Overview

overview

10

Static

static

3

6148532826...bf.dll

windows7-x64

10

6148532826...bf.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2024 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6148532826cdbfc9b12295ce641021f22336459ea6f5cd2de43dec5f18e648bf.dll

  • Size

    728KB

  • MD5

    3a325295832f70c883b27b87efa606c6

  • SHA1

    920e9216016a61f1323024604facdb3fa3d4739a

  • SHA256

    6148532826cdbfc9b12295ce641021f22336459ea6f5cd2de43dec5f18e648bf

  • SHA512

    8908496ecd06be35afaf723601ec8478f8b6d1805bf390f5fbb2301db21d0872b0b63f4dbdfb1f9d03db8ecd721a697a49a6eb79d6d5d3e2f173e3176cc7c05f

  • SSDEEP

    12288:pqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:pqGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6148532826cdbfc9b12295ce641021f22336459ea6f5cd2de43dec5f18e648bf.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:840
  • C:\Windows\system32\wlrmdr.exe
    C:\Windows\system32\wlrmdr.exe
    1⤵
      PID:5116
    • C:\Users\Admin\AppData\Local\cDM6QV\wlrmdr.exe
      C:\Users\Admin\AppData\Local\cDM6QV\wlrmdr.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:996
    • C:\Windows\system32\ie4uinit.exe
      C:\Windows\system32\ie4uinit.exe
      1⤵
        PID:4876
      • C:\Users\Admin\AppData\Local\JKIQO\ie4uinit.exe
        C:\Users\Admin\AppData\Local\JKIQO\ie4uinit.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4820
      • C:\Windows\system32\Magnify.exe
        C:\Windows\system32\Magnify.exe
        1⤵
          PID:1624
        • C:\Users\Admin\AppData\Local\ooXgo\Magnify.exe
          C:\Users\Admin\AppData\Local\ooXgo\Magnify.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2060

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\JKIQO\VERSION.dll
          Filesize

          732KB

          MD5

          9a0da427a987e099237b30a3dc925ec3

          SHA1

          c999f0bd7fcfd9fa489908d24e466bcd7fb30b36

          SHA256

          d6d4c935787457f33275f028490d6d315beafb7468c34fa36a7b16aa7cd0c37b

          SHA512

          65260de053928082cd50ef54b18cd7d8c8f26fed4b058d1482195678713cbe94d70742dba3d89e528beac2aea7c7a5ccd575eb1c1237a0c1dd5cce53730433d9

          Download Submit

        • C:\Users\Admin\AppData\Local\JKIQO\ie4uinit.exe
          Filesize

          262KB

          MD5

          a2f0104edd80ca2c24c24356d5eacc4f

          SHA1

          8269b9fd9231f04ed47419bd565c69dc677fab56

          SHA256

          5d85c4d62cc26996826b9d96a9153f7e05a2260342bd913b3730610a1809203c

          SHA512

          e7bb87f9f6c82cb945b95f62695be98b3fa827a24fa8c4187fe836d4e7d3e7ae3b95101edd3c41d65f6cb684910f5954a67307d450072acd8d475212db094390

          Download Submit

        • C:\Users\Admin\AppData\Local\cDM6QV\DUI70.dll
          Filesize

          1008KB

          MD5

          6e021ed743f9c3d7446598a2a2d7d1d8

          SHA1

          ab202fdf59ccb46537ad2ada7505b3350d86e80a

          SHA256

          cce7da790fb486f5999db7428f1055161ecede2c917f9f7d7c718ec17c75e1af

          SHA512

          1094341b6c180f704f942ac3bfd5cdb16b0a5d33f09813e79544365cc5d0f896aa71318c93793353758ea7ae31ff568ef6a535ed3aecd53245c7f91d555960de

