Overview

overview

10

Static

static

3

9d547a1ca3...b7.dll

windows7-x64

10

9d547a1ca3...b7.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d547a1ca3ef9b612354dc907c31c5acf7310f540dc48686f3157398d1e53bb7.dll

  • Size

    1.2MB

  • MD5

    02cc0f2d0a0c7407558ac5a569c4e04c

  • SHA1

    4b7060c03c224e42c420651368c73dbddcc3a3e3

  • SHA256

    9d547a1ca3ef9b612354dc907c31c5acf7310f540dc48686f3157398d1e53bb7

  • SHA512

    ac134e657c9ec47511245fdcbf717221a83eda2faea7e57560a59e212efa9312f4f13abc29b81be6210405680f507c5d921c4f6fe9ec933249c093e342eef554

  • SSDEEP

    6144:k34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTI:kIKp/UWCZdCDh2IZDwAFRpR6Aup

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d547a1ca3ef9b612354dc907c31c5acf7310f540dc48686f3157398d1e53bb7.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3200
  • C:\Windows\system32\SppExtComObj.Exe
    C:\Windows\system32\SppExtComObj.Exe
    1⤵
      PID:1644
    • C:\Users\Admin\AppData\Local\HDmGBg\SppExtComObj.Exe
      C:\Users\Admin\AppData\Local\HDmGBg\SppExtComObj.Exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2056
    • C:\Windows\system32\SndVol.exe
      C:\Windows\system32\SndVol.exe
      1⤵
        PID:3080
      • C:\Users\Admin\AppData\Local\IoYtkZT\SndVol.exe
        C:\Users\Admin\AppData\Local\IoYtkZT\SndVol.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3688
      • C:\Windows\system32\SystemPropertiesHardware.exe
        C:\Windows\system32\SystemPropertiesHardware.exe
        1⤵
          PID:1120
        • C:\Users\Admin\AppData\Local\ijI\SystemPropertiesHardware.exe
          C:\Users\Admin\AppData\Local\ijI\SystemPropertiesHardware.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3620

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\HDmGBg\ACTIVEDS.dll
          Filesize

          1.2MB

          MD5

          0728a7c33c9626b51e3da5f870901799

          SHA1

          be72dcbc325fe4f9ff395aa9cf81d889d88b330e

          SHA256

          7a466defd1e9fad8af2a1ea282529ef1ff750c5532eb1066a5287bf3c02a993a

          SHA512

          d3e39ff42abed70cb7ce041e2e9b77420a20fe958fe6791caad89345cf199814949bf10cd69d08563b4a72c4c01d8801ab005c7fe351ceba021c2c6aef61f01b

          Download Submit

        • C:\Users\Admin\AppData\Local\HDmGBg\SppExtComObj.Exe
          Filesize

          559KB

          MD5

          728a78909aa69ca0e976e94482350700

          SHA1

          6508dfcbf37df25cae8ae68cf1fcd4b78084abb7

          SHA256

          2a6581576305771044f07ea0fef27f77859996dbf66c2017e938f90bfc1e010c

          SHA512

          22bf985e71afa58a1365cc733c0aa03dabd4b44e7c6a136eb5f9b870db14470201b4ef88a19fa3864af6c44e79e1a01d6f8806062d9d4861ba7dac77d82074f1

          Download Submit

        • C:\Users\Admin\AppData\Local\IoYtkZT\SndVol.exe
          Filesize

          269KB

          MD5

          c5d939ac3f9d885c8355884199e36433

          SHA1

          b8f277549c23953e8683746e225e7af1c193ad70

          SHA256

          68b6ced01f5dfc2bc9556b005f4fff235a3d02449ad9f9e4de627c0e1424d605

          SHA512

          8488e7928e53085c00df096af2315490cd4b22ce2ce196b157dc0fbb820c5399a9dbd5dead40b24b99a4a32b6de66b4edc28339d7bacd9c1e7d5936604d1a4f0

