Overview

overview

10

Static

static

3

41614fc30d...10.dll

windows7-x64

10

41614fc30d...10.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41614fc30de6ea778c6fa12e9ed5cb389679580e3903a40b3373d92b103eb010.dll

  • Size

    948KB

  • MD5

    80f06337c927418ef2dbe6efa147d64a

  • SHA1

    4a016b8fe8c023f840f18d3b40f6e6f44fb9d6f2

  • SHA256

    41614fc30de6ea778c6fa12e9ed5cb389679580e3903a40b3373d92b103eb010

  • SHA512

    0abe2424cdd1f23f60dea1a920aa930805f805a913c6d4916986329874fa1e4c6b5e22dc39123191c903460f21786b6e828447dc1bfbaa65576d11a479db18b5

  • SSDEEP

    6144:P34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:PIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\41614fc30de6ea778c6fa12e9ed5cb389679580e3903a40b3373d92b103eb010.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3012
  • C:\Windows\system32\isoburn.exe
    C:\Windows\system32\isoburn.exe
    1⤵
      PID:2996
    • C:\Users\Admin\AppData\Local\dghTGy\isoburn.exe
      C:\Users\Admin\AppData\Local\dghTGy\isoburn.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      PID:1704
    • C:\Windows\system32\sdclt.exe
      C:\Windows\system32\sdclt.exe
      1⤵
        PID:2672
      • C:\Users\Admin\AppData\Local\Qc57\sdclt.exe
        C:\Users\Admin\AppData\Local\Qc57\sdclt.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2200
      • C:\Windows\system32\cmstp.exe
        C:\Windows\system32\cmstp.exe
        1⤵
          PID:2864
        • C:\Users\Admin\AppData\Local\PymCf\cmstp.exe
          C:\Users\Admin\AppData\Local\PymCf\cmstp.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2016

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\PymCf\VERSION.dll
          Filesize

          952KB

          MD5

          469bd8312c2f0ac99f5097855ccaddfd

          SHA1

          42faf3f284d1a35278e9b5924ad6873bd4288174

          SHA256

          21ba87534ba21c86f740a8f543d69c12f4df9861b5aad12c16c62d1696841c0a

          SHA512

          f2e5c84efda630c995dc01d3c57987beeb1368852d0de882d7635a2b63de5e6ffdba02f0eca3217922f06ea26adec3c6fb4ce97a215c6ad49a509e127591079c

          Download Submit

        • C:\Users\Admin\AppData\Local\Qc57\wer.dll
          Filesize

          952KB

          MD5

          f1ccd2f5157e27e6e8124f5cac78db69

          SHA1

          e3f6959702cb0fc24920f4ac909398c1a6cc163f

          SHA256

          4ade56133d88a91ecab8995b4f4e95cbf7cceb988600a83a130e5a0885a1306f

          SHA512

          4f2851b07b12d2b6fe39da642301d695ae79a16a486911d11c1487ddb5bffa00f424e6e8624f925d21c88f64c0a22a9ff0a2827c7a571954dff01b6ff711a521

          Download Submit

        • C:\Users\Admin\AppData\Local\dghTGy\UxTheme.dll
          Filesize

          952KB

          MD5

          2633964e1c7444fad736e7c41131a002

          SHA1

          04e4016a26ab499d846f9ba30edee82a2281cc94

          SHA256

          4582021f67b25ad98f05b4cdac791aa7e0bc67f9a2d91b3d645b690dc0a2263e

          SHA512

          3b0943c1b09acc9308eaa185a3e3e01ac068d8fea277a2a0b913ecaf1e66b068dca62eea2569499f5ddacc9442c7d52d00bc6c2324e361500cc0595e41631c69

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ykefwsdudlbqds.lnk
          Filesize

          1KB

          MD5

          19050917d489551df36aa5bdb43eaf6b

          SHA1

          bb6bef7f8ba0f0d16de944dd9ed94f33356c70a2

          SHA256

          10ec65e809d9d15ad776a8d5cabb7a80c10f85c3e6e2edfdaf7d1224bbb266f6

          SHA512

          0694fa66a54b5d0e94c6a1f61cc93cb75014c6b11425dee2131c1380af4c320bdfb16813de924fb09205b4f63897ec49ea4c1978d1b54aee8d675316c24ffafd

          Download Submit

        • \Users\Admin\AppData\Local\PymCf\cmstp.exe
          Filesize

          90KB

          MD5

          74c6da5522f420c394ae34b2d3d677e3

          SHA1

          ba135738ef1fb2f4c2c6c610be2c4e855a526668

          SHA256

          51d298b1a8a2d00d5c608c52dba0655565d021e9798ee171d7fa92cc0de729a6

          SHA512

          bfd76b1c3e677292748f88bf595bfef0b536eb22f2583b028cbf08f6ae4eda1aa3787c4e892aad12b7681fc2363f99250430a0e7019a7498e24db391868e787a

          Download Submit

        • \Users\Admin\AppData\Local\Qc57\sdclt.exe
          Filesize

          1.2MB

          MD5

          cdebd55ffbda3889aa2a8ce52b9dc097

          SHA1

          4b3cbfff5e57fa0cb058e93e445e3851063646cf

          SHA256

          61bd24487c389fc2b939ce000721677cc173bde0edcafccff81069bbd9987bfd

          SHA512

          2af69742e90d3478ae0a770b2630bfdc469077311c1f755f941825399b9a411e3d8d124126f59b01049456cddc01b237a3114847f1fe53f9e7d1a97e4ba36f13

          Download Submit

        • \Users\Admin\AppData\Local\dghTGy\isoburn.exe
          Filesize

          89KB

          MD5

          f8051f06e1c4aa3f2efe4402af5919b1

          SHA1

          bbcf3711501dfb22b04b1a6f356d95a6d5998790

          SHA256

          50dcb4be409f50d26c0fc32dd9cdbf96bff4e19bf624221cb566ebeb3e09ce1a

          SHA512

          5f664d937abe4426ee7e0d8491a395f9ef4ffe7a51dba05b54b7ba27e80c9be37833400911c5878d3dec659f4fa1579ec8ba4cfc485fb2ce24dd37c321006daa

          Download Submit

        • memory/1200-8-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-10-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-27-0x00000000773B0000-0x00000000773B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-26-0x0000000077380000-0x0000000077382000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1200-15-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-16-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-14-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-13-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-12-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-11-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-9-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-3-0x0000000077016000-0x0000000077017000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-24-0x0000000002CF0000-0x0000000002CF7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1200-37-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-36-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-4-0x0000000002D10000-0x0000000002D11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-46-0x0000000077016000-0x0000000077017000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-18-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-7-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-6-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1200-25-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1704-59-0x000007FEF69A0000-0x000007FEF6A8E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/1704-54-0x000007FEF69A0000-0x000007FEF6A8E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/1704-56-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2016-92-0x000007FEF6130000-0x000007FEF621E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/2200-73-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2200-72-0x000007FEF6130000-0x000007FEF621E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/2200-76-0x000007FEF6130000-0x000007FEF621E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3012-45-0x000007FEF6130000-0x000007FEF621D000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3012-2-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3012-1-0x000007FEF6130000-0x000007FEF621D000-memory.dmp

          Filesize

          948KB

          Download