Overview

overview

10

Static

static

3

6597980304...44.dll

windows7-x64

10

6597980304...44.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    29-10-2024 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65979803048ef965702275a6d180f60a3261af79d3481a928734c2733f48e844.dll

  • Size

    668KB

  • MD5

    a4f37163b83c99410a7f73b71ac16b14

  • SHA1

    12e6ca607d8e87186e39bfbe3997d36a21bbdf8b

  • SHA256

    65979803048ef965702275a6d180f60a3261af79d3481a928734c2733f48e844

  • SHA512

    fd742a781b4f5b1094cde0a7b1cbf0a48053639759dbe896eff4873f931d748ab556980223a062a1ada0a83d91f7bda51b856bd3ad40f6baabad7ab6d81d5d50

  • SSDEEP

    6144:y34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:yIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 12 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\65979803048ef965702275a6d180f60a3261af79d3481a928734c2733f48e844.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2124
  • C:\Windows\system32\eudcedit.exe
    C:\Windows\system32\eudcedit.exe
    1⤵
      PID:2940
    • C:\Users\Admin\AppData\Local\ffL4Pacm\eudcedit.exe
      C:\Users\Admin\AppData\Local\ffL4Pacm\eudcedit.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2796
    • C:\Windows\system32\mstsc.exe
      C:\Windows\system32\mstsc.exe
      1⤵
        PID:2732
      • C:\Users\Admin\AppData\Local\cbYwWJf\mstsc.exe
        C:\Users\Admin\AppData\Local\cbYwWJf\mstsc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2196
      • C:\Windows\system32\rdrleakdiag.exe
        C:\Windows\system32\rdrleakdiag.exe
        1⤵
          PID:1556
        • C:\Users\Admin\AppData\Local\yYDZmgItY\rdrleakdiag.exe
          C:\Users\Admin\AppData\Local\yYDZmgItY\rdrleakdiag.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1504

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\cbYwWJf\WINMM.dll
          Filesize

          676KB

          MD5

          32eec443f616c8c7a0443856df682035

          SHA1

          55b6da996012ea42c62e7de68e7c7d80044ac86d

          SHA256

          af97a0973dd890c7b3168f77bf9a6d4a4b6f543015b5246ff7a49b2940d679b6

          SHA512

          a65f0ca409e5fb5180eea6575c8b48b068b87d0c42417deb89bfb99bcc5570e6b058b80d08f80034bbe554cb6381a85ac307cdef639f19ef644a31b32b355f6c

          Download Submit

        • C:\Users\Admin\AppData\Local\ffL4Pacm\MFC42u.dll
          Filesize

          696KB

          MD5

          2dcc0336e5a0c85bf69bfa3aaf452149

          SHA1

          cbf15d7eb620e7c743f147e6301c76c8f3cac6dc

          SHA256

          130b91cf688e4f2d1be9195ee6c66700d3db9f9c09dc416936ba8689a2c65cdf

          SHA512

          c50e2b804be52de95dcdec2b8f102fd213a8e9fa42c5563a6e61bb0a9336d811a7fdf5639b80ffcd92a9f6697e6b99fb0ef2b91954edc175ce0848f39e1ac10e

          Download Submit

        • C:\Users\Admin\AppData\Local\yYDZmgItY\wer.dll
          Filesize

          672KB

          MD5

          3dcc1d96a4036921bade07424eaa6116

          SHA1

          611d898a7e5752fe2a659d1f4169d50c596721ae

          SHA256

          bb0b361f018c43f0dc5fb36d711256e2f0c638ceb4e54cc73a791213571ada1f

          SHA512

          9bb30812cc3695b639cfa304088b2c00dfbb01d028811f6afb8d95566734d6d77afd6352fb8c32dba202df790858190040ecb89b4c21767cfec1e3bea1a51f39

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Phjwnjj.lnk
          Filesize

