Overview

overview

10

Static

static

3

6b21ae416b...b1.dll

windows7-x64

10

6b21ae416b...b1.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2024 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b21ae416bf419e549f6abcfb92a86c66282a97644a6c5a6bf5f7caabba771b1.dll

  • Size

    676KB

  • MD5

    22ed96db2681802352afcea9e3809193

  • SHA1

    2490ef64a6c9f8ca4d799a715f1dd677366dc6b7

  • SHA256

    6b21ae416bf419e549f6abcfb92a86c66282a97644a6c5a6bf5f7caabba771b1

  • SHA512

    5c1a7c0d48feacf2e28dd6094518ec0d1b1602fae4f42539291cf325e1b604b08f112234e6e63867e739d963a37dbae4823ac6f6985cc3f76485534f158d7cdb

  • SSDEEP

    6144:w34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:wIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 12 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b21ae416bf419e549f6abcfb92a86c66282a97644a6c5a6bf5f7caabba771b1.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2556
  • C:\Windows\system32\unregmp2.exe
    C:\Windows\system32\unregmp2.exe
    1⤵
      PID:2644
    • C:\Users\Admin\AppData\Local\y8K44JirY\unregmp2.exe
      C:\Users\Admin\AppData\Local\y8K44JirY\unregmp2.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      PID:2960
    • C:\Windows\system32\fveprompt.exe
      C:\Windows\system32\fveprompt.exe
      1⤵
        PID:840
      • C:\Users\Admin\AppData\Local\470v\fveprompt.exe
        C:\Users\Admin\AppData\Local\470v\fveprompt.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2200
      • C:\Windows\system32\msconfig.exe
        C:\Windows\system32\msconfig.exe
        1⤵
          PID:2916
        • C:\Users\Admin\AppData\Local\2GIX\msconfig.exe
          C:\Users\Admin\AppData\Local\2GIX\msconfig.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2924

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\2GIX\VERSION.dll
          Filesize

          680KB

          MD5

          7355fa116592067ac116b797ffbee8a6

          SHA1

          49146d210a55bbb01b5b481c3b9836c6d87a751c

          SHA256

          cc5a9b97c77c49809340bec71db4d85ffe9ff0f4c0737e997cf8779b39de30c6

          SHA512

          4543a9d3dec1fee9cf590d72639413a1babb51832e04138531ad4758e63ce9c285d4d73d84b385d9a48bb13f1c8f5650bf8febc626d2aa82dfc873a0379618f4

          Download Submit

        • C:\Users\Admin\AppData\Local\470v\slc.dll
          Filesize

          680KB

          MD5

          34cee7c031e33bdae058959e811cae66

          SHA1

          e6ff83732be800b275062cae499577cfffde662b

          SHA256

          1640ef03409c4c4ca930751e6454892dac8cd205386532aee1f10b587143f092

          SHA512

          e6eac6432868fca3155236cdf7423c181edc7ac69dce4b1abcbed80e9c1f1ae84d29bf0e738d0bf7cf3b1b0f1b58adae435fa275f577e77f559719c989ec9334

          Download Submit

        • C:\Users\Admin\AppData\Local\y8K44JirY\VERSION.dll
          Filesize

          680KB

          MD5

          305dd30b9282d9ffe5d4499754abd1ef

          SHA1

          b698f3d4fe7e8a117ae2c44febb2d539b0827a06

          SHA256

          e90af4f9e46f982465a4eb4ad8930ae6a12d547ca75fa59c0338551bc4daf0ad

          SHA512

          ce3b5125e874f4f05fb29e5e78a29215ccc052b2ab899c9d2970ce8ca828521b854bfe490dfdc680502e5eb797d4e9b683e87ab105a1df091b1fee8499090181

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Lcuygmmobxhxaxh.lnk
          Filesize

