Overview

overview

10

Static

static

3

6597980304...44.dll

windows7-x64

10

6597980304...44.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-10-2024 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65979803048ef965702275a6d180f60a3261af79d3481a928734c2733f48e844.dll

  • Size

    668KB

  • MD5

    a4f37163b83c99410a7f73b71ac16b14

  • SHA1

    12e6ca607d8e87186e39bfbe3997d36a21bbdf8b

  • SHA256

    65979803048ef965702275a6d180f60a3261af79d3481a928734c2733f48e844

  • SHA512

    fd742a781b4f5b1094cde0a7b1cbf0a48053639759dbe896eff4873f931d748ab556980223a062a1ada0a83d91f7bda51b856bd3ad40f6baabad7ab6d81d5d50

  • SSDEEP

    6144:y34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:yIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\65979803048ef965702275a6d180f60a3261af79d3481a928734c2733f48e844.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1164
  • C:\Windows\system32\ie4ushowIE.exe
    C:\Windows\system32\ie4ushowIE.exe
    1⤵
      PID:4736
    • C:\Users\Admin\AppData\Local\Lca\ie4ushowIE.exe
      C:\Users\Admin\AppData\Local\Lca\ie4ushowIE.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3916
    • C:\Windows\system32\DevicePairingWizard.exe
      C:\Windows\system32\DevicePairingWizard.exe
      1⤵
        PID:3620
      • C:\Users\Admin\AppData\Local\pRCc\DevicePairingWizard.exe
        C:\Users\Admin\AppData\Local\pRCc\DevicePairingWizard.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4516
      • C:\Windows\system32\SystemSettingsRemoveDevice.exe
        C:\Windows\system32\SystemSettingsRemoveDevice.exe
        1⤵
          PID:1920
        • C:\Users\Admin\AppData\Local\YdHcW7\SystemSettingsRemoveDevice.exe
          C:\Users\Admin\AppData\Local\YdHcW7\SystemSettingsRemoveDevice.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1128

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Lca\VERSION.dll
          Filesize

          672KB

          MD5

          1c7d45b7af9cf818c613e09636b1b6a3

          SHA1

          a2a55b88fd87f94c22884eaa399cb4a70af7fc6b

          SHA256

          ae354227c1071fba00de994613ab2bf626c12f1412af9745ace09a23506a9a8b

          SHA512

          c83c60b2dd4f9cfbaea5e18e7c313801e67b6321834bceb916ac39a7ef79d2247223d54e7a590de6ee562ffba367c4663d62105327ac2740ee783f97378b5bd7

          Download Submit

        • C:\Users\Admin\AppData\Local\Lca\ie4ushowIE.exe
          Filesize

          76KB

          MD5

          9de952f476abab0cd62bfd81e20a3deb

          SHA1

          109cc4467b78dad4b12a3225020ea590bccee3e6

          SHA256

          e9cb6336359ac6f71ac75af2836efb28daa3bafd10a1f0b775dcdc2ec8850a6b

          SHA512

          3cbe50a146ca50b0657a78a2d89a34630c69823005668906785b2d2015cc6139c8dbbf7aefa5fe55957ef55ae06e758933b3b41eaf822e49dba3b7700582e2c9

          Download Submit

        • C:\Users\Admin\AppData\Local\YdHcW7\DUI70.dll
          Filesize

          948KB

          MD5

          49afca110badfaea6f15ac4ed474248c

          SHA1

          0f31a4f2e6c419bd8dbbef93f5b0367ff23b6c3f

          SHA256

          b7862bdff3c0c4de01583ec6326a283478a7501580e52c18394db9442020c238

          SHA512

          3421477c69adee2977bd9f2fc8da250e737cb9e596c6235392456ac319502e9ae94ead190997120878f551ac92d0f1045ff08fc6c402a8c45caaf5cb19b2e13b

          Download Submit

        • C:\Users\Admin\AppData\Local\YdHcW7\SystemSettingsRemoveDevice.exe
          Filesize

