Overview

overview

10

Static

static

3

f4a8f6ec84...6b.dll

windows7-x64

10

f4a8f6ec84...6b.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2024, 00:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f4a8f6ec846b2fbe5edf0dc402093eceb69b87819e58953cada2d3c410c1476b.dll

  • Size

    1.4MB

  • MD5

    16bb8e25d3d2f866cbf6826bb90fd325

  • SHA1

    ce86cea88918e556a9d0d2061c332da8e7513623

  • SHA256

    f4a8f6ec846b2fbe5edf0dc402093eceb69b87819e58953cada2d3c410c1476b

  • SHA512

    53321d6e37c9be3be9970ec3a69d84c049e022d071e47a03b922149b453493f531eb4f2afbaee0110d2ba4b87414c653015dd7f85d31fb41848063891b6bee72

  • SSDEEP

    12288:TkMZ+g4TyilMqFvPIV93i/S0hzmOBt5nihfSxI/mhjEvqJ0D/eAQsroXAkH64C:TkMZ+gf4ltGd8H1fYO0q2G1Ah

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f4a8f6ec846b2fbe5edf0dc402093eceb69b87819e58953cada2d3c410c1476b.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1916
  • C:\Windows\system32\dialer.exe
    C:\Windows\system32\dialer.exe
    1⤵
      PID:2968
    • C:\Users\Admin\AppData\Local\WwGocV\dialer.exe
      C:\Users\Admin\AppData\Local\WwGocV\dialer.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2708
    • C:\Windows\system32\dwm.exe
      C:\Windows\system32\dwm.exe
      1⤵
        PID:2484
      • C:\Users\Admin\AppData\Local\GU3fUE2iB\dwm.exe
        C:\Users\Admin\AppData\Local\GU3fUE2iB\dwm.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2940
      • C:\Windows\system32\fveprompt.exe
        C:\Windows\system32\fveprompt.exe
        1⤵
          PID:1156
        • C:\Users\Admin\AppData\Local\iDMJF\fveprompt.exe
          C:\Users\Admin\AppData\Local\iDMJF\fveprompt.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1256

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\GU3fUE2iB\UxTheme.dll
                Filesize

                1.4MB

                MD5

                4b08b3dad475a1e3a370c88ff7b6fda6

                SHA1

                5c31687b50edd30da716c27eef8aef17e57e4217

                SHA256

                75397bfa5680b4660d358f5b28b6b56ad0734dfa916d57a9867873ba03f16c90

                SHA512

                6dd6639d63b9c3eb330cf6e7e9095b4b8252bc42531c949688a33fe56f98cd87c7976bb5475e2ba3e5c5e74e516e4e057d995cdfdc2eeb1066cf6b51f87927fb

                Download Submit

              • C:\Users\Admin\AppData\Local\GU3fUE2iB\dwm.exe
                Filesize

                117KB

                MD5

                f162d5f5e845b9dc352dd1bad8cef1bc

                SHA1

                35bc294b7e1f062ef5cb5fa1bd3fc942a3e37ae2

                SHA256

                8a7b7528db30ab123b060d8e41954d95913c07bb40cdae32e97f9edb0baf79c7

                SHA512

                7077e800453a4564a24af022636a2f6547bdae2c9c6f4ed080d0c98415ecc4fbf538109cbebd456e321b9b74a00613d647b63998e31925fbd841fc9d4613e851

                Download Submit

              • C:\Users\Admin\AppData\Local\WwGocV\TAPI32.dll
                Filesize

                1.4MB

                MD5

                b7128edea15b59335ada413fecb6586f

                SHA1

                2b13bf0f1fd720ed3478c56f158d036ecb7148cb

                SHA256

                a0259c44cb0548cade05ff5134419452ea5072a8a52ced2a060b77b13f25caca

                SHA512

                8c65ddbcd6d3c97a9583df9c7ad5c0389f97b3409dd155132c937ef64bb066e16d6c302f1e016b9aae211fd4d25bd3da0b2f7fae43baec057da4ef9cc3196587