          988B

          MD5

          3c1c451861eaefa3d25c8ca7aefc07f3

          SHA1

          b59a8850b656b4543c4201d4f912bd31bc67b706

          SHA256

          ccfb4efd46f79e16a055085efd907a416feeaac418cde913afad93b743d909a2

          SHA512

          3352fd3a8cbcb9e77091de321cd6db1f8ceabfeb13176fcd008af0635a2263b4bc83bd2ee855447616d1c8d883218ea11f9d83ebd2be349ad6a28c12e5f5e161

          Download Submit

        • \Users\Admin\AppData\Local\2GIX\msconfig.exe
          Filesize

          293KB

          MD5

          e19d102baf266f34592f7c742fbfa886

          SHA1

          c9c9c45b7e97bb7a180064d0a1962429f015686d

          SHA256

          f3c8bb430f9c33e6caf06aaebde17b7fddcc55e8bb36cec2b9379038f1fca0b1

          SHA512

          1b9f1880dd3c26ae790b8eead641e73264f90dc7aa2645acc530aad20ad9d247db613e1725282c85bca98c4428ac255752a4f5c9b2a97f90908b7fe4167bb283

          Download Submit

        • \Users\Admin\AppData\Local\470v\fveprompt.exe
          Filesize

          104KB

          MD5

          dc2c44a23b2cd52bd53accf389ae14b2

          SHA1

          e36c7b6f328aa2ab2f52478169c52c1916f04b5f

          SHA256

          7f5b19f2c6a94833196ee1929d48094889b33b504d73d3af88dd857ceaf67921

          SHA512

          ff083f74777a9cfc940d4e0cb55886397e27c85f867de9a5dd9ea2c2751d2a77bf75fe0734e424d9678c83e927788d07d0b3072024f7e5a9848c7ff1aa4090dc

          Download Submit

        • \Users\Admin\AppData\Local\y8K44JirY\unregmp2.exe
          Filesize

          316KB

          MD5

          64b328d52dfc8cda123093e3f6e4c37c

          SHA1

          f68f45b21b911906f3aa982e64504e662a92e5ab

          SHA256

          7d6be433ba7dd4a2b8f8b79d7b87055da8daafa3e0404432d40469c39c2040e1

          SHA512

          e29fc068532df36f39c86b79392b5c6191de6f69b7beaba28f9ac96a26089b341b770ff29556eca14f57afd1de59a6f3726818482d6861bdd8ac556ae768df00

          Download Submit

        • memory/1188-27-0x00000000774D0000-0x00000000774D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1188-47-0x0000000077166000-0x0000000077167000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-16-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-15-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-14-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-13-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-12-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-11-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-9-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-8-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-25-0x0000000002EB0000-0x0000000002EB7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1188-26-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-28-0x0000000077500000-0x0000000077502000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1188-3-0x0000000077166000-0x0000000077167000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-37-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-38-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-4-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-17-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-18-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-7-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-6-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/1188-10-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/2200-75-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2200-73-0x000007FEF6510000-0x000007FEF65BA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/2200-78-0x000007FEF6510000-0x000007FEF65BA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/2556-46-0x000007FEF6A80000-0x000007FEF6B29000-memory.dmp

          Filesize

          676KB

          Download

        • memory/2556-2-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2556-0-0x000007FEF6A80000-0x000007FEF6B29000-memory.dmp

          Filesize

          676KB

          Download

        • memory/2924-90-0x000007FEF5F30000-0x000007FEF5FDA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/2924-94-0x000007FEF5F30000-0x000007FEF5FDA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/2960-60-0x00000000FF0B0000-0x00000000FF102000-memory.dmp

          Filesize

          328KB

          Download

        • memory/2960-61-0x000007FEF6B30000-0x000007FEF6BDA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/2960-57-0x0000000000180000-0x0000000000187000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2960-55-0x000007FEF6B30000-0x000007FEF6BDA000-memory.dmp

          Filesize

          680KB

          Download