          39KB

          MD5

          7853f1c933690bb7c53c67151cbddeb0

          SHA1

          d47a1ad0ccba4c988c8ffc5cbf9636fd4f4fa6e6

          SHA256

          9500731b2a3442f11dfd08a8adfe027e7f32ef5834c628eed4b78be74168470d

          SHA512

          831993d610539d44422d769de6561a4622e1b9cb3d73253774b6cecabf57654a74cd88b4ebe20921585ea96d977225b9501f02a0f6a1fc7d2cad6824fd539304

          Download Submit

        • C:\Users\Admin\AppData\Local\pRCc\DevicePairingWizard.exe
          Filesize

          93KB

          MD5

          d0e40a5a0c7dad2d6e5040d7fbc37533

          SHA1

          b0eabbd37a97a1abcd90bd56394f5c45585699eb

          SHA256

          2adaf3a5d3fde149626e3fef0e943c7029a135c04688acf357b2d8d04c81981b

          SHA512

          1191c2efcadd53b74d085612025c44b6cd54dd69493632950e30ada650d5ed79e3468c138f389cd3bc21ea103059a63eb38d9d919a62d932a38830c93f57731f

          Download Submit

        • C:\Users\Admin\AppData\Local\pRCc\MFC42u.dll
          Filesize

          696KB

          MD5

          4bc53c99539ca15178c6c50187dab4cc

          SHA1

          d9040d06c6d66df340a9e998e43353ee8c32c3c2

          SHA256

          ae5a3dd2f6050fb2652bd26feef638df5ac3eecbc7509f1cc38c7d6842d4604f

          SHA512

          4019ebe471a10fd19bbd109f24dce73f8153398ccbcda93a0c5e4b59fee59c18e5ab58f6fe3ce8e53191f45a7cdbe803130abb4e15a3b1889dac6a8349998a69

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Womuvunldsugi.lnk
          Filesize

          1KB

          MD5

          c6d5ccae63edcba01be1e5abc25aa340

          SHA1

          3adf665c633ab1b2e37ef34a9cc45924bbc2f6d9

          SHA256

          ab5a49864eefdcd51f626a9c801c7a272c5e30aff816cdc2db0a65dc6974efe9

          SHA512

          ae6b75f0ac0b0330c4a72d2b9b134950d093baef354df5563dc1235c21dd0aa9523740eeccd7de4411e6170a3537c9d2b338a8669d307bda0a850899edd75b71

          Download Submit

        • memory/1128-81-0x00007FF9029E0000-0x00007FF902ACD000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1128-77-0x00007FF9029E0000-0x00007FF902ACD000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1164-38-0x00007FF9123A0000-0x00007FF912447000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1164-2-0x00007FF9123A0000-0x00007FF912447000-memory.dmp

          Filesize

          668KB

          Download

        • memory/1164-0-0x0000000002280000-0x0000000002287000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3368-24-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-11-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-7-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-6-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-3-0x0000000007270000-0x0000000007271000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-26-0x00007FF920610000-0x00007FF920620000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3368-25-0x00007FF920620000-0x00007FF920630000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3368-35-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-10-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-15-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-5-0x00007FF92037A000-0x00007FF92037B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3368-9-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-8-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-13-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-12-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-14-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-16-0x0000000140000000-0x00000001400A7000-memory.dmp

          Filesize

          668KB

          Download

        • memory/3368-23-0x0000000006CE0000-0x0000000006CE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3916-47-0x000001D326470000-0x000001D326477000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3916-50-0x00007FF902A70000-0x00007FF902B18000-memory.dmp

          Filesize

          672KB

          Download

        • memory/3916-45-0x00007FF902A70000-0x00007FF902B18000-memory.dmp

          Filesize

          672KB

          Download

        • memory/4516-66-0x00007FF902A20000-0x00007FF902ACE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/4516-61-0x00007FF902A20000-0x00007FF902ACE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/4516-63-0x0000028C7EA70000-0x0000028C7EA77000-memory.dmp

          Filesize

          28KB

          Download