Overview

overview

10

Static

static

3

935df89b2b...fd.dll

windows7-x64

10

935df89b2b...fd.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    935df89b2b9b8b96959f35ffdf9e2bde46b01560f21c729b00cb4d13e0ff02fd.dll

  • Size

    952KB

  • MD5

    97a982e24ffe6987e49fd0cb330a17ec

  • SHA1

    404d71db7a082078c62ee0811513d80a083f0c39

  • SHA256

    935df89b2b9b8b96959f35ffdf9e2bde46b01560f21c729b00cb4d13e0ff02fd

  • SHA512

    11fb5562e1f5c5a19fd7ad769be5c786d5abc69105c1dea3d8854aff57e525c9a95bf78c798c43d1665256f128fb714ed25380a970a7c6bba21d2f8709489f31

  • SSDEEP

    6144:534xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:5IKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\935df89b2b9b8b96959f35ffdf9e2bde46b01560f21c729b00cb4d13e0ff02fd.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4872
  • C:\Windows\system32\LicensingUI.exe
    C:\Windows\system32\LicensingUI.exe
    1⤵
      PID:4372
    • C:\Users\Admin\AppData\Local\2dPO4Ai\LicensingUI.exe
      C:\Users\Admin\AppData\Local\2dPO4Ai\LicensingUI.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2824
    • C:\Windows\system32\Magnify.exe
      C:\Windows\system32\Magnify.exe
      1⤵
        PID:1984
      • C:\Users\Admin\AppData\Local\FFN\Magnify.exe
        C:\Users\Admin\AppData\Local\FFN\Magnify.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:980
      • C:\Windows\system32\sethc.exe
        C:\Windows\system32\sethc.exe
        1⤵
          PID:4384
        • C:\Users\Admin\AppData\Local\yikC\sethc.exe
          C:\Users\Admin\AppData\Local\yikC\sethc.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4228

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\2dPO4Ai\DUI70.dll
          Filesize

          1.2MB

          MD5

          ba7e807722ef8cb35b531b6e92c5f93a

          SHA1

          512f9f24154fe2f00ba7f82fc9fc08bbd29d1e31

          SHA256

          587252e909d60c2dc8a9fe49295bf4a24f1ef80e62f286125de804f80381ec09

          SHA512

          a8ed2ba5cc1319ca33ed84b90bd56fc1b0e92a0766446122f2d286f206695a0b8b645ce9040a3a70e11d940e8e3333dee834c9df8070b756603d121980d1b3dc

          Download Submit

        • C:\Users\Admin\AppData\Local\2dPO4Ai\LicensingUI.exe
          Filesize

          142KB

          MD5

          8b4abc637473c79a003d30bb9c7a05e5

          SHA1

          d1cab953c16d4fdec2b53262f56ac14a914558ca

          SHA256

          0e9eb89aa0df9bb84a8f11b0bb3e9d89905355de34c91508968b4cb78bc3f6c5

          SHA512

          5a40c846c5b3a53ae09114709239d8238c322a7d3758b20ed3fc8e097fc1409f62b4990557c1192e894eabfa89741a9d88bd5175850d039b97dfdf380d1c6eeb

          Download Submit

        • C:\Users\Admin\AppData\Local\FFN\MAGNIFICATION.dll
          Filesize

          956KB

          MD5

          608ce8e676f5a6318b926ed0e948fbc2

          SHA1

          adeb3be1f8aeb7f29ee76f0c315a69d1f24f0914

          SHA256

          802fbb538a7d28eee6b3792ffd3ed46a086118f8a8abfd46fe47d011373a603e

          SHA512

          0d96a939ab20fcf5e64b08fe53e95cc6a52369bbe20276ad7e4f27d6f7b868a85fec932c9e7d724a8790786c491ed20ddab50d22fb762aabafbdb7de469ee18b

