Overview

overview

10

Static

static

3

8b32751a64...86.dll

windows7-x64

10

8b32751a64...86.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 00:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b32751a6432113ee710babcc5315a8aabf4b5a3647bf15aa345a6e3dd63f086.dll

  • Size

    944KB

  • MD5

    342cec4e287b2f1285f18c63c01fc5e4

  • SHA1

    ba8832830889724887ef7ee003f2a3eed503e4b7

  • SHA256

    8b32751a6432113ee710babcc5315a8aabf4b5a3647bf15aa345a6e3dd63f086

  • SHA512

    517db6bf9b425716f80afac7f2e6d897c2fecf84adfad35cec156809bcfb634ce4700b17f7d3810b5e9b10bbd784665097d62afa1e81f625b8827ea5e81cdec2

  • SSDEEP

    6144:s34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTg:sIKp/UWCZdCDh2IZDwAFRpR6Auk6kK

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8b32751a6432113ee710babcc5315a8aabf4b5a3647bf15aa345a6e3dd63f086.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4548
  • C:\Windows\system32\DWWIN.EXE
    C:\Windows\system32\DWWIN.EXE
    1⤵
      PID:760
    • C:\Users\Admin\AppData\Local\S61QiQ\DWWIN.EXE
      C:\Users\Admin\AppData\Local\S61QiQ\DWWIN.EXE
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1448
    • C:\Windows\system32\wextract.exe
      C:\Windows\system32\wextract.exe
      1⤵
        PID:4912
      • C:\Users\Admin\AppData\Local\LhHV25mmA\wextract.exe
        C:\Users\Admin\AppData\Local\LhHV25mmA\wextract.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4060
      • C:\Windows\system32\msdt.exe
        C:\Windows\system32\msdt.exe
        1⤵
          PID:5028
        • C:\Users\Admin\AppData\Local\cJUYgiD\msdt.exe
          C:\Users\Admin\AppData\Local\cJUYgiD\msdt.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1860

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\LhHV25mmA\VERSION.dll
          Filesize

          948KB

          MD5

          0318c7c54337601cbc02a892f64b7fcc

          SHA1

          7f44f440d7e48ec83ca34ebaedec3a17ab2fda54

          SHA256

          9730b06ec5b45db1887e4e20af6e8fc7dade3f35900b0c2c092db7a30f4e7688

          SHA512

          b7e0d047d32c6c08f3a45a061e39d13ee6372c766a8966ef9bf863b44a132a7e7d7b66167900c1f79a215031a3573cb051c3f9349f114e46d14bda13438cb2e9

          Download Submit

        • C:\Users\Admin\AppData\Local\LhHV25mmA\wextract.exe
          Filesize

          143KB

          MD5

          56e501e3e49cfde55eb1caabe6913e45

          SHA1

          ab2399cbf17dbee7b302bea49e40d4cee7caea76

          SHA256

          fbb6dc62abeeb222b49a63f43dc6eea96f3d7e9a8da55381c15d57a5d099f3e0

          SHA512

          2b536e86cbd8ab026529ba2c72c0fda97e9b6f0bc4fd96777024155852670cb41d17937cde372a44cdbad3e53b8cd3ef1a4a3ee9b34dfb3c2069822095f7a172

          Download Submit

        • C:\Users\Admin\AppData\Local\S61QiQ\DWWIN.EXE
          Filesize

          229KB

          MD5

          444cc4d3422a0fdd45c1b78070026c60

          SHA1

          97162ff341fff1ec54b827ec02f8b86fd2d41a97

          SHA256

          4b3f620272e709ce3e01ae5b19ef0300bd476f2da6412637f703bbaded2821f0

          SHA512

          21742d330a6a5763ea41a8fed4d71b98e4a1b4c685675c4cfeb7253033c3a208c23902caf0efdf470a85e0770cb8fac8af0eb6d3a8511445b0570054b42d5553

