Analysis
-
max time kernel
120s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
04-11-2024 16:18
General
-
Target
b6f78736575bea5b38983159e95a2f629265f4cd083f5773fc418b4c88ce0f41N.dll
-
Size
1.5MB
-
MD5
c026fef0b6c83c6a08c9087fc4fb41c0
-
SHA1
d029a15df448443c79f3880f07bad27cd0e514d7
-
SHA256
b6f78736575bea5b38983159e95a2f629265f4cd083f5773fc418b4c88ce0f41
-
SHA512
f5fb293ef024d11d6cae0142e199c134ce3ddd03bab007f41d07ca896ff7dd38cc86556174f1da5f6affeedd1e09d245680e294f7629c5b73fe9d9de7fa12a6d
-
SSDEEP
12288:SVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:PfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b6f78736575bea5b38983159e95a2f629265f4cd083f5773fc418b4c88ce0f41N.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\SystemPropertiesAdvanced.exeC:\Windows\system32\SystemPropertiesAdvanced.exe1⤵
-
C:\Users\Admin\AppData\Local\iTQ0dF5\SystemPropertiesAdvanced.exeC:\Users\Admin\AppData\Local\iTQ0dF5\SystemPropertiesAdvanced.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\SysResetErr.exeC:\Windows\system32\SysResetErr.exe1⤵
-
C:\Users\Admin\AppData\Local\sjrbJT2\SysResetErr.exeC:\Users\Admin\AppData\Local\sjrbJT2\SysResetErr.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\sdclt.exeC:\Windows\system32\sdclt.exe1⤵
-
C:\Users\Admin\AppData\Local\SCzD5\sdclt.exeC:\Users\Admin\AppData\Local\SCzD5\sdclt.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD5b6ee322a48ed5482a9c6a99b910f3936
SHA14f82d0b85c556c4cf884cae3c660e019c233cded
SHA256285cb55a8c7511a861a11aa40a02033853c479456ccc97a5f2ca8e4733228bc2
SHA512087b63e74cd767628fae21606d6f4f303407ffaddeeac4c1354b862931d4b31ef46e5ee108e45dade1fe9e95d090861e2ddac2faac19ef0a435a6a17a801032b
-
Filesize
1.2MB
MD5e09d48f225e7abcab14ebd3b8a9668ec
SHA11c5b9322b51c09a407d182df481609f7cb8c425d
SHA256efd238ea79b93d07852d39052f1411618c36e7597e8af0966c4a3223f0021dc3
SHA512384d606b90c4803e5144b4de24edc537cb22dd59336a18a58d229500ed36aec92c8467cae6d3f326647bd044d8074931da553c7809727fb70227e99c257df0b4
-
Filesize
1.5MB
MD57f46aeb679ae69fce0a826194df2664c
SHA16719d6cd638b51e1ef23ddd52b7b1651ee863494
SHA256f8118f658b108b1ed856c68f2f903261f9d990e226218eb0f157a9ae41c0473a
SHA51264cafb1feb76552f00be8087a9b1fa8ace67a240b21148670a7595cd44384cc0267eb2c7aa24c17017b3ef8c8de2ee8a16d7fdf294e20f7da0111a8b46aec93b
-
Filesize
82KB
MD5fa040b18d2d2061ab38cf4e52e753854
SHA1b1b37124e9afd6c860189ce4d49cebbb2e4c57bc
SHA256c61fa0f8c5d8d61110adbcceaa453a6c1d31255b3244dc7e3b605a4a931c245c
SHA512511f5981bd2c446f1f3039f6674f972651512305630bd688b1ef159af36a23cb836b43d7010b132a86b5f4d6c46206057abd31600f1e7dc930cb32ed962298a4
-
Filesize
1.8MB
MD5ea2c9c85835a628e9fca21b0740d3146
SHA126e4bbda18626523b11aa0f821cf598cbbd24486
SHA256993bace994056a24c1291c4437a7dcb77e9bdd94d29f349b8ef47dade9ea2610
SHA5125c40e0cbae15684c1fa5a213a2bd084fd61ce0e5a4a1151b816cc049a3c4832367e532eb4df1217013c7c6bde468b62bca2e99bbd2a98b2073c8f2c89ae8be7f
-
Filesize
41KB
MD5090c6f458d61b7ddbdcfa54e761b8b57
SHA1c5a93e9d6eca4c3842156cc0262933b334113864
SHA256a324e3ba7309164f215645a6db3e74ed35c7034cc07a011ebed2fa60fda4d9cd
SHA512c9ef79397f3a843dcf2bcb5f761d90a4bdadb08e2ca85a35d8668cb13c308b275ed6aa2c8b9194a1f29964e0754ad05e89589025a0b670656386a8d448a1f542
-
Filesize
1KB
MD5f5276d6275817417bb60449ec8ad8de8
SHA18488c24f03f100ae2fc6f104407d56555187e962
SHA25676c60b7dc3a3c7bc52a17b13e42d8c4c53a36667c7e74da82b6627d330796768
SHA512f48225e51ae3d9a888dcfaff192ed69256a1512580e7fef1e9003751d8fc2698eb8f324ec1b0c2d5905ff0537483139ce0f3dac028021d1ae97d75b98e5db10e
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
1.8MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
28KB
-
Filesize
64KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
28KB
-
Filesize
1.5MB
-
Filesize
1.5MB