Overview

overview

10

Static

static

3

7b5abbc20d...b4.dll

windows7-x64

10

7b5abbc20d...b4.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 04:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b5abbc20d881379a184b6c2f29a1e70196b4dabdbfbebc60f439a83be323bb4.dll

  • Size

    668KB

  • MD5

    95c5f4396d2f989fa54fd09521fc2676

  • SHA1

    7bf1a0ee837c77866dd7ea42eb0ddf060990fd81

  • SHA256

    7b5abbc20d881379a184b6c2f29a1e70196b4dabdbfbebc60f439a83be323bb4

  • SHA512

    1ce9ef6f4f5cc2d4ce245b0efc330d7e62dd0e4a8ad57570f25efb67364bb6ca5888ad9dcc1a41ee95d682aa0b4633971c6d83428cf307fa6ea6fd0692dc7494

  • SSDEEP

    6144:v34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:vIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b5abbc20d881379a184b6c2f29a1e70196b4dabdbfbebc60f439a83be323bb4.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2108
  • C:\Windows\system32\BitLockerWizardElev.exe
    C:\Windows\system32\BitLockerWizardElev.exe
    1⤵
      PID:1732
    • C:\Users\Admin\AppData\Local\SYjUxJDx\BitLockerWizardElev.exe
      C:\Users\Admin\AppData\Local\SYjUxJDx\BitLockerWizardElev.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1052
    • C:\Windows\system32\PresentationHost.exe
      C:\Windows\system32\PresentationHost.exe
      1⤵
        PID:388
      • C:\Users\Admin\AppData\Local\yMeixB\PresentationHost.exe
        C:\Users\Admin\AppData\Local\yMeixB\PresentationHost.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2680
      • C:\Windows\system32\GamePanel.exe
        C:\Windows\system32\GamePanel.exe
        1⤵
          PID:432
        • C:\Users\Admin\AppData\Local\M0VR\GamePanel.exe
          C:\Users\Admin\AppData\Local\M0VR\GamePanel.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:5084

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\M0VR\GamePanel.exe
          Filesize

          1.2MB

          MD5

          266f6a62c16f6a889218800762b137be

          SHA1

          31b9bd85a37bf0cbb38a1c30147b83671458fa72

          SHA256

          71f8f11f26f3a7c1498373f20f0f4cc960513d0383fe24906eeb1bc9678beecd

          SHA512

          b21d9b0656ab6bd3b158922722a332f07096ddd4215c802776c5807c9cf6ece40082dd986ea6867bdc8d22878ce035a5c8dfcc26cfae94aeee059701b6bf1e68

          Download Submit

        • C:\Users\Admin\AppData\Local\M0VR\UxTheme.dll
          Filesize

          672KB

          MD5

          96ba192f0de25bbe8a04c507d3ae2ae0

          SHA1

          c70ba59aa3c34274a0fe8ee1134640cde70b200e

          SHA256

          08fdea35be7da14f4a2c56b43f1e5a7cbd62638637dd2ff480b3a13ea7f4ccf1

          SHA512

          594c5124b34f013c86a0a21a35523744a8ab6b1eab4746c35763adcedd943a5e55ebc95bcd3569f559cf6c88c276fe9f693219798f8b08b538d7cd098c596480

          Download Submit

        • C:\Users\Admin\AppData\Local\SYjUxJDx\BitLockerWizardElev.exe
          Filesize

          100KB

          MD5

          8ac5a3a20cf18ae2308c64fd707eeb81

          SHA1

          31f2f0bdc2eb3e0d2a6cd626ea8ed71262865544

          SHA256

          803eb37617d450704766cb167dc9766e82102a94940a26a988ad26ab8be3f2f5

          SHA512

          85d0e28e4bffec709f26b2f0d20eb76373134af43bcaa70b97a03efa273b77dd4fbd4f6ee026774ce4029ab5a983aea057111efcd234ab1686a9bd0f7202748b