          Download Submit

        • C:\Users\Admin\AppData\Local\S61QiQ\wer.dll
          Filesize

          952KB

          MD5

          7d4cf97ed530d24e7cd57261ed62f166

          SHA1

          9550cb58b8996a50aec73f8eaefb2c03fbe1f612

          SHA256

          b38cef557ce5ae386097239d5a2f8485a56ee1715676a080c91f14167f18e11f

          SHA512

          11dbb68e147b44f705785a0e4820f1f47d2921948362374442bfd9e22ee4bfcc5fadfb0547df4aa65516c567d1742d36ad251ade1dc50be6e34883e2046a39d6

          Download Submit

        • C:\Users\Admin\AppData\Local\cJUYgiD\UxTheme.dll
          Filesize

          948KB

          MD5

          4644760f4f9c9b5edc42054eff247586

          SHA1

          820b8b83576f9cadb2a8ff497d5b61d35b5c6cd9

          SHA256

          e13fb4501c375aab6634507e38acee2789c5a0a78e04ed408a9d862925250134

          SHA512

          e5e17c4f5021486875b3dc3a7eb6fae5a57f34361ed23a2bdc9c88c1a5f0d4c84ceca8113b5c5a05a7110c9a5b0368feb9fb7f17d1b4e45fbc4b65419b528163

          Download Submit

        • C:\Users\Admin\AppData\Local\cJUYgiD\msdt.exe
          Filesize

          421KB

          MD5

          992c3f0cc8180f2f51156671e027ae75

          SHA1

          942ec8c2ccfcacd75a1cd86cbe8873aee5115e29

          SHA256

          6859d1b5d1beaa2985b298f3fcee67f0aac747687a9dec2b4376585e99e9756f

          SHA512

          1f1b8d39e29274cfc87a9ef1510adb9c530086a421c121523376731c8933c6e234e9146310d3767ce888a8dce7a5713221f4d25e5b7b6398d06ae2be2b99eadf

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yxuzhivmkyvewy.lnk
          Filesize

          1KB

          MD5

          3e6251fea8a69706f13f3dec9daaf7ef

          SHA1

          280ae244d9bf5273a534c97d605bc5a011dff592

          SHA256

          5b580dda50cb9ead8cf770448ab5aecac2c146821bfe6e6f5073c4238b8b994e

          SHA512

          5ba99531e9465bb2b2efaaddb6e934ae0ad2948d02756d80c3c83ba6553f4f5118cb14780126aba304cfae536ecb8bf37091aa5b29843011ac8253cd1e04e257

          Download Submit

        • memory/1448-48-0x00007FF92B240000-0x00007FF92B32E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/1448-47-0x000001EAB8EB0000-0x000001EAB8EB7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1448-45-0x00007FF92B240000-0x00007FF92B32E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/1860-81-0x00007FF92AFF0000-0x00007FF92B0DD000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1860-77-0x00007FF92AFF0000-0x00007FF92B0DD000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-24-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-11-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-8-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-7-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-6-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-26-0x00007FF949D30000-0x00007FF949D40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3504-25-0x00007FF949D40000-0x00007FF949D50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3504-35-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-5-0x00007FF947DFA000-0x00007FF947DFB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3504-15-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-10-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-9-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-3-0x0000000002660000-0x0000000002661000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3504-12-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-23-0x0000000000550000-0x0000000000557000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3504-16-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-13-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/3504-14-0x0000000140000000-0x00000001400EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/4060-66-0x00007FF92B240000-0x00007FF92B32D000-memory.dmp

          Filesize

          948KB

          Download

        • memory/4060-61-0x00007FF92B240000-0x00007FF92B32D000-memory.dmp

          Filesize

          948KB

          Download

        • memory/4060-63-0x0000028CAFFA0000-0x0000028CAFFA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4548-2-0x000001AD2B740000-0x000001AD2B747000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4548-38-0x00007FF93AF60000-0x00007FF93B04C000-memory.dmp

          Filesize

          944KB

          Download

        • memory/4548-1-0x00007FF93AF60000-0x00007FF93B04C000-memory.dmp

          Filesize

          944KB

          Download