Overview

overview

10

Static

static

3

4b773db138...2a.dll

windows7-x64

10

4b773db138...2a.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b773db138c8cc3dc18a140ff7641053a01214ebb3dd8135e53e8d47e9f39d2a.dll

  • Size

    952KB

  • MD5

    b432d15a89c0b864b8f28153733c9e2e

  • SHA1

    7dd1e2dd2f3a78cecee6cee02c5725d93a412b46

  • SHA256

    4b773db138c8cc3dc18a140ff7641053a01214ebb3dd8135e53e8d47e9f39d2a

  • SHA512

    4c5eaebdb580839d6611dd34196bb084b79550ee2aa0b19ce26175fa5746ab6921a5b932a59587431abadba12ee95b048f0d2a2bb66e4ca69597bc51f41dec8b

  • SSDEEP

    6144:p34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:pIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b773db138c8cc3dc18a140ff7641053a01214ebb3dd8135e53e8d47e9f39d2a.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1848
  • C:\Windows\system32\DmNotificationBroker.exe
    C:\Windows\system32\DmNotificationBroker.exe
    1⤵
      PID:1532
    • C:\Users\Admin\AppData\Local\6QOJ6qM\DmNotificationBroker.exe
      C:\Users\Admin\AppData\Local\6QOJ6qM\DmNotificationBroker.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4460
    • C:\Windows\system32\ApplySettingsTemplateCatalog.exe
      C:\Windows\system32\ApplySettingsTemplateCatalog.exe
      1⤵
        PID:260
      • C:\Users\Admin\AppData\Local\PvX\ApplySettingsTemplateCatalog.exe
        C:\Users\Admin\AppData\Local\PvX\ApplySettingsTemplateCatalog.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2668
      • C:\Windows\system32\rdpclip.exe
        C:\Windows\system32\rdpclip.exe
        1⤵
          PID:1512
        • C:\Users\Admin\AppData\Local\p4ubXP3\rdpclip.exe
          C:\Users\Admin\AppData\Local\p4ubXP3\rdpclip.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:452

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\6QOJ6qM\DUI70.dll
          Filesize

          1.2MB

          MD5

          e4d5913d1eac316e422260c2c7b606e3

          SHA1

          c0421c5ac381d3b70788982414976ab70fcf3381

          SHA256

          11a02fbca00543c7ba03351b2ec186d23ad034848085f76502c29e2a8dc13799

          SHA512

          c4207d5fa1ba092e20b71466a05ed9223c24606298227769c248867233bb1297f523cea1b03a5869168380f2d1ad447538b1883fb94c87fed1112ad9f9e2e0d2

          Download Submit

        • C:\Users\Admin\AppData\Local\6QOJ6qM\DmNotificationBroker.exe
          Filesize

          32KB

          MD5

          f0bdc20540d314a2aad951c7e2c88420

          SHA1

          4ab344595a4a81ab5f31ed96d72f217b4cee790b

          SHA256

          f87537e5f26193a2273380f86cc9ac16d977f65b0eff2435e40be830fd99f7b5

          SHA512

          cb69e35b2954406735264a4ae8fe1eca1bd4575f553ab2178c70749ab997bda3c06496d2fce97872c51215a19093e51eea7cc8971af62ad9d5726f3a0d2730aa

          Download Submit

        • C:\Users\Admin\AppData\Local\PvX\ACTIVEDS.dll
          Filesize

          956KB

          MD5

          9e27ceae022cf6569d5a7c52426d1c1f

          SHA1

          166c880683253ecc6cf2c233563c8e399b86a58e

          SHA256

          6ea5d15a141b6f38e5994ee17c35671d75758524c41600e4498b95994f9b9936

          SHA512

          b41a6261199080d478a67cbc367323c3d21c131e9c14d7c2b4d2510a688a48c4cdbc8b6874e2675c327c1b711206518c89c043a27278714f350300a2389a24ca

          Download Submit

        • C:\Users\Admin\AppData\Local\PvX\ApplySettingsTemplateCatalog.exe
          Filesize

