Overview

overview

10

Static

static

3

075ab26a20...85.dll

windows7-x64

10

075ab26a20...85.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    075ab26a20020aabdf6ff42b86a7b852167bc3ecdb5bf72f7891bd639779b285.dll

  • Size

    720KB

  • MD5

    547cff20a7fecb219285e1cc582b413c

  • SHA1

    4407b461b33bfaf3092ac7d8a8d9621ed2fb6200

  • SHA256

    075ab26a20020aabdf6ff42b86a7b852167bc3ecdb5bf72f7891bd639779b285

  • SHA512

    a0f789c5641cb62335567f533a8b86e8da02a5b66698e9e1cf21927161861f6a74b847f115c73c35c4d19dffec12cefaf90f5a9783b1824b52481cc49b3a841e

  • SSDEEP

    12288:5qJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:5qGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\075ab26a20020aabdf6ff42b86a7b852167bc3ecdb5bf72f7891bd639779b285.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3056
  • C:\Windows\system32\sdclt.exe
    C:\Windows\system32\sdclt.exe
    1⤵
      PID:4500
    • C:\Users\Admin\AppData\Local\0lnH3Wq\sdclt.exe
      C:\Users\Admin\AppData\Local\0lnH3Wq\sdclt.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4252
    • C:\Windows\system32\rdpinit.exe
      C:\Windows\system32\rdpinit.exe
      1⤵
        PID:3964
      • C:\Users\Admin\AppData\Local\lRdblZZC\rdpinit.exe
        C:\Users\Admin\AppData\Local\lRdblZZC\rdpinit.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:952
      • C:\Windows\system32\CameraSettingsUIHost.exe
        C:\Windows\system32\CameraSettingsUIHost.exe
        1⤵
          PID:4180
        • C:\Users\Admin\AppData\Local\wZjl60y\CameraSettingsUIHost.exe
          C:\Users\Admin\AppData\Local\wZjl60y\CameraSettingsUIHost.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3288

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\0lnH3Wq\sdclt.exe
          Filesize

          1.2MB

          MD5

          e09d48f225e7abcab14ebd3b8a9668ec

          SHA1

          1c5b9322b51c09a407d182df481609f7cb8c425d

          SHA256

          efd238ea79b93d07852d39052f1411618c36e7597e8af0966c4a3223f0021dc3

          SHA512

          384d606b90c4803e5144b4de24edc537cb22dd59336a18a58d229500ed36aec92c8467cae6d3f326647bd044d8074931da553c7809727fb70227e99c257df0b4

          Download Submit

        • C:\Users\Admin\AppData\Local\0lnH3Wq\wer.dll
          Filesize

          728KB

          MD5

          999539dae1875d1226664580d912ce48

          SHA1

          d93a47ee683bfc2cdc721c3e3105060e2e87494f

          SHA256

          b3adf9461d467833bb6f49cb4148b220af39f416e3824674da9573193b622c29

          SHA512

          ad0e7a6450137b497e04462123f4da5e6dd53787d52bb05b6269099db6597bed3849bfb1864f804366d8fd76068e7006f84a0161df55d3531130d2ecb0173fe4

          Download Submit

        • C:\Users\Admin\AppData\Local\lRdblZZC\WTSAPI32.dll
          Filesize

          724KB

          MD5

          d0b5d00212def523ca56931335f00044

          SHA1

          cefddee2a9bacaa0ffb399a8973ab5364be6346a

          SHA256

          b9cfb72cbebc5706d51ef250d0be3a748d4bf26c1450ca3f443de9428cf1e75d

          SHA512

          011c064a07406d24428c78a793e2ab7509bb936725bd44e3cfbfb277c6685472b87058fa449149b3fdc15917faa298215a4d8740a8834bcf7e4f7eebecb83db6

          Download Submit

        • C:\Users\Admin\AppData\Local\lRdblZZC\rdpinit.exe
          Filesize

          343KB

          MD5

          b0ecd76d99c5f5134aeb52460add6f80

          SHA1

          51462078092c9d6b7fa2b9544ffe0a49eb258106

          SHA256

          51251863097f7c80ef59606152ec59e7522881c8e3886c194c43f56bcab92e1b

          SHA512

          16855c7db48b26297c78d37d52ad03f6af0f5a58e333e17ad83b34f5e8b200c5517c6481043af0ecf1b962af2378f38600bd968592f4e1018b5a1b9400adb367

          Download Submit

        • C:\Users\Admin\AppData\Local\wZjl60y\CameraSettingsUIHost.exe
          Filesize

          31KB

          MD5

          9e98636523a653c7a648f37be229cf69

          SHA1

          bd4da030e7cf4d55b7c644dfacd26b152e6a14c4

          SHA256

          3bf20bc5a208dfa1ea26a042fd0010b1268dcfedc94ed775f11890bc1d95e717

          SHA512

          41966166e2ddfe40e6f4e6da26bc490775caac9997465c6dd94ba6a664d3a797ffc2aa5684c95702e8657e5cea62a46a75aee3e7d5e07a47dcaaa5c4da565e78

          Download Submit

        • C:\Users\Admin\AppData\Local\wZjl60y\DUI70.dll
          Filesize

          1000KB

          MD5

          5ffed68c1cc6833195d8af7735d7c8ae

          SHA1

          dac0fc34d9cf290d27ab5e4837589b63c8568df4

          SHA256

          16d92cb7dce581684dc035fc64c4c0f477f78d4aeff8e1dad98d2248c30e41a7

          SHA512

          906e1d87311d6493296c1d7778649028a8b599a65f9e5dc9c313acfef841dbf52ce9f1f189686d392a928257a37d62aa89c5aa733e5891526dba34ad1258abee

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rasxaa.lnk
          Filesize

          1KB

          MD5

          a9605fcc6119c3d4450456b5e857e71b

          SHA1

          506393aeb47eaed7c84d2ac1d1986477c83474e1

          SHA256

          b0ff9bfdcd98f614d199b3e58719df2aa39d4a55c72ff18c03a96e69cadf9bb6

          SHA512

          48021f972593e301efd486e6e49350848746a44f1acc92aa8e5ceca9549f73c6a2ab0272ebfe92f8c2c5621dcd16ad2e0ebe972b01b3cd1aec1f0c94fadc1321

          Download Submit

        • memory/952-60-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/952-62-0x000001E43A930000-0x000001E43A937000-memory.dmp

          Filesize

          28KB

          Download

        • memory/952-65-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/3056-0-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3056-37-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3056-2-0x0000013F5BFF0000-0x0000013F5BFF7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3288-77-0x0000000140000000-0x00000001400FA000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/3288-80-0x0000000140000000-0x00000001400FA000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/3520-12-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3520-24-0x00007FF9BE600000-0x00007FF9BE610000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3520-6-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3520-8-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3520-9-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3520-11-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3520-5-0x00007FF9BE56A000-0x00007FF9BE56B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3520-3-0x0000000002570000-0x0000000002571000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3520-10-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3520-7-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3520-34-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3520-23-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3520-25-0x00007FF9BE5F0000-0x00007FF9BE600000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3520-14-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3520-22-0x0000000001F30000-0x0000000001F37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3520-13-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/4252-44-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/4252-49-0x0000000140000000-0x00000001400B6000-memory.dmp

          Filesize

          728KB

          Download

        • memory/4252-46-0x000002039B6B0000-0x000002039B6B7000-memory.dmp

          Filesize

          28KB

          Download