Overview

overview

10

Static

static

3

75744da9a6...7d.dll

windows7-x64

10

75744da9a6...7d.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75744da9a671242b908e36a14db2b512b454f506e6eee9e77da3bec1e7225f7d.dll

  • Size

    664KB

  • MD5

    5f6c31f53f65a1fdb86734c3f9ee7840

  • SHA1

    a8c5aeb8b426258e84fb7b4bd181f85db18405ae

  • SHA256

    75744da9a671242b908e36a14db2b512b454f506e6eee9e77da3bec1e7225f7d

  • SHA512

    a1713364329e883b9a62409ce721ce7fbc929814e196c8eb18a3bf121cf2eea83d875869d1c8702ef7f9888e4f11659201132554d0101ecf6d0d89592025d242

  • SSDEEP

    6144:y34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTg:yIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\75744da9a671242b908e36a14db2b512b454f506e6eee9e77da3bec1e7225f7d.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4340
  • C:\Windows\system32\SppExtComObj.Exe
    C:\Windows\system32\SppExtComObj.Exe
    1⤵
      PID:940
    • C:\Users\Admin\AppData\Local\OYAJx92w4\SppExtComObj.Exe
      C:\Users\Admin\AppData\Local\OYAJx92w4\SppExtComObj.Exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3896
    • C:\Windows\system32\isoburn.exe
      C:\Windows\system32\isoburn.exe
      1⤵
        PID:4764
      • C:\Users\Admin\AppData\Local\ei1\isoburn.exe
        C:\Users\Admin\AppData\Local\ei1\isoburn.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4436
      • C:\Windows\system32\shrpubw.exe
        C:\Windows\system32\shrpubw.exe
        1⤵
          PID:1232
        • C:\Users\Admin\AppData\Local\ZtYqhO\shrpubw.exe
          C:\Users\Admin\AppData\Local\ZtYqhO\shrpubw.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1508

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\OYAJx92w4\ACTIVEDS.dll
          Filesize

          668KB

          MD5

          cb11afd002ff1574045cf9eb6fda9953

          SHA1

          adc31e36c364a11e15f32e0af3f06b4a34cf9fe2

          SHA256

          1ff38bb7901198e26dd3d4ab4d82afafa2a658ff50e9ff881a6b8f233057c0ff

          SHA512

          85b6592c65eeb381f517a98bfeef7ee81ed078bab1a03919e2bfa44f1acfd16c9ff9fe849824021fe2bef98eebd40c916888cbe17ca8530b4db33cde437bfa60

          Download Submit

        • C:\Users\Admin\AppData\Local\OYAJx92w4\SppExtComObj.Exe
          Filesize

          559KB

          MD5

          728a78909aa69ca0e976e94482350700

          SHA1

          6508dfcbf37df25cae8ae68cf1fcd4b78084abb7

          SHA256

          2a6581576305771044f07ea0fef27f77859996dbf66c2017e938f90bfc1e010c

          SHA512

          22bf985e71afa58a1365cc733c0aa03dabd4b44e7c6a136eb5f9b870db14470201b4ef88a19fa3864af6c44e79e1a01d6f8806062d9d4861ba7dac77d82074f1

          Download Submit

        • C:\Users\Admin\AppData\Local\ZtYqhO\ACLUI.dll
          Filesize

          668KB

          MD5

          ec4259db1c6819a35b9d9e5134daad21

          SHA1

          ebdb61c7bc858cec04961fa9130c17a39211a86a

          SHA256

          40815b4d1bc88727ef88005c0f1281a5b7db8e69858aed6821646b1fb2e2ede9

          SHA512

          75a7da35758bb6d90a5b610e28917c1f1f51fe3a93f89b4856b998eccfe2b62dbb376d3b2f89e3f7fc70dde6f366e45e49b7998052b33c82d3b9965be6536fed

          Download Submit

        • C:\Users\Admin\AppData\Local\ZtYqhO\shrpubw.exe
          Filesize

          59KB

          MD5

          9910d5c62428ec5f92b04abf9428eec9

          SHA1

          05f27d7515e8ae1fa3bc974ec65b864ec4c9ac8b

          SHA256

          6b84e6e55d8572d7edf0b6243d00abb651fcb0cddddac8461de5f9bb80035a2e

          SHA512

          01be043f7ff879a683e53962eec58456ba200d6787ea66581bb62669ae65d5e58a5577cdf23441165f7a535fce1dec933e3ad2465c72172b4a1488b24ce722cb

          Download Submit

        • C:\Users\Admin\AppData\Local\ei1\UxTheme.dll
          Filesize

          668KB

          MD5

          42ec802b69b71ac4d56cbe9f94cbb91d

          SHA1

          86ba8c0673eb5271dcd79d9ebc7c76b89ff6f1b8

          SHA256

          1ba8256511e585fd79f8f833b2eea7a28ed96c47d029ba01b40d6b1494213ed5

          SHA512

          fa7bef5fdfdc4807e575487d71e84df321bbf1cc0208a9ac169b16fee4f93928b2e1496db509c86c34b343e0c30206b497fcce84d390cf908ffcd615b5e71de7

          Download Submit

        • C:\Users\Admin\AppData\Local\ei1\isoburn.exe
          Filesize

          119KB

          MD5

          68078583d028a4873399ae7f25f64bad

          SHA1

          a3c928fe57856a10aed7fee17670627fe663e6fe

          SHA256

          9478c095afe212bce91d2de1a3c3647109f2d54e46b9bf70843e839324458567

          SHA512

          25503a47c53fe83eeb56726b5a5eec5cb01bc783e866306f92242a7a8cbafa20a3209217e0f4561febfec78d2f64f1725727a6b2d3ee6da512618984d0bb0bc1

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fkasxldymr.lnk
          Filesize

          1KB

          MD5

          14a7107b8cdca0ec7cd89fe4bb0ee0f8

          SHA1

          2d5a58c5a5ec9d70fe57a38c75334eb1841c535f

          SHA256

          979b6359f1090db16630d1f43d843669b773063839dd8e391072ca34b33cd7c7

          SHA512

          9c5fabbe9d4a0c3d7db2aede23727f116e1e18031b6872bd4d45f0179402cdc54ae7c2105fc14e2ec21b485954155852a857fa8ca7a0c8d09c37079bd16b6211

          Download Submit

        • memory/1508-80-0x00007FFA13920000-0x00007FFA139C7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3144-8-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-14-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-24-0x00007FFA32280000-0x00007FFA32290000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3144-34-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-23-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-10-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-9-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-13-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-5-0x00007FFA3046A000-0x00007FFA3046B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3144-7-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-6-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-3-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3144-11-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-25-0x00007FFA32270000-0x00007FFA32280000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3144-12-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-15-0x0000000140000000-0x00000001400A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/3144-22-0x0000000001E70000-0x0000000001E77000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3896-49-0x00007FFA13980000-0x00007FFA13A27000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3896-45-0x00007FFA13980000-0x00007FFA13A27000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3896-44-0x000002180A920000-0x000002180A927000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4340-37-0x00007FFA14D40000-0x00007FFA14DE6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/4340-0-0x00007FFA14D40000-0x00007FFA14DE6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/4340-2-0x000001EA2DE50000-0x000001EA2DE57000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4436-62-0x000001DDC7460000-0x000001DDC7467000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4436-60-0x00007FFA13920000-0x00007FFA139C7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/4436-65-0x00007FFA13920000-0x00007FFA139C7000-memory.dmp

          Filesize

          668KB

          Download