Overview

overview

10

Static

static

3

ed0719cca7...44.dll

windows7-x64

10

ed0719cca7...44.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-10-2024 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed0719cca7b7968d97c2f3798dc89cb942ff11938783673cdaa4124da429bc44.dll

  • Size

    688KB

  • MD5

    bf6415fc9381c0c310077c35921254ca

  • SHA1

    1a9bfa30fc33ab115e737db7bfe2a50371e815cf

  • SHA256

    ed0719cca7b7968d97c2f3798dc89cb942ff11938783673cdaa4124da429bc44

  • SHA512

    b269ded1c574eb71f895217dfe991a62cb4c16217d4b46ab6a702989de92251dd28a8b14662098ba28cdffbdcbcd1adb56dde0b17237a24a2201dc6728a32f3d

  • SSDEEP

    12288:Cfndx6M581WsGRouyjzC6gn5l0H1Tak8jnGg/xeq7gz3xfsPEb4sk:kdAE81W381Wk8jnYz3dsPEb4s

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed0719cca7b7968d97c2f3798dc89cb942ff11938783673cdaa4124da429bc44.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2844
  • C:\Windows\system32\Utilman.exe
    C:\Windows\system32\Utilman.exe
    1⤵
      PID:2544
    • C:\Users\Admin\AppData\Local\skD6f\Utilman.exe
      C:\Users\Admin\AppData\Local\skD6f\Utilman.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2564
    • C:\Windows\system32\wbengine.exe
      C:\Windows\system32\wbengine.exe
      1⤵
        PID:2492
      • C:\Users\Admin\AppData\Local\GagNb1GF4\wbengine.exe
        C:\Users\Admin\AppData\Local\GagNb1GF4\wbengine.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2440
      • C:\Windows\system32\mstsc.exe
        C:\Windows\system32\mstsc.exe
        1⤵
          PID:1844
        • C:\Users\Admin\AppData\Local\pOjaW1X2\mstsc.exe
          C:\Users\Admin\AppData\Local\pOjaW1X2\mstsc.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2380

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\pOjaW1X2\WINMM.dll
          Filesize

          696KB

          MD5

          88178cf05b071f6ca3c09d473ec8680c

          SHA1

          4d6a7a9bce14d85dd2ba73e14b884e9bfb065279

          SHA256

          4efffbd5010b5ba129a1329457beb2a47c54e1e575bbda058371df2370463861

          SHA512

          5d00ce32b98bc80992e60615d1656318bca6522cf6c5c5581253fdab9a79214db345b4d6890dca56128c612d865dc59c50577550f18a30db99887a0c9efb31c9

          Download Submit

        • C:\Users\Admin\AppData\Local\skD6f\DUI70.dll
          Filesize

          896KB

          MD5

          23e44cc862df348dad7b90572e5221d2

          SHA1

          be5a15e55a79b754ecad9b747ea95d668fabf532

          SHA256

          9bd3c2a1f610975683c435f5d3a935d3282e79d1d9922e2a30c7f3b2aa8833af

          SHA512

          f85f2d200092ed6c30b56d56f6d17bf6cfae8dbf8d6e405da487295159d6938ad36b21d702f73ec211494343527e663940b17e0dc2d8e158aebd37ee4e32bc5d

          Download Submit

        • C:\Users\Admin\AppData\Local\skD6f\Utilman.exe
          Filesize

          1.3MB

          MD5

          32c5ee55eadfc071e57851e26ac98477

          SHA1

          8f8d0aee344e152424143da49ce2c7badabb8f9d

          SHA256

          7ca90616e68bc851f14658a366d80f21ddb7a7dd8a866049e54651158784a9ea

          SHA512

          e0943efa81f3087c84a5909c72a436671ee8cc3cc80154901430e83ec7966aac800ad4b26f4a174a0071da617c0982ceda584686c6e2056e1a83e864aca6c975

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Lcuygmmobxhxaxh.lnk
          Filesize

          1KB

          MD5

          454ca8cad60bc729d969ace5b3d68cfa

          SHA1

          6ab6403490728b18bf802a7b7a67b16983149515

          SHA256

          4c69cab856e3697e04f5f078a722e079076be96b35c6f22bf6df6c5db310d58b

          SHA512

          5b9e39f356d689a840783155cbf7b63c37a43613642a2efafd6af6ad84a0bfe803647fc651b72b0837d4fd371df1032f5b2b0da51dbc4ca8c7465e280b74f1ea

          Download Submit

        • \Users\Admin\AppData\Local\GagNb1GF4\XmlLite.dll
          Filesize

          692KB

          MD5

          52bb05a2f51cb4658cef7322f54df40c

          SHA1

          0a073476011425cd1ea66e52f789063b6a2ac5de

          SHA256

          83fbed51b3f0458e319ea1b82329efc306f59c2e52b39835183a8c92454cc633

          SHA512

          2dbce02b0e72f42c2dbe8d051d8242f6d46d80c7e9b34bb91d1333e4a7a8c2a5bdfae1d6b83c377d16b34b1eae917711b200f7af3bfa434317c159fa81b29acb

          Download Submit

        • \Users\Admin\AppData\Local\GagNb1GF4\wbengine.exe
          Filesize

          1.4MB

          MD5

          78f4e7f5c56cb9716238eb57da4b6a75

          SHA1

          98b0b9db6ec5961dbb274eff433a8bc21f7e557b

          SHA256

          46a4e78ce5f2a4b26f4e9c3ff04a99d9b727a82ac2e390a82a1611c3f6e0c9af

          SHA512

          1a24ea71624dbbca188ee3b4812e09bc42e7d38ceac02b69940d7693475c792685a23141c8faa85a87ab6aace3f951c1a81facb610d757ac6df37cf2aa65ccd2

          Download Submit

        • \Users\Admin\AppData\Local\pOjaW1X2\mstsc.exe
          Filesize

          1.1MB

          MD5

          50f739538ef014b2e7ec59431749d838

          SHA1

          b439762b8efe8cfb977e7374c11a7e4d8ed05eb3

          SHA256

          85c510c7fa8d64c70886ea01ec99e7b9064594f021a95b4cf88359421e732be3

          SHA512

          02e231ddc4ac012c597b9db42f8a77fbf35ca8253c030d443a0dd4db3d76a9ee1cced600f12d7bb06305e7a4da4a8fda980faad335adcb12738d80d453cb3cc8

          Download Submit

        • memory/1116-12-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-14-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-3-0x0000000077536000-0x0000000077537000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1116-11-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-10-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-9-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-8-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-7-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-24-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-26-0x00000000777D0000-0x00000000777D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1116-25-0x00000000777A0000-0x00000000777A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1116-36-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-35-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-4-0x0000000002D30000-0x0000000002D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1116-45-0x0000000077536000-0x0000000077537000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1116-13-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-15-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-6-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/1116-23-0x0000000002D10000-0x0000000002D17000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2380-88-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2380-90-0x00000000FFF50000-0x0000000100065000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2380-91-0x0000000140000000-0x00000001400AE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2440-72-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2440-70-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/2440-75-0x0000000140000000-0x00000001400AD000-memory.dmp

          Filesize

          692KB

          Download

        • memory/2564-58-0x0000000140000000-0x00000001400E0000-memory.dmp

          Filesize

          896KB

          Download

        • memory/2564-55-0x0000000000090000-0x0000000000097000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2564-53-0x0000000140000000-0x00000001400E0000-memory.dmp

          Filesize

          896KB

          Download

        • memory/2844-44-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/2844-0-0x0000000140000000-0x00000001400AC000-memory.dmp

          Filesize

          688KB

          Download

        • memory/2844-2-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download