Overview

overview

10

Static

static

3

ad0b18cfa7...10.dll

windows7-x64

10

ad0b18cfa7...10.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad0b18cfa7d60fe654fbe6a1cd60aab989d005842ee266b22d02d37113eee410.dll

  • Size

    692KB

  • MD5

    4e9ee8c6b8009c8373d5eeb12b6a011f

  • SHA1

    a91bd75d1d9b349e6a8f663757c8de44572776a2

  • SHA256

    ad0b18cfa7d60fe654fbe6a1cd60aab989d005842ee266b22d02d37113eee410

  • SHA512

    aec16fa91604cf5fad9be022e6c0d8a28fe64c5cf9b18fe196ca21bde8403e4f555f8066e26d9fd15d4d257bf8669b3c89d886b0e4259d227c5785ad28017644

  • SSDEEP

    12288:AqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:AqGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad0b18cfa7d60fe654fbe6a1cd60aab989d005842ee266b22d02d37113eee410.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2096
  • C:\Windows\system32\GamePanel.exe
    C:\Windows\system32\GamePanel.exe
    1⤵
      PID:4080
    • C:\Users\Admin\AppData\Local\D5MS\GamePanel.exe
      C:\Users\Admin\AppData\Local\D5MS\GamePanel.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1088
    • C:\Windows\system32\slui.exe
      C:\Windows\system32\slui.exe
      1⤵
        PID:2448
      • C:\Users\Admin\AppData\Local\S0ko7ubzZ\slui.exe
        C:\Users\Admin\AppData\Local\S0ko7ubzZ\slui.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2584
      • C:\Windows\system32\ie4uinit.exe
        C:\Windows\system32\ie4uinit.exe
        1⤵
          PID:4304
        • C:\Users\Admin\AppData\Local\SLKv7C\ie4uinit.exe
          C:\Users\Admin\AppData\Local\SLKv7C\ie4uinit.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4344

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\D5MS\GamePanel.exe
          Filesize

          1.2MB

          MD5

          266f6a62c16f6a889218800762b137be

          SHA1

          31b9bd85a37bf0cbb38a1c30147b83671458fa72

          SHA256

          71f8f11f26f3a7c1498373f20f0f4cc960513d0383fe24906eeb1bc9678beecd

          SHA512

          b21d9b0656ab6bd3b158922722a332f07096ddd4215c802776c5807c9cf6ece40082dd986ea6867bdc8d22878ce035a5c8dfcc26cfae94aeee059701b6bf1e68

          Download Submit

        • C:\Users\Admin\AppData\Local\D5MS\dxgi.dll
          Filesize

          696KB

          MD5

          c82a4e6d746dae3c0e130ea56e0f9118

          SHA1

          f97c50953a411b83d2d91c5fb247e42233faec87

          SHA256

          8c040d68d539f2b0d15933449c0d08c34a1c0cf2bb70c7377aa53bb3c20da3b7

          SHA512

          1fe294c25a503fcab004c811728a716e9b79b21ff6da8c3e305d9eca9017759fd2a0d77f5497dfb53d1433fdba9a0c7e317bafcef87c49d597e0b5b38ab6bf43

          Download Submit

        • C:\Users\Admin\AppData\Local\S0ko7ubzZ\WINBRAND.dll
          Filesize

          696KB

          MD5

          5b7ce6313f0a1497660a72523e4bf85c

          SHA1

          6a1e27b22334aa3c15d7f3a300a2cf3af24bd072

          SHA256

          699174bd2bdf61a47dd7b25a7cfd70786c01b1ab6bd5788aa1fc4e82d705147a

          SHA512

          2c517e697e82adc78ec016f449c174bc0045d3ef038f757ceccc7a227a8e9db50ee4f62656e810ecb213e270456a9f467ff0c64ca04740bcccf7f4a4ab8095fc

          Download Submit

        • C:\Users\Admin\AppData\Local\S0ko7ubzZ\slui.exe
          Filesize

          534KB

          MD5

          eb725ea35a13dc18eac46aa81e7f2841

          SHA1

          c0b3304c970324952e18c4a51073e3bdec73440b

          SHA256

          25e7624d469a592934ab8c509d12c153c2799e604c2a4b8a83650a7268577dff

          SHA512

          39192a1fad29654b3769f007298eff049d0688a3cb51390833ec563f44f9931cd3f6f8693db37b649b061b5aab379b166c15dade56d0fc414375243320375b26

          Download Submit

        • C:\Users\Admin\AppData\Local\SLKv7C\VERSION.dll
          Filesize

          696KB

          MD5

          df54db51e3dbfe11b9b545a92458ff69

          SHA1

          67d7cfea600129386bfa902086108826786f9a3a

          SHA256

          b60f073f92fb0922ce6568dcee3c9df95ee5593388bbdc47171e8e8e40861294

          SHA512

          025f1137997d32525e63fc09d3564a5950cda293be3c338e9db7780f53f96ef7ac634a1c76fcb3652eeaea3fbacaf536035f0115ee2f25efbb8fd46426fce7cb

          Download Submit

        • C:\Users\Admin\AppData\Local\SLKv7C\ie4uinit.exe
          Filesize

          262KB

          MD5

          a2f0104edd80ca2c24c24356d5eacc4f

          SHA1

          8269b9fd9231f04ed47419bd565c69dc677fab56

          SHA256

          5d85c4d62cc26996826b9d96a9153f7e05a2260342bd913b3730610a1809203c

          SHA512

          e7bb87f9f6c82cb945b95f62695be98b3fa827a24fa8c4187fe836d4e7d3e7ae3b95101edd3c41d65f6cb684910f5954a67307d450072acd8d475212db094390

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ltmfycbfnis.lnk
          Filesize

          1KB

          MD5

          7d2824744a761a65d332891d5bdab878

          SHA1

          ce2a18a38b3a3ad96828b6e67f741e9c68337b6e

          SHA256

          652016b4e994bb72aa117270c10e6d493da4086014c3fa7c6e82d0df35663275

          SHA512

          8bed0d8e2fbb67bda4c90b66df0c2441319f8186bcdce265cdcbea78dc96239060d7d402906866d0b6d3ec42a038024c8098e8a3f3c5656e0ff4db525ccd4f44

          Download Submit

        • memory/1088-48-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1088-44-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1088-43-0x000001CD8A750000-0x000001CD8A757000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2096-0-0x000002492C440000-0x000002492C447000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2096-36-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/2096-2-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/2584-63-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/3396-9-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/3396-8-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/3396-33-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/3396-23-0x00007FFE4C540000-0x00007FFE4C550000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3396-22-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/3396-3-0x00000000027C0000-0x00000000027C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3396-5-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/3396-6-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/3396-7-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/3396-24-0x00007FFE4C530000-0x00007FFE4C540000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3396-11-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/3396-12-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/3396-21-0x00000000006D0000-0x00000000006D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3396-20-0x00007FFE4C3FA000-0x00007FFE4C3FB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3396-10-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/4344-80-0x000002048B4D0000-0x000002048B57E000-memory.dmp

          Filesize

          696KB

          Download

        • memory/4344-76-0x000002048B4D0000-0x000002048B57E000-memory.dmp

          Filesize

          696KB

          Download