          Download Submit

        • C:\Users\Admin\AppData\Local\FFN\Magnify.exe
          Filesize

          639KB

          MD5

          4029890c147e3b4c6f41dfb5f9834d42

          SHA1

          10d08b3f6dabe8171ca2dd52e5737e3402951c75

          SHA256

          57137f784594793dc0669042ccd3a71ddbfedeb77da6d97173d82613e08add4d

          SHA512

          dbdc60f8692f13c23dbed0b76e9c6758a5b413bd6aaf4e4d0ba74e69c0871eb759da95c3f85a31d972388b545dcf3bb8abbcbedd29a1e7e48c065130b98b893d

          Download Submit

        • C:\Users\Admin\AppData\Local\yikC\WTSAPI32.dll
          Filesize

          956KB

          MD5

          4cdf33f9e13a079710ad303025f9d28e

          SHA1

          05427cd2220b6627403ecefdc8c5b9e511a2bab6

          SHA256

          57686654f41edbc6d7a47319863cf2a67c68489fb0511c82812df7d46ad99d46

          SHA512

          b565c6a05ea3dda41b00a6b1c21e1017f0f938a784f106899008cedc82fc35c711d732510fb4c2afcc1d24fd5245eb14008410ae41bf15c1e00bdc14c66e1194

          Download Submit

        • C:\Users\Admin\AppData\Local\yikC\sethc.exe
          Filesize

          104KB

          MD5

          8ba3a9702a3f1799431cad6a290223a6

          SHA1

          9c7dc9b6830297c8f759d1f46c8b36664e26c031

          SHA256

          615b2f2d7e3fce340839a9b54bdc3445eb2333d0fafee477d6113379e90935b8

          SHA512

          680c216d54f4fd2a14f0398e4461c8340ac15acdca75c36a42083625e1081d5e7d262c4c12296b6f21ba2f593f92816edf1c9a0cf4cbee23588e590713b87746

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ehuvmtvuxjwd.lnk
          Filesize

          1KB

          MD5

          34ae9b661213282069df8737cdfee35b

          SHA1

          02de256a34f76f2ff8f276497babf91c62b9f590

          SHA256

          373f64e78fd69add4db28b1f71d3536974c1fc39392cc113ed2cce831f74a527

          SHA512

          c93795a67e211e4e34e5be1c494867fba14e979a74908e844b7baaa7c6ab61393bf9c3de27747ff9dfa12509bab2eaf3cfeb580ff4ffa9fd6e46f1ac0d7fc5a4

          Download Submit

        • memory/980-63-0x0000014D6B8F0000-0x0000014D6B8F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/980-64-0x00007FF9DE190000-0x00007FF9DE27F000-memory.dmp

          Filesize

          956KB

          Download

        • memory/980-68-0x00007FF9DE190000-0x00007FF9DE27F000-memory.dmp

          Filesize

          956KB

          Download

        • memory/2824-52-0x00007FF9DE140000-0x00007FF9DE274000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2824-49-0x000001EF3C980000-0x000001EF3C987000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2824-47-0x00007FF9DE140000-0x00007FF9DE274000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3452-15-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-16-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-10-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-9-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-7-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-26-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-27-0x00007FF9FC900000-0x00007FF9FC910000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3452-28-0x00007FF9FC8F0000-0x00007FF9FC900000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3452-37-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-3-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3452-12-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-14-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-13-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-11-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-5-0x00007FF9FABEA000-0x00007FF9FABEB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3452-17-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-25-0x0000000001250000-0x0000000001257000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3452-18-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-8-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3452-6-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/4228-79-0x00007FF9DDFE0000-0x00007FF9DE0CF000-memory.dmp

          Filesize

          956KB

          Download

        • memory/4228-83-0x00007FF9DDFE0000-0x00007FF9DE0CF000-memory.dmp

          Filesize

          956KB

          Download

        • memory/4872-2-0x000001F093450000-0x000001F093457000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4872-40-0x00007FF9ED1C0000-0x00007FF9ED2AE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/4872-0-0x00007FF9ED1C0000-0x00007FF9ED2AE000-memory.dmp

          Filesize

          952KB

          Download