Overview

overview

10

Static

static

3

43508d520d...92.dll

windows7-x64

10

43508d520d...92.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 05:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43508d520d7e2071ccd08862888e65cb9ae724268835584aec28c355f22f1d92.dll

  • Size

    948KB

  • MD5

    c3da5425420b0f94aa1a58c38ef6d14d

  • SHA1

    891965f46beafca8d84b87e9aa815d8d7b8171fd

  • SHA256

    43508d520d7e2071ccd08862888e65cb9ae724268835584aec28c355f22f1d92

  • SHA512

    1ebc2ca75e6354edd72ef76991569565199267a472756077166deed6fa6b22e46d5df3546910c78b4b80b54e0e98f6eb5142e254feffae2026f46773ac687dee

  • SSDEEP

    6144:D34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:DIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\43508d520d7e2071ccd08862888e65cb9ae724268835584aec28c355f22f1d92.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2840
  • C:\Windows\system32\sethc.exe
    C:\Windows\system32\sethc.exe
    1⤵
      PID:1436
    • C:\Users\Admin\AppData\Local\9eJ9c\sethc.exe
      C:\Users\Admin\AppData\Local\9eJ9c\sethc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3296
    • C:\Windows\system32\dwm.exe
      C:\Windows\system32\dwm.exe
      1⤵
        PID:2432
      • C:\Users\Admin\AppData\Local\dJ4bsY\dwm.exe
        C:\Users\Admin\AppData\Local\dJ4bsY\dwm.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1884
      • C:\Windows\system32\Utilman.exe
        C:\Windows\system32\Utilman.exe
        1⤵
          PID:5116
        • C:\Users\Admin\AppData\Local\HMVPgnp\Utilman.exe
          C:\Users\Admin\AppData\Local\HMVPgnp\Utilman.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1824

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\9eJ9c\WTSAPI32.dll
          Filesize

          952KB

          MD5

          6b6324bbf5a42cd6061e679329c6f491

          SHA1

          ede798cbb8eb49d2a212ed8b98f87acc15404d8f

          SHA256

          47d78191a156181070972f4fb21699e963222e741bcc9c4ae83da19ac3c5dc4d

          SHA512

          06a2b4f5efb65bfc816858f03422b49c078b440b53c7b59c219485cad96a6c02a820b22327e7a2c72170130ea7b4762cd4a66f84ba6fd160b0c657a63daf6193

          Download Submit

        • C:\Users\Admin\AppData\Local\9eJ9c\sethc.exe
          Filesize

          104KB

          MD5

          8ba3a9702a3f1799431cad6a290223a6

          SHA1

          9c7dc9b6830297c8f759d1f46c8b36664e26c031

          SHA256

          615b2f2d7e3fce340839a9b54bdc3445eb2333d0fafee477d6113379e90935b8

          SHA512

          680c216d54f4fd2a14f0398e4461c8340ac15acdca75c36a42083625e1081d5e7d262c4c12296b6f21ba2f593f92816edf1c9a0cf4cbee23588e590713b87746

          Download Submit

        • C:\Users\Admin\AppData\Local\HMVPgnp\DUser.dll
          Filesize

          956KB

          MD5

          9865338282a764c164dd95fbe95f80d6

          SHA1

          b553d15dfecd73a0c5b00d8ba573558435528265

          SHA256

          73c7c096069e289f4457469935ff7a8cce265955a2b548cecd1a9962bcdabbfd

          SHA512

          b85821e1f6d4cbdae309318fced883ce3d1ef79bbb2c627bca14578a1129ee5aacdd2e43482c46da7920b5d5951ef9be563569a6737d101ca45e9cc8c4ec86f6

