Overview

overview

10

Static

static

3

075ab26a20...85.dll

windows7-x64

10

075ab26a20...85.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 17:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    075ab26a20020aabdf6ff42b86a7b852167bc3ecdb5bf72f7891bd639779b285.dll

  • Size

    720KB

  • MD5

    547cff20a7fecb219285e1cc582b413c

  • SHA1

    4407b461b33bfaf3092ac7d8a8d9621ed2fb6200

  • SHA256

    075ab26a20020aabdf6ff42b86a7b852167bc3ecdb5bf72f7891bd639779b285

  • SHA512

    a0f789c5641cb62335567f533a8b86e8da02a5b66698e9e1cf21927161861f6a74b847f115c73c35c4d19dffec12cefaf90f5a9783b1824b52481cc49b3a841e

  • SSDEEP

    12288:5qJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:5qGBHTxvt+g2gYed

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\075ab26a20020aabdf6ff42b86a7b852167bc3ecdb5bf72f7891bd639779b285.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:608
  • C:\Windows\system32\LicensingUI.exe
    C:\Windows\system32\LicensingUI.exe
    1⤵
      PID:4824
    • C:\Users\Admin\AppData\Local\XLJ\LicensingUI.exe
      C:\Users\Admin\AppData\Local\XLJ\LicensingUI.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:5076
    • C:\Windows\system32\InfDefaultInstall.exe
      C:\Windows\system32\InfDefaultInstall.exe
      1⤵
        PID:2196
      • C:\Users\Admin\AppData\Local\UABUIEv\InfDefaultInstall.exe
        C:\Users\Admin\AppData\Local\UABUIEv\InfDefaultInstall.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:5088
      • C:\Windows\system32\LockScreenContentServer.exe
        C:\Windows\system32\LockScreenContentServer.exe
        1⤵
          PID:3056
        • C:\Users\Admin\AppData\Local\2MFBrQX\LockScreenContentServer.exe
          C:\Users\Admin\AppData\Local\2MFBrQX\LockScreenContentServer.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1768

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\2MFBrQX\LockScreenContentServer.exe
          Filesize

          47KB

          MD5

          a0b7513c98cf46ca2cea3a567fec137c

          SHA1

          2307fc8e3fc620ea3c2fdc6248ad4658479ba995

          SHA256

          cb2278884f04fd34753f7a20e5865ef5fc4fa47c28df9ac14ad6e922713af8c6

          SHA512

          3928485a60ffa7f2d2b7d0be51863e1f8197578cfb397f1086a1ab5132843a23bbc4042b04b5d01fafad04878bd839161fa492d0cf1a6bac6be92023cdee3d15

          Download Submit

        • C:\Users\Admin\AppData\Local\2MFBrQX\dwmapi.dll
          Filesize

          724KB

          MD5

          3160d022e72dd643e168fe8338dbdeb6

          SHA1

          3712f7afb850dbf9426a93c3864a9ef1f60e55b7

          SHA256

          569a3ad41edcd22fd4226437929145da8a6406627f24b8344a1579cd887014e1

          SHA512

          828dc7305c5e67f9edc04789fcca5ac2f00e4af0a3782a1d636b13c635f66844bc8a2e2be373cfab1c917c7b8051d8a3dc0a4561da7eda954a0a63ffa3598ff7

          Download Submit

        • C:\Users\Admin\AppData\Local\UABUIEv\InfDefaultInstall.exe
          Filesize

          13KB

          MD5

          ee18876c1e5de583de7547075975120e

          SHA1

          f7fcb3d77da74deee25de9296a7c7335916504e3

          SHA256

          e59127b5fe82714956c7a1f10392a8673086a8e1f609e059935c7da1fa015a5d

          SHA512

          08bc4d28b8f528582c58175a74871dd33ac97955c3709c991779fc34b5ba4b2ba6ff40476d9f59345b61b0153fd932b0ea539431a67ff5012cb2ac8ab392f73c

          Download Submit

        • C:\Users\Admin\AppData\Local\UABUIEv\newdev.dll
          Filesize

          724KB

          MD5

          7c5bd2b3e22346eb924e35cca139429d

          SHA1

          7eb54de97855c2de69e64ba04fdc7da1ecddb2b2

          SHA256

          4f76523cd0774556e588eaf197a480558b51953bc3f48a706489cd4224271764

          SHA512

          d6b1c3ddf536ae87318ae2ab4c5d1c77750c34adf56bcf9093760aa2a90758ea892743cd7a1d12ae036ed8d70b8071062d40d6b8d618539e5ef2fd66c2eedb3f

          Download Submit

        • C:\Users\Admin\AppData\Local\XLJ\DUI70.dll
          Filesize

          1000KB

          MD5

          5f852b18e98178d98835dbd21659c026

          SHA1

          644fd577d420ec99b99ae016ad4cfd229e7f587a

          SHA256

          eed53bf6d03e90135456a23a6b8a426ee40b57b3abff3a2d2094a17ceb2d357b

          SHA512

          8620b1e297a183e6375b5fd594a4d77597d134d571a78883413ca2917c4ccc5fd5e67ac5dc1bf9c75865263b0b0b04d406e14fd81f8aa2edb64621d9daa5b606

          Download Submit

        • C:\Users\Admin\AppData\Local\XLJ\LicensingUI.exe
          Filesize

          142KB

          MD5

          8b4abc637473c79a003d30bb9c7a05e5

          SHA1

          d1cab953c16d4fdec2b53262f56ac14a914558ca

          SHA256

          0e9eb89aa0df9bb84a8f11b0bb3e9d89905355de34c91508968b4cb78bc3f6c5

          SHA512

          5a40c846c5b3a53ae09114709239d8238c322a7d3758b20ed3fc8e097fc1409f62b4990557c1192e894eabfa89741a9d88bd5175850d039b97dfdf380d1c6eeb

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Zugrajzkhopu.lnk
          Filesize

          1KB

          MD5

          fee15b8eb8bb9473c21cd7b087974500

          SHA1

          92d4008dbb971e76f39aa412bba6296979fd56b9

          SHA256

          57c5f120b67960392b7c719725d4c658148f42519dd29839870bfd8a17654b7e

          SHA512

          dd5f8be89caaf43eff00c0c1c6fa22e5903dc2710d5461dce6f900a74d2354238076536aced25db61b7f029e1d67c6c138f1b459510942ca6e01d7c60c8ad1d8

          Download Submit

        • memory/608-37-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/608-2-0x00000193B0960000-0x00000193B0967000-memory.dmp

          Filesize

          28KB

          Download

        • memory/608-1-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1768-80-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/3432-12-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3432-8-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3432-6-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3432-25-0x00007FFA21FB0000-0x00007FFA21FC0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3432-24-0x00007FFA21FC0000-0x00007FFA21FD0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3432-23-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3432-34-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3432-13-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3432-9-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3432-10-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3432-5-0x00007FFA2109A000-0x00007FFA2109B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3432-7-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3432-3-0x0000000002520000-0x0000000002521000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3432-14-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/3432-22-0x0000000000AA0000-0x0000000000AA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3432-11-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/5076-46-0x000001C49E330000-0x000001C49E337000-memory.dmp

          Filesize

          28KB

          Download

        • memory/5076-49-0x0000000140000000-0x00000001400FA000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/5076-44-0x0000000140000000-0x00000001400FA000-memory.dmp

          Filesize

          1000KB

          Download

        • memory/5088-65-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/5088-61-0x0000000140000000-0x00000001400B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/5088-60-0x000002860A490000-0x000002860A497000-memory.dmp

          Filesize

          28KB

          Download