          Download Submit

        • C:\Users\Admin\AppData\Local\cDM6QV\wlrmdr.exe
          Filesize

          66KB

          MD5

          ef9bba7a637a11b224a90bf90a8943ac

          SHA1

          4747ec6efd2d41e049159249c2d888189bb33d1d

          SHA256

          2fda95aafb2e9284c730bf912b93f60a75b151941adc14445ed1e056140325b1

          SHA512

          4c1fdb8e4bf25546a2a33c95268593746f5ae2666ce36c6d9ba5833357f13720c4722231224e82308af8c156485a2c86ffd97e3093717a28d1300d3787ef1831

          Download Submit

        • C:\Users\Admin\AppData\Local\ooXgo\Magnify.exe
          Filesize

          639KB

          MD5

          4029890c147e3b4c6f41dfb5f9834d42

          SHA1

          10d08b3f6dabe8171ca2dd52e5737e3402951c75

          SHA256

          57137f784594793dc0669042ccd3a71ddbfedeb77da6d97173d82613e08add4d

          SHA512

          dbdc60f8692f13c23dbed0b76e9c6758a5b413bd6aaf4e4d0ba74e69c0871eb759da95c3f85a31d972388b545dcf3bb8abbcbedd29a1e7e48c065130b98b893d

          Download Submit

        • C:\Users\Admin\AppData\Local\ooXgo\OLEACC.dll
          Filesize

          732KB

          MD5

          49e5bb7a787643791be29e35c7e1b612

          SHA1

          690fe3951233ea615b997bb38bed8e559b0c077f

          SHA256

          e4cbd2983d53290ddd1fa7fe18d7eb77fa03376c6fc5672df63d700ace6331b6

          SHA512

          4225a5727052eaa64d1790f4ef4f382582764a0b44c18a9313272c8a613f0c2b34244cd6f9eaaeab9c6de3395609c8cd9d4910f0947fdafbbbe5f850b6207ebe

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rasxaa.lnk
          Filesize

          1KB

          MD5

          65b1f3957f2beb70b81c7529db333a51

          SHA1

          caf6b3da1a16a277b533272f49fe1f39e830367d

          SHA256

          77250d83757f3aac3cae7f54d2e52d45f6386b6ad33d37527d6e4f41b12eff79

          SHA512

          dd2b9a32bfa91ebd47228dc9935d8d1b845babb61ade1bb7a7542dfd5c4fb8d7a65afb34b4c58098fb77dfbbd145ffdaa930aa0ebcb3bc350dcaa91e95e50314

          Download Submit

        • memory/840-38-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/840-0-0x000001DF0A670000-0x000001DF0A677000-memory.dmp

          Filesize

          28KB

          Download

        • memory/840-1-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/996-50-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/996-47-0x0000019E84530000-0x0000019E84537000-memory.dmp

          Filesize

          28KB

          Download

        • memory/996-45-0x0000000140000000-0x00000001400FC000-memory.dmp

          Filesize

          1008KB

          Download

        • memory/2060-78-0x0000000140000000-0x00000001400B7000-memory.dmp

          Filesize

          732KB

          Download

        • memory/2060-81-0x0000000140000000-0x00000001400B7000-memory.dmp

          Filesize

          732KB

          Download

        • memory/3504-13-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-35-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-8-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-7-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-10-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-11-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-12-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-24-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-25-0x00007FFB57DA0000-0x00007FFB57DB0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3504-9-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-26-0x00007FFB57D90000-0x00007FFB57DA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3504-15-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-4-0x0000000002D10000-0x0000000002D11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3504-3-0x00007FFB5715A000-0x00007FFB5715B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3504-6-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3504-23-0x0000000000FF0000-0x0000000000FF7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3504-14-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/4820-67-0x0000022F3A900000-0x0000022F3A9B7000-memory.dmp

          Filesize

          732KB

          Download

        • memory/4820-63-0x0000022F3A900000-0x0000022F3A9B7000-memory.dmp

          Filesize

          732KB

          Download

        • memory/4820-62-0x0000022F3A9D0000-0x0000022F3A9D7000-memory.dmp

          Filesize

          28KB

          Download