          1.1MB

          MD5

          13af41b1c1c53c7360cd582a82ec2093

          SHA1

          7425f893d1245e351483ab4a20a5f59d114df4e1

          SHA256

          a462f29efaaa3c30411e76f32608a2ba5b7d21af3b9804e5dda99e342ba8c429

          SHA512

          c7c82acef623d964c520f1a458dbfe34099981de0b781fb56e14b1f82632e3a8437db6434e7c20988aa3b39efde47aab8d188e80845e841a13e74b079285706a

          Download Submit

        • C:\Users\Admin\AppData\Local\p4ubXP3\dwmapi.dll
          Filesize

          956KB

          MD5

          3e8c27b6083245adc28d0d22a18b03b0

          SHA1

          4935842193027c4b654e9dd904ef7f3ee11d1863

          SHA256

          c91b896ce895c40eb8d917df1a404c9a26372f6bbcddcde3f1e4f7ff8ec0415c

          SHA512

          2975c5621c8bd7ba4a3dd85191fe062d0c53b7cdbd691b267285ce50c27188fca49ea1d539d61701b4b986bfea21b5f45921275f9d5d045663a465367236969b

          Download Submit

        • C:\Users\Admin\AppData\Local\p4ubXP3\rdpclip.exe
          Filesize

          446KB

          MD5

          a52402d6bd4e20a519a2eeec53332752

          SHA1

          129f2b6409395ef877b9ca39dd819a2703946a73

          SHA256

          9d5be181d9309dea98039d2ce619afe745fc8a9a1b1c05cf860b3620b5203308

          SHA512

          632dda67066cff2b940f27e3f409e164684994a02bda57d74e958c462b9a0963e922be4a487c06126cecc9ef34d34913ef8315524bf8422f83c0c135b8af924e

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Rasxaa.lnk
          Filesize

          1KB

          MD5

          d3ce034234728aec3a08f47bb5b49f11

          SHA1

          a308d8b4d654827a8ad0a44615ffa20139c7c75c

          SHA256

          cf070ce90615fa9359613f53ee4525d09152d94e6f2c552a6ab0d1bdb607c85d

          SHA512

          c3b52f70037b7363a3312efe41f6873b903555a9e4071cac9811c1da8e45fb3489b471e7278894d0501f957bc6d8cd029cebf9ce830645f0ed43ec2407584177

          Download Submit

        • memory/452-83-0x00007FFDFDD90000-0x00007FFDFDE7F000-memory.dmp

          Filesize

          956KB

          Download

        • memory/1848-0-0x000002ACA2CE0000-0x000002ACA2CE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1848-1-0x00007FFDFE790000-0x00007FFDFE87E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/1848-40-0x00007FFDFE790000-0x00007FFDFE87E000-memory.dmp

          Filesize

          952KB

          Download

        • memory/2668-63-0x000002C230A40000-0x000002C230A47000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2668-64-0x00007FFDFDD90000-0x00007FFDFDE7F000-memory.dmp

          Filesize

          956KB

          Download

        • memory/2668-68-0x00007FFDFDD90000-0x00007FFDFDE7F000-memory.dmp

          Filesize

          956KB

          Download

        • memory/3376-7-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-17-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-9-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-8-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-13-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-10-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-6-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-37-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-14-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-15-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-26-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-4-0x00007FFE0C98A000-0x00007FFE0C98B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3376-3-0x00000000024D0000-0x00000000024D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3376-12-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-27-0x00007FFE0CD80000-0x00007FFE0CD90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3376-28-0x00007FFE0CD70000-0x00007FFE0CD80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3376-11-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-18-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/3376-25-0x0000000000370000-0x0000000000377000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3376-16-0x0000000140000000-0x00000001400EE000-memory.dmp

          Filesize

          952KB

          Download

        • memory/4460-52-0x00007FFDFDD40000-0x00007FFDFDE74000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4460-48-0x00007FFDFDD40000-0x00007FFDFDE74000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4460-47-0x0000028592680000-0x0000028592687000-memory.dmp

          Filesize

          28KB

          Download