                Download Submit

              • C:\Users\Admin\AppData\Local\iDMJF\slc.dll
                Filesize

                1.4MB

                MD5

                21c6c5d0ffc36bb069e9f58cba70e557

                SHA1

                8b7333bb487a90de696582cadecbfae54b4b8567

                SHA256

                101128e076d34458b20cc0417e04bcc9d213e3046e41ab453b7cb1ebce7b31bd

                SHA512

                ba5abe7b51f9363337dac51f120d77d1b21e302194be670209b305de0642fa836bbdb74e293f3a4ca6933477b58bbb6fe4f9a6e800476e8e6081c096306b3040

                Download Submit

              • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ukatmrkmywz.lnk
                Filesize

                1KB

                MD5

                451ece50eebb890831a40f1b62799047

                SHA1

                4f75fb19584b5151008ac9a2bcb39030d973e822

                SHA256

                65d4fc668a2d6c20a2732dddba92f3a285b6d84669285011b6f1eee86140e697

                SHA512

                9886e04e8d4203d88b6d170d9208d8c84297f3b87c021b747139879e9676b2685256b3694e7c0ba1033b27b2bdb16f733512ae2c2b400cf52513e6ff4c1a5914

                Download Submit

              • \Users\Admin\AppData\Local\WwGocV\dialer.exe
                Filesize

                34KB

                MD5

                46523e17ee0f6837746924eda7e9bac9

                SHA1

                d6b2a9cc6bd3588fa9804ada5197afda6a9e034b

                SHA256

                23d8a6a1d847a324c556c30e10c8f63c2004aeb42ac3f5a5ca362077f1517382

                SHA512

                c7117c3778650864e685bd89df599d7cdd9319d757344ddc7cfd9403d6673964127f6ff0c5ac48455fd3097af31a6ff09173f85dfa7be2d25f395cdf3692bb9a

                Download Submit

              • \Users\Admin\AppData\Local\iDMJF\fveprompt.exe
                Filesize

                104KB

                MD5

                dc2c44a23b2cd52bd53accf389ae14b2

                SHA1

                e36c7b6f328aa2ab2f52478169c52c1916f04b5f

                SHA256

                7f5b19f2c6a94833196ee1929d48094889b33b504d73d3af88dd857ceaf67921

                SHA512

                ff083f74777a9cfc940d4e0cb55886397e27c85f867de9a5dd9ea2c2751d2a77bf75fe0734e424d9678c83e927788d07d0b3072024f7e5a9848c7ff1aa4090dc

                Download Submit

              • memory/1196-11-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-39-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-13-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-27-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-26-0x00000000021B0000-0x00000000021B7000-memory.dmp

                Filesize

                28KB

                Download

              • memory/1196-18-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-17-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-16-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-15-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-14-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-12-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-3-0x0000000077076000-0x0000000077077000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1196-29-0x0000000077410000-0x0000000077412000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1196-28-0x00000000773E0000-0x00000000773E2000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1196-38-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-7-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-4-0x00000000025B0000-0x00000000025B1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1196-48-0x0000000077076000-0x0000000077077000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1196-8-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-9-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-6-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1196-10-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1256-91-0x0000000140000000-0x0000000140169000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1916-47-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1916-2-0x00000000002A0000-0x00000000002A7000-memory.dmp

                Filesize

                28KB

                Download

              • memory/1916-0-0x0000000140000000-0x0000000140168000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/2708-61-0x0000000140000000-0x000000014016A000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/2708-57-0x0000000140000000-0x000000014016A000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/2708-56-0x0000000000100000-0x0000000000107000-memory.dmp

                Filesize

                28KB

                Download

              • memory/2940-73-0x0000000140000000-0x0000000140169000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/2940-76-0x0000000001E70000-0x0000000001E77000-memory.dmp

                Filesize

                28KB

                Download

              • memory/2940-77-0x0000000140000000-0x0000000140169000-memory.dmp

                Filesize

                1.4MB

                Download