          Download Submit

        • C:\Users\Admin\AppData\Local\HMVPgnp\Utilman.exe
          Filesize

          123KB

          MD5

          a117edc0e74ab4770acf7f7e86e573f7

          SHA1

          5ceffb1a5e05e52aafcbc2d44e1e8445440706f3

          SHA256

          b5bc4fce58403ea554691db678e6c8c448310fe59990990f0e37cd4357567d37

          SHA512

          72883f794ff585fe7e86e818d4d8c54fa9781cab6c3fac6f6956f58a016a91f676e70d14691cbe054ae7b7469c6b4783152fbb694e92b940d9e3595fe3f41d97

          Download Submit

        • C:\Users\Admin\AppData\Local\dJ4bsY\dwm.exe
          Filesize

          92KB

          MD5

          5c27608411832c5b39ba04e33d53536c

          SHA1

          f92f8b7439ce1de4c297046ed1d3ff9f20bc97af

          SHA256

          0ac827c9e35cdaa492ddd435079415805dcc276352112b040bcd34ef122cf565

          SHA512

          1fa25eabc08dff9ea25dfa7da310a677927c6344b76815696b0483f8860fa1469820ff15d88a78ed32f712d03003631d9aceaf9c9851de5dd40c1fc2a7bc1309

          Download Submit

        • C:\Users\Admin\AppData\Local\dJ4bsY\dxgi.dll
          Filesize

          952KB

          MD5

          e6eb113f1f829f7383464a883c2a45ec

          SHA1

          4660f993071bd8932ae64283801c5f73bef5cd29

          SHA256

          f3a603507dd3897c1e55ddac5ac3f29f96ed318e62696d641f8b14db3b6c0d02

          SHA512

          218f3a4c29541f288ecef94030b5fb15c5cc4ee7a1c00ad8cb9efa50dab48ae3b8a538d661cd2eac214225f02008eaa5e81926e935a91f1ab071842134bc3d2c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fkasxldymr.lnk
          Filesize

          1KB

          MD5

          001f6a9a8f554ab2a01322f34ca9c261

          SHA1

          cd4449dbd34750edf42440b02eb42f0fd9936f23

          SHA256

          3df0850b763349b25fb85c76f979a671381edaae6c2a8b797f9afcc7e5adc55c

          SHA512

          4c42de356dcef4133ff945544e2c6ab2b222c149b65b40be0df56665b4a911d912e04e561aa13243472287446f97dd8fc0809956cc5599921bfd8b3ebd625b08

          Download Submit

        • memory/1824-79-0x00007FFCC18B0000-0x00007FFCC199F000-memory.dmp

          Filesize

          956KB

          Download

        • memory/1824-75-0x00007FFCC18B0000-0x00007FFCC199F000-memory.dmp

          Filesize

          956KB

          Download

        • memory/1884-64-0x00007FFCC1A60000-0x00007FFCC1B4E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/1884-66-0x00007FFCC1A60000-0x00007FFCC1B4E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/2840-1-0x00007FFCCD060000-0x00007FFCCD14D000-memory.dmp

          Filesize

          948KB

          Download

        • memory/2840-39-0x00007FFCCD060000-0x00007FFCCD14D000-memory.dmp

          Filesize

          948KB

          Download

        • memory/2840-2-0x00000188957D0000-0x00000188957D7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3296-51-0x00007FFCC18B0000-0x00007FFCC199E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3296-46-0x00007FFCC18B0000-0x00007FFCC199E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3296-48-0x00000208BA330000-0x00000208BA337000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3504-15-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-36-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-7-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-16-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-9-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-10-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-11-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-13-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-25-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-8-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-26-0x00007FFCE0600000-0x00007FFCE0610000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3504-27-0x00007FFCE05F0000-0x00007FFCE0600000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3504-17-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-24-0x00000000022C0000-0x00000000022C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3504-14-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-6-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-12-0x0000000140000000-0x00000001400ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/3504-3-0x00007FFCDFAEA000-0x00007FFCDFAEB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3504-4-0x0000000002A50000-0x0000000002A51000-memory.dmp

          Filesize

          4KB

          Download