Overview

overview

10

Static

static

3

02381d7d55...be.dll

windows7-x64

10

02381d7d55...be.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-10-2024 20:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02381d7d554ad7da5ee83db9cb0de32a4c83a05525750c8a89d8152a383725be.dll

  • Size

    1.4MB

  • MD5

    48ed0fa711c99b5dd370d33fd7283d7e

  • SHA1

    afc37df20ce5ebeff233832df9e90027589efddb

  • SHA256

    02381d7d554ad7da5ee83db9cb0de32a4c83a05525750c8a89d8152a383725be

  • SHA512

    c6a8e79fc63d5354221e45ea9e2cde1e079f4916f0cb53377b131f3d477fcb3d6650f79cd10fa8331e36947e335c032755027db07916d0c40d55c56553082935

  • SSDEEP

    12288:TkMZ+g4TyilMqFvPIV93i/S0hzmOBt5nihfSxI/mhjEvqJ0D/eAQsroXAkH64C:TkMZ+gf4ltGd8H1fYO0q2G1Ah

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\02381d7d554ad7da5ee83db9cb0de32a4c83a05525750c8a89d8152a383725be.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1736
  • C:\Windows\system32\Utilman.exe
    C:\Windows\system32\Utilman.exe
    1⤵
      PID:2648
    • C:\Users\Admin\AppData\Local\aQt6\Utilman.exe
      C:\Users\Admin\AppData\Local\aQt6\Utilman.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2600
    • C:\Windows\system32\rrinstaller.exe
      C:\Windows\system32\rrinstaller.exe
      1⤵
        PID:668
      • C:\Users\Admin\AppData\Local\aLpggal\rrinstaller.exe
        C:\Users\Admin\AppData\Local\aLpggal\rrinstaller.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1944
      • C:\Windows\system32\eudcedit.exe
        C:\Windows\system32\eudcedit.exe
        1⤵
          PID:2668
        • C:\Users\Admin\AppData\Local\rvJ0Fw\eudcedit.exe
          C:\Users\Admin\AppData\Local\rvJ0Fw\eudcedit.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2856

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\aLpggal\MFPlat.DLL
          Filesize

          1.4MB

          MD5

          71961a7eab625d987afc3832766798c7

          SHA1

          2c2e4f093d6db6051969db6759ae026ddb7e8926

          SHA256

          62ef72edf9c4df98f64ec16a1c61675f7a38db79e7272e6fa75329646213d078

          SHA512

          d596e25faffccf66c2a375960643526598ee92a0cd47845b6155635fedb3523b562558b2c59105d6bfd2670990280876b842896a891fba74293d362b5b1e573e

          Download Submit

        • C:\Users\Admin\AppData\Local\aQt6\DUI70.dll
          Filesize

          1.6MB

          MD5

          6dbe4987109acf78b520b67d1abb12ea

          SHA1

          fe1352332912d2e2b27ab135306182547d13ea85

          SHA256

          2d08da3d3e63068dd8db2673ad2e0cae8296797ce0cc500930876d352548dbd2

          SHA512

          042a6e1e2a69b167962a7152d0b59884ab55d73a1756ca8b4af7d73687502f39aa1d790add6b5c5b32d410499051a0f820768b1c83c5ab2224f2eef673a12fb3

          Download Submit

        • C:\Users\Admin\AppData\Local\rvJ0Fw\MFC42u.dll
          Filesize

          1.4MB

          MD5

          9b2604b3079d62189cbd29817a21f705

          SHA1

          b7a0d38afb2cbed9aa36de620eff663161fbbe18

          SHA256

          3fe59b1393267850244f4f29884f7d794377371c0938e39a97a2779bfa3f23b7

          SHA512

          a5c74ff7aaa1853c9fbaec9ad2a994ade6c28a33cedaa3057c70e4d062846ea1eb9ac1489d734fe586f8fcc6b4936c3c6b065d0648b5f616563ab9a3490ae244

          Download Submit

        • C:\Users\Admin\AppData\Local\rvJ0Fw\eudcedit.exe
          Filesize

          351KB

          MD5

          35e397d6ca8407b86d8a7972f0c90711

          SHA1

          6b39830003906ef82442522d22b80460c03f6082

          SHA256

          1f64118bdc3515e8e9fce6ad182f6d0c8a6528d638fedb4901a6152cde4c7cde

          SHA512

          71b0c4ac120e5841308b0c19718bdc28366b0d79c8177091328ef5421392b9ee5e4758816ffb8c0977f178e1b33ed064f64781eaf7d6952878dc8aea402f035e

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Adlnwv.lnk
          Filesize

          1003B

          MD5

          4a97b4079470dc8d7efd12e7f4df9ca8

          SHA1

          eee8a4332378fc7376b0729445fa9e300bcc89b0

          SHA256

          d023a7dcd202446421af406d28c5ee51341069eff4d4f2a2c8b29975af542be0

          SHA512

          7bb90c200997e47be6e77239ca0c631a44c673f58a254a27bef349f125602aac16528e36add358e5b7f8a2d4cae84c843f0278ff11592ee0744ea9d2de6fa4a4

          Download Submit

        • \Users\Admin\AppData\Local\aLpggal\rrinstaller.exe
          Filesize

          54KB

          MD5

          0d3a73b0b30252680b383532f1758649

          SHA1

          9f098d2037e4dd94eca6d04c37b3d4ad8b0cc931

          SHA256

          fc8a992b6ac311e1b1491ec3e31e273a41f7fdf3f68176321307b68489a03fbc

          SHA512

          a7961f4d8d0e07959d1501d721c7751b01af6704c7da5c1f31e40de5372ee6a1fce2f3e0077c8e6a1bed017e11ce4be9b0d17c04e30b222fb3f0df67b870b2d4

          Download Submit

        • \Users\Admin\AppData\Local\aQt6\Utilman.exe
          Filesize

          1.3MB

          MD5

          32c5ee55eadfc071e57851e26ac98477

          SHA1

          8f8d0aee344e152424143da49ce2c7badabb8f9d

          SHA256

          7ca90616e68bc851f14658a366d80f21ddb7a7dd8a866049e54651158784a9ea

          SHA512

          e0943efa81f3087c84a5909c72a436671ee8cc3cc80154901430e83ec7966aac800ad4b26f4a174a0071da617c0982ceda584686c6e2056e1a83e864aca6c975

          Download Submit

        • memory/1204-14-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-48-0x0000000076FB6000-0x0000000076FB7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-15-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-3-0x0000000076FB6000-0x0000000076FB7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-13-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-12-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-11-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-10-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-9-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-8-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-27-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-18-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-29-0x0000000077250000-0x0000000077252000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-28-0x0000000077220000-0x0000000077222000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-38-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-40-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-4-0x0000000002540000-0x0000000002541000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1204-16-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-19-0x0000000002520000-0x0000000002527000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1204-17-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-6-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1204-7-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1736-47-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1736-2-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1736-0-0x0000000140000000-0x0000000140167000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1944-73-0x0000000000090000-0x0000000000097000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1944-74-0x0000000140000000-0x0000000140169000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/1944-78-0x0000000140000000-0x0000000140169000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2600-61-0x0000000140000000-0x000000014019B000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2600-58-0x0000000000410000-0x0000000000417000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2600-56-0x0000000140000000-0x000000014019B000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2856-90-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2856-94-0x0000000140000000-0x000000014016E000-memory.dmp

          Filesize

          1.4MB

          Download