          Download Submit

        • C:\Users\Admin\AppData\Local\IoYtkZT\UxTheme.dll
          Filesize

          1.2MB

          MD5

          3f84d71789f571748a008e7ea8eb4b83

          SHA1

          102133013d2aa710ea217a71352a6a874d8853b3

          SHA256

          13b3e111fcf8b3ae605e1d4cb7d68578044097d851cf960c6e51ef907fa14283

          SHA512

          9e84016d514473668c92132d49c4e4d5e624783cdbbfc7da9db4b34f1a83cfd09b71001bf382b3741b175db761a7a28589ba108f79a3c8e0edd57566771408b0

          Download Submit

        • C:\Users\Admin\AppData\Local\ijI\SYSDM.CPL
          Filesize

          1.2MB

          MD5

          e4080470e2c7de150661bc19b8420c8d

          SHA1

          ca86196d3b487ae0099650587835058a264ca219

          SHA256

          cbc40f3980ce4583d0679448b12f1c949f3b96079db480d06404edebff5c6a23

          SHA512

          6d32b1795d9080426e5e6139dc91eeb19987c61d94c0f05ecfcf08776bbff0380cdc303b74b88a8da8ace48e430f1aa8c5f9eb339a88a6d24e76ab11c1ab5e8c

          Download Submit

        • C:\Users\Admin\AppData\Local\ijI\SystemPropertiesHardware.exe
          Filesize

          82KB

          MD5

          bf5bc0d70a936890d38d2510ee07a2cd

          SHA1

          69d5971fd264d8128f5633db9003afef5fad8f10

          SHA256

          c8ebd920399ebcf3ab72bd325b71a6b4c6119dfecea03f25059a920c4d32acc7

          SHA512

          0e129044777cbbf5ea995715159c50773c1818fc5e8faa5c827fd631b44c086b34dfdcbe174b105891ccc3882cc63a8664d189fb6a631d8f589de4e01a862f51

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Womuvunldsugi.lnk
          Filesize

          1KB

          MD5

          38ea8a90096e68a6b6dd70778c9846be

          SHA1

          cf2146d369121c78ceb13377c143b3c094aa50e7

          SHA256

          91635cb55d3f2a9632d7e05f6b0be8f36f5cc1c6658afcee0aedcce6b0d8ee07

          SHA512

          a82446c4a423cde60d1bfb48b3448340cdd1f8a78c617977e251acf9bbc624e66531caf6e572e4e7490ae5bcd6beb21259a0ce123dc01035aee9ed652d414d2c

          Download Submit

        • memory/2056-52-0x00007FFDF2440000-0x00007FFDF2574000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2056-49-0x000002589A5B0000-0x000002589A5B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2056-47-0x00007FFDF2440000-0x00007FFDF2574000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3200-40-0x00007FFE009A0000-0x00007FFE00AD3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3200-0-0x000001E5EBB90000-0x000001E5EBB97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3200-2-0x00007FFE009A0000-0x00007FFE00AD3000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-37-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-28-0x00007FFE0FC30000-0x00007FFE0FC40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3432-10-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-9-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-8-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-7-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-14-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-6-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-11-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-15-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-17-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-26-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-27-0x00007FFE0FC40000-0x00007FFE0FC50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3432-12-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-25-0x0000000000D40000-0x0000000000D47000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3432-18-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-16-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3432-5-0x00007FFE0DEEA000-0x00007FFE0DEEB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3432-3-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3432-13-0x0000000140000000-0x0000000140133000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3620-82-0x00007FF701330000-0x00007FF701349000-memory.dmp

          Filesize

          100KB

          Download

        • memory/3620-83-0x00007FFDF2440000-0x00007FFDF2574000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3688-68-0x00007FFDF1F00000-0x00007FFDF2034000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3688-65-0x00000247FD8F0000-0x00000247FD8F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3688-63-0x00007FFDF1F00000-0x00007FFDF2034000-memory.dmp

          Filesize

          1.2MB

          Download