Overview

overview

10

Static

static

3

075ab26a20...85.dll

windows7-x64

10

075ab26a20...85.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    075ab26a20020aabdf6ff42b86a7b852167bc3ecdb5bf72f7891bd639779b285.dll

  • Size

    720KB

  • MD5

    547cff20a7fecb219285e1cc582b413c

  • SHA1

    4407b461b33bfaf3092ac7d8a8d9621ed2fb6200

  • SHA256

    075ab26a20020aabdf6ff42b86a7b852167bc3ecdb5bf72f7891bd639779b285

  • SHA512

    a0f789c5641cb62335567f533a8b86e8da02a5b66698e9e1cf21927161861f6a74b847f115c73c35c4d19dffec12cefaf90f5a9783b1824b52481cc49b3a841e

  • SSDEEP

    12288:5qJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:5qGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\075ab26a20020aabdf6ff42b86a7b852167bc3ecdb5bf72f7891bd639779b285.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2896
  • C:\Windows\system32\psr.exe
    C:\Windows\system32\psr.exe
    1⤵
      PID:2628
    • C:\Users\Admin\AppData\Local\MlnKZLAWq\psr.exe
      C:\Users\Admin\AppData\Local\MlnKZLAWq\psr.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2676
    • C:\Windows\system32\sethc.exe
      C:\Windows\system32\sethc.exe
      1⤵
        PID:2824
      • C:\Users\Admin\AppData\Local\ld4NHIWiC\sethc.exe
        C:\Users\Admin\AppData\Local\ld4NHIWiC\sethc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3016
      • C:\Windows\system32\BdeUISrv.exe
        C:\Windows\system32\BdeUISrv.exe
        1⤵
          PID:2552
        • C:\Users\Admin\AppData\Local\bUQN4HCT\BdeUISrv.exe
          C:\Users\Admin\AppData\Local\bUQN4HCT\BdeUISrv.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2944

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\MlnKZLAWq\XmlLite.dll
          Filesize

          724KB

          MD5

          54c74f550e4bc739ede8637e24f3b4e5

          SHA1

          f29c6c882c5c6c33d315dbdc1f69c84cf5ffde65

          SHA256

          6f9a6e727ec10475f7a6af8177856bd8e60acf52d86271d0492f664c46afff8e

          SHA512

          cf85773270bb7bc257047d955008d0f13e8ed9e36e807bd5118eeeb7799d3033611486f3178586a1e233012add182cf233ffd21077249b614344b9df08e5c78c

          Download Submit

        • C:\Users\Admin\AppData\Local\bUQN4HCT\WTSAPI32.dll
          Filesize

          724KB

          MD5

          ed290989572e5a3c2df0146b7378d266

          SHA1

          f86d0ab61127d800fecae6b53f636cf287983538

          SHA256

          43222f0be36f50371df387cae660de19a77bb81ac1f851c3f2d688befd59c42e

          SHA512

          65edc4cc7f76512d2e8b534e3d9d3970ac2408921811874c8a453c7b951003bab31ef4101d4bb73f5f3ec3993cf897e25d28b9574504b7a4bb667bdd0d02b023

          Download Submit

        • C:\Users\Admin\AppData\Local\ld4NHIWiC\UxTheme.dll
          Filesize

          724KB

          MD5

          9a4db5b8dc792ed7b11b0a2f2af2195d

          SHA1

          d3c6513203c1c37ef1fd0af18cb5dd1491cd4852

          SHA256

          beb0e9984131c907b3460118f05040bc3d639d8990f1e8cd61003b6859b68107

          SHA512

          8da13a0ed74ddf4a423e197e03ac166ea77129a9b699c85bcb0101eb58bcb6202c98573cf3f3124a0c61e23d2b2161d543cf6f6f6b460108bf4d0cb7a37fdf89

          Download Submit

        • C:\Users\Admin\AppData\Local\ld4NHIWiC\sethc.exe
          Filesize

          272KB

          MD5

          3bcb70da9b5a2011e01e35ed29a3f3f3

          SHA1

          9daecb1ee5d7cbcf46ee154dd642fcd993723a9b

          SHA256

          dd94bf73f0e3652b76cfb774b419ceaa2082bc7f30cc34e28dfa51952fa9ccb5

          SHA512

          69d231132f488fd7033349f232db1207f88f1d5cb84f5422adf0dd5fb7b373dada8fdfac7760b8845e5aab00a7ae56f24d66bbb8aa70c3c8de6ec5c31982b4df

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ykefwsdudlbqds.lnk
          Filesize

          1KB

          MD5

          d81957d78c33003337c242d038c8f357

          SHA1

          56f559b93172b75545badc48b8d7857cbf8d82ec

          SHA256

          06395a0c924695d18d96c9ec77d2a3e84968f72a4f8e2adc608533d7c5683fc4

          SHA512

          665b1d89314eb0eeb3a3d968d6193cfe9a6ac893cf4ecafdcab52c4f725c705972b1c68fdf56c073d892e8c0ea7a46318fc6dd3e94054077797409eb18e4ed85

          Download Submit

        • \Users\Admin\AppData\Local\MlnKZLAWq\psr.exe
          Filesize

          715KB

          MD5

          a80527109d75cba125d940b007eea151

          SHA1

          facf32a9ede6abfaa09368bfdfcfec8554107272

          SHA256

          68910f8aae867e938b6a3b76cdf176898ba275d9ade85b4ce00b03232de4c495

          SHA512

          77b86a597c33af8d3fbd9711f4abe6e0ca33b86279b1d28a25dcf3545a34b221be1ad7d11004d016203809cead1ebfd4b7e889ee9df2efc100eabf77963c1774

          Download Submit

        • \Users\Admin\AppData\Local\bUQN4HCT\BdeUISrv.exe
          Filesize

          47KB

          MD5

          1da6b19be5d4949c868a264bc5e74206

          SHA1

          d5ee86ba03a03ef8c93d93accafe40461084c839

          SHA256

          00330a0e0eb1dbb6ee84997963f8e15c7c15c1df787f1c7f109609d7b31bd35c

          SHA512

          9cee858c55eb0852e5bad53a675a094ae591b46b07afe9fb4224cac32e0be577fe36c1ed3e9f6bda4d4eb0c924a773d00e3181cd97f07e24c6c68c70f2b002c6

          Download Submit

        • memory/1196-24-0x00000000773C0000-0x00000000773C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1196-44-0x0000000077156000-0x0000000077157000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1196-11-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-10-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-8-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-7-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-9-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-23-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-25-0x00000000773F0000-0x00000000773F2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1196-3-0x0000000077156000-0x0000000077157000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1196-34-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-35-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-4-0x0000000002D00000-0x0000000002D01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1196-12-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-13-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-22-0x0000000002CE0000-0x0000000002CE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1196-6-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1196-14-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2676-57-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/2676-53-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/2676-52-0x0000000000510000-0x0000000000517000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2896-43-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2896-2-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2896-0-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2944-90-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/3016-71-0x0000000001F30000-0x0000000001F37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3016-74-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download