ae4637fd96a94d00bd404cd23b2640951ba899db716e078aa1e4179ff2f79fe67abc8d8e27a56230886f2

            Download Submit

          • memory/620-72-0x0000000140000000-0x00000001400FA000-memory.dmp

            Filesize

            1000KB

            Download

          • memory/3488-24-0x00007FF883500000-0x00007FF883510000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3488-11-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-8-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-7-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-6-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-23-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-25-0x00007FF8834F0000-0x00007FF883500000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3488-5-0x00007FF881FAA000-0x00007FF881FAB000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3488-34-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-3-0x0000000003240000-0x0000000003241000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3488-10-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-9-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-12-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-13-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-14-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/3488-22-0x0000000002D00000-0x0000000002D07000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3684-83-0x0000000140000000-0x00000001400B5000-memory.dmp

            Filesize

            724KB

            Download

          • memory/3684-87-0x0000000140000000-0x00000001400B5000-memory.dmp

            Filesize

            724KB

            Download

          • memory/4580-37-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/4580-0-0x0000000140000000-0x00000001400B4000-memory.dmp

            Filesize

            720KB

            Download

          • memory/4580-2-0x0000000002A50000-0x0000000002A57000-memory.dmp

            Filesize

            28KB

            Download

          • memory/4956-57-0x0000000140000000-0x00000001400FA000-memory.dmp

            Filesize

            1000KB

            Download

          • memory/4956-52-0x0000000140000000-0x00000001400FA000-memory.dmp

            Filesize

            1000KB

            Download

          • memory/4956-54-0x000001F5766B0000-0x000001F5766B7000-memory.dmp

            Filesize

            28KB

            Download