Overview

overview

10

Static

static

3

05be219e19...d9.dll

windows7-x64

10

05be219e19...d9.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05be219e193d428010ae2d069ecfb03840a7c731b83f1e2724b6fd1582a1c5d9.dll

  • Size

    696KB

  • MD5

    f7237ce6f2ea2844db1ffc53b74b57d3

  • SHA1

    6807e9453325515ec348cdad087d182dc3804154

  • SHA256

    05be219e193d428010ae2d069ecfb03840a7c731b83f1e2724b6fd1582a1c5d9

  • SHA512

    2467a1e9bb2d046e13711851fc2d08d1fb903e8fee5bd40bc356c82d3633651f1072a191a582a09ca6bc0af0950322fa398440a99f0376239570de0a503b5efa

  • SSDEEP

    12288:JqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:JqGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\05be219e193d428010ae2d069ecfb03840a7c731b83f1e2724b6fd1582a1c5d9.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2232
  • C:\Windows\system32\calc.exe
    C:\Windows\system32\calc.exe
    1⤵
      PID:2656
    • C:\Users\Admin\AppData\Local\ESZZ91\calc.exe
      C:\Users\Admin\AppData\Local\ESZZ91\calc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      PID:2720
    • C:\Windows\system32\isoburn.exe
      C:\Windows\system32\isoburn.exe
      1⤵
        PID:2544
      • C:\Users\Admin\AppData\Local\fqPUrgd\isoburn.exe
        C:\Users\Admin\AppData\Local\fqPUrgd\isoburn.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2404
      • C:\Windows\system32\DisplaySwitch.exe
        C:\Windows\system32\DisplaySwitch.exe
        1⤵
          PID:2984
        • C:\Users\Admin\AppData\Local\lHazBjY\DisplaySwitch.exe
          C:\Users\Admin\AppData\Local\lHazBjY\DisplaySwitch.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3008

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\ESZZ91\VERSION.dll
          Filesize

          700KB

          MD5

          f47671a80773d78ca48fa6d59c818eb1

          SHA1

          82d055be64f5956c579faa07bc7fc9ab814cafa3

          SHA256

          b70f222026e3a659039767c6abed7658e44c091549baae25269176dad39004b4

          SHA512

          52dbb045695c3004a7ff20b7d3d7c3114c7c51a5134de0356f9ae8eddae7747a773d9ac276c226281de389349030b452072d23dae63272699009cd7ce9c8cd3d

          Download Submit

        • C:\Users\Admin\AppData\Local\fqPUrgd\UxTheme.dll
          Filesize

          700KB

          MD5

          797cb492069971028de336643a736011

          SHA1

          a9ca0c9ca101ddbf1ccc94031cc691ed9bb50bc7

          SHA256

          295330f43e7436aa1979993333b0a2f6783bd3f9ae31ebf5ba251d34b66624dd

          SHA512

          d2090a5fc70dbbb7d4944d1a1534426abb40b7eefc62b8e38629a20835d0bc577436104dedb755d86bd9743a6cf1553bb30bdd786ee272b7e8aca98032e695a4

          Download Submit

        • C:\Users\Admin\AppData\Local\lHazBjY\slc.dll
          Filesize

          700KB

          MD5

          03a1d723d8625df6247b6e37960a4437

          SHA1

          dac758882d6bcc415a559287fc477ff7c21be124

          SHA256

          64703c67b8871215e0f191a899629ad580c4cacb145cb70751ede121fd11e008

          SHA512

          ab6c1cc1616eabd5ae1a43011d4cdfc15f56e2f8c247f5204fef4958acd03dc8a5cd2d97bb5560115909c1ba8431903784256f1eee06ac070c7f0c5fb9c6bab3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Lcuygmmobxhxaxh.lnk
          Filesize

          965B

          MD5

          d148ae4411e04c6f4a63a7d4e4520ccd

          SHA1

          a511fdbe6ea4361749c165082bd933a982da472e

          SHA256

          7135c791ff4aaf79344a8cc6c86e1ca7be1ef356cb4554a2dd6f97980533cefc

          SHA512

          beef067a6dbb74c1087e8a6b9d0954bcdcd37ec6daf3263ce97c9991c8be009e14b878467f914a94553eea899b596a899a0655bf2929e2f53118070e8c3ed69a

          Download Submit

        • \Users\Admin\AppData\Local\ESZZ91\calc.exe
          Filesize

          897KB

          MD5

          10e4a1d2132ccb5c6759f038cdb6f3c9

          SHA1

          42d36eeb2140441b48287b7cd30b38105986d68f

          SHA256

          c6a91cba00bf87cdb064c49adaac82255cbec6fdd48fd21f9b3b96abf019916b

          SHA512

          9bd44afb164ab3e09a784c765cd03838d2e5f696c549fc233eb5a69cada47a8e1fb62095568cb272a80da579d9d0e124b1c27cf61bb2ac8cf6e584a722d8864d

          Download Submit

        • \Users\Admin\AppData\Local\fqPUrgd\isoburn.exe
          Filesize

          89KB

          MD5

          f8051f06e1c4aa3f2efe4402af5919b1

          SHA1

          bbcf3711501dfb22b04b1a6f356d95a6d5998790

          SHA256

          50dcb4be409f50d26c0fc32dd9cdbf96bff4e19bf624221cb566ebeb3e09ce1a

          SHA512

          5f664d937abe4426ee7e0d8491a395f9ef4ffe7a51dba05b54b7ba27e80c9be37833400911c5878d3dec659f4fa1579ec8ba4cfc485fb2ce24dd37c321006daa

          Download Submit

        • \Users\Admin\AppData\Local\lHazBjY\DisplaySwitch.exe
          Filesize

          517KB

          MD5

          b795e6138e29a37508285fc31e92bd78

          SHA1

          d0fe0c38c7c61adbb77e58d48b96cd4bf98ecd4a

          SHA256

          01a9733871baa8518092bade3fce62dcca14cdf6fc55b98218253580b38d7659

          SHA512

          8312174a77bab5fef7c4e9efff66c43d3515b02f5766ed1d3b9bd0abb3d7344a9a22cbac228132098428c122293d2b1898b3a2d75f5e4247b1dcb9aa9c7913b1

          Download Submit

        • memory/1188-23-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-44-0x0000000077066000-0x0000000077067000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-14-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-22-0x00000000029F0000-0x00000000029F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1188-13-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-12-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-11-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-25-0x0000000077300000-0x0000000077302000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1188-24-0x00000000772D0000-0x00000000772D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1188-3-0x0000000077066000-0x0000000077067000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-35-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-34-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-4-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-6-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-7-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-8-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-10-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1188-9-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2232-43-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2232-2-0x0000000000230000-0x0000000000237000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2232-0-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2404-69-0x0000000000180000-0x0000000000187000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2404-74-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/2720-57-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/2720-54-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2720-52-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/3008-90-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download