          Download Submit

        • C:\Users\Admin\AppData\Local\SYjUxJDx\FVEWIZ.dll
          Filesize

          672KB

          MD5

          33a3fec279fe16b6b9a422285c6ec5fb

          SHA1

          72c3c97b05ee825b7000617d83e29a644202a593

          SHA256

          799f55caffab38db844d6c537b2fdf84b76f83cbc3b568bb0bd02f9b2f76565d

          SHA512

          2ed01836886927279cddd58bbf900c52220a2271242a91d50c289c831637ee1b0555493c4016ade48d508e341540d24c6d96fd932ff74cfcafa0f546a4aa012d

          Download Submit

        • C:\Users\Admin\AppData\Local\yMeixB\PresentationHost.exe
          Filesize

          276KB

          MD5

          ef27d65b92d89e8175e6751a57ed9d93

          SHA1

          7279b58e711b459434f047e9098f9131391c3778

          SHA256

          17d6dcfaced6873a4ac0361ff14f48313f270ac9c465e9f02b5c12b5a5274c48

          SHA512

          40f46c3a131bb0388b8a3f7aee422936f6e2aa8d2cda547c43c4e7979c163d06c5aa20033a5156d3eeee5d455eeb929cbce89bcc8bb1766cbb65d7f03dd23e2e

          Download Submit

        • C:\Users\Admin\AppData\Local\yMeixB\VERSION.dll
          Filesize

          672KB

          MD5

          8c6f3359c0b229ae844d261b4d801964

          SHA1

          34515ae7b3360be99aba0f756141fc721197bfa9

          SHA256

          b5d6fcb7167774c21b0b4053a25a789973f145f0d30c926a4287afbc56d270ec

          SHA512

          45f180228d3eff356a1243a59e70a0c3603b63989b18735a00071f0e54a8628ef2ee3265e1e07f7add2950f837118859a82468d8bd247aba7db819b7c6c12ca6

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Zcgcwwxuxxxcbkn.lnk
          Filesize

          1KB

          MD5

          0d6e3577e058d33a0c83aa8abc44f1f6

          SHA1

          0871b01e4a3909ded0502d65ec49cba76db73742

          SHA256

          dfa287903997770bdedc736ef52a872f39033a3aef08623e67c24bbe68ce21cf

          SHA512

          c4905fcbd09afa1c8bcd5b35c0b7adfbc291098ffad345cb6071a6d17d00d9c3a08e10c1f72c3d932bd0b8d28bcd73eef04fb0e3234b2c1a638d7dd53c73588c

          Download Submit

        • memory/1052-50-0x00007FF815510000-0x00007FF8155B8000-memory.dmp

          Filesize

          672KB

          Download

        • memory/1052-47-0x000001BF88CA0000-0x000001BF88CA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1052-45-0x00007FF815510000-0x00007FF8155B8000-memory.dmp

          Filesize

          672KB

          Download

        • memory/2108-2-0x000001D08FFB0000-0x000001D08FFB7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2108-38-0x00007FF823D50000-0x00007FF823DF7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/2108-1-0x00007FF823D50000-0x00007FF823DF7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/2680-66-0x00007FF815510000-0x00007FF8155B8000-memory.dmp

          Filesize

          672KB

          Download

        • memory/2680-61-0x0000017A8C210000-0x0000017A8C217000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3452-24-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-15-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-8-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-7-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-6-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-10-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-11-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-13-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-35-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-9-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-25-0x00007FF832D00000-0x00007FF832D10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3452-26-0x00007FF832CF0000-0x00007FF832D00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3452-16-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-23-0x0000000002700000-0x0000000002707000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3452-14-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-12-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3452-3-0x0000000002720000-0x0000000002721000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3452-5-0x00007FF83191A000-0x00007FF83191B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5084-81-0x00007FF815510000-0x00007FF8155B8000-memory.dmp

          Filesize

          672KB

          Download