          1KB

          MD5

          799c56f38b7ec2bf8717523c17c2f41c

          SHA1

          e6532cf4afccf2f439f6272a02db2ca9a4a2f3fc

          SHA256

          d89b8756454e9479553d51e81d3027d468b7a3237bcb6d592ed9badd679737de

          SHA512

          06bf2d767551b144d46458e61422d689e4ba71e5297b730eeb5e738468c77bb297106548112b4951befb8f304ee628170b84182bb13b03d377f697fdfd73c602

          Download Submit

        • \Users\Admin\AppData\Local\cbYwWJf\mstsc.exe
          Filesize

          1.1MB

          MD5

          50f739538ef014b2e7ec59431749d838

          SHA1

          b439762b8efe8cfb977e7374c11a7e4d8ed05eb3

          SHA256

          85c510c7fa8d64c70886ea01ec99e7b9064594f021a95b4cf88359421e732be3

          SHA512

          02e231ddc4ac012c597b9db42f8a77fbf35ca8253c030d443a0dd4db3d76a9ee1cced600f12d7bb06305e7a4da4a8fda980faad335adcb12738d80d453cb3cc8

          Download Submit

        • \Users\Admin\AppData\Local\ffL4Pacm\eudcedit.exe
          Filesize

          351KB

          MD5

          35e397d6ca8407b86d8a7972f0c90711

          SHA1

          6b39830003906ef82442522d22b80460c03f6082

          SHA256

          1f64118bdc3515e8e9fce6ad182f6d0c8a6528d638fedb4901a6152cde4c7cde

          SHA512

          71b0c4ac120e5841308b0c19718bdc28366b0d79c8177091328ef5421392b9ee5e4758816ffb8c0977f178e1b33ed064f64781eaf7d6952878dc8aea402f035e

          Download Submit

        • \Users\Admin\AppData\Local\yYDZmgItY\rdrleakdiag.exe
          Filesize

          39KB

          MD5

          5e058566af53848541fa23fba4bb5b81

          SHA1

          769ce3bfc45e4d56ed01dbeeeca7be22f9b9eed6

          SHA256

          ae83b050fa722da7e4b19fc3d534f0126b1ec055643bb1f267b85b55160f4409

          SHA512

          352029cf0af7583a4c525cfd1da7467446bac410a885b2768d8052f39577ccce85b21d5bd946be6bf8341e7308c8e4f645e4d79232b93aaf6a92d6cd55f598d0

          Download Submit

        • memory/1176-25-0x0000000077E50000-0x0000000077E52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1176-45-0x0000000077BE6000-0x0000000077BE7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1176-14-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-13-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-12-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-11-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-10-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-9-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-7-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-24-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-26-0x0000000077E80000-0x0000000077E82000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1176-3-0x0000000077BE6000-0x0000000077BE7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1176-35-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-36-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-4-0x0000000002D40000-0x0000000002D41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1176-15-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-16-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-23-0x00000000025E0000-0x00000000025E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1176-6-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1176-8-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1504-87-0x000007FEF75B0000-0x000007FEF7658000-memory.dmp

          Filesize

          672KB

          Download

        • memory/1504-91-0x000007FEF75B0000-0x000007FEF7658000-memory.dmp

          Filesize

          672KB

          Download

        • memory/2124-44-0x000007FEF7C40000-0x000007FEF7CE7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/2124-0-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2124-1-0x000007FEF7C40000-0x000007FEF7CE7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/2196-70-0x0000000000130000-0x0000000000137000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2196-71-0x000007FEF75B0000-0x000007FEF7659000-memory.dmp

          Filesize

          676KB

          Download

        • memory/2196-75-0x000007FEF75B0000-0x000007FEF7659000-memory.dmp

          Filesize

          676KB

          Download

        • memory/2796-58-0x000007FEF7C40000-0x000007FEF7CEE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2796-54-0x000007FEF7C40000-0x000007FEF7CEE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2796-53-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download