Overview

overview

10

Static

static

3

a130c1024a...24.dll

windows7-x64

10

a130c1024a...24.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2024 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a130c1024af7fcf7867614670b20c294d55f5b579a62b2dc630f5cf067863d24.dll

  • Size

    680KB

  • MD5

    f6fd2fc4f63d0ba67c61851cef213a49

  • SHA1

    fe874064329ea907423131cf7a64d0f3b6461d2d

  • SHA256

    a130c1024af7fcf7867614670b20c294d55f5b579a62b2dc630f5cf067863d24

  • SHA512

    3e85f9fc2ea96bd35a36ffcdba6f7c54665666e6cb2eabdf6d5f2bc01dbc6e7b3c64f92e2e3ef626e5fac743527eebdb3698840bf6e0bafa3eeab04a922aa4b1

  • SSDEEP

    6144:e34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:eIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 11 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a130c1024af7fcf7867614670b20c294d55f5b579a62b2dc630f5cf067863d24.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2556
  • C:\Windows\system32\Netplwiz.exe
    C:\Windows\system32\Netplwiz.exe
    1⤵
      PID:2348
    • C:\Users\Admin\AppData\Local\sIvDqhc\Netplwiz.exe
      C:\Users\Admin\AppData\Local\sIvDqhc\Netplwiz.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2992
    • C:\Windows\system32\SystemPropertiesComputerName.exe
      C:\Windows\system32\SystemPropertiesComputerName.exe
      1⤵
        PID:2768
      • C:\Users\Admin\AppData\Local\zyi1g\SystemPropertiesComputerName.exe
        C:\Users\Admin\AppData\Local\zyi1g\SystemPropertiesComputerName.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1036
      • C:\Windows\system32\dccw.exe
        C:\Windows\system32\dccw.exe
        1⤵
          PID:1884
        • C:\Users\Admin\AppData\Local\vemxjd2B\dccw.exe
          C:\Users\Admin\AppData\Local\vemxjd2B\dccw.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2604

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\sIvDqhc\NETPLWIZ.dll
          Filesize

          684KB

          MD5

          60ad6df923efae518db0f55549db809d

          SHA1

          036de7974461361fefd96e6eecb0510828e40166

          SHA256

          afdf3846a89fd81a076ef7a1e906d315d53b1fe46692c05fc48944c8b8b39105

          SHA512

          650a908101008f32f0df052062b1eed68503b77597a070ed9de4ad5276620b66c31f3197200aba6f286a7166cbc3f01297225f7ec0907003ac3cefee24b52e7b

          Download Submit

        • C:\Users\Admin\AppData\Local\vemxjd2B\dxva2.dll
          Filesize

          684KB

          MD5

          2ad2a3d6821d2ed6f599477fa62fdd4e

          SHA1

          1cff333be0b887493795a6711eb0b4a7b3066fdd

          SHA256

          92acb58bb9290cfb76f200a24ebebbdefe0710e231ddf4f3e830be1c2c5fcd48

          SHA512

          0619c54b9204ccef6f1f5b8c720d605d2a0ee168059a9205c5b34bd4b32caefbfc73e552accb05012112769b7fd15b4a27dcdae81528fe9fec7e06d46a823107

          Download Submit

        • C:\Users\Admin\AppData\Local\zyi1g\SYSDM.CPL
          Filesize

          684KB

          MD5

          ff806886e698ab7ea7253ad9087f1c60

          SHA1

          c8b750784014b14c836514458eff2428a32a591c

          SHA256

          c694eb981c5d800109614d72bff86e1df0f3b3d687804307b8bb7abe17efce09

          SHA512

          20a7acf33e2a4421b28481fe5a48231e1471182e4cf1aa0282a651feec1028da38673ef0cc7e818fb76cfab41be9936505048dac0397744338d38614519cfd52

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Phjwnjj.lnk
          Filesize

          1KB

          MD5

          4dbfe3e0bf61805dcde4d41070195869

          SHA1

          652ebede51a8c878bbe673e601fdb1be24556fdd

          SHA256

          9fc527b584f9543d4be0fe1e89065068d59e8b18f2303b27029a5ce4a4a16739

          SHA512

          d88a8ca0c1da9c4a6ddd9310944c40bb8b4c45c7627470d7dbd4f0d93ade8488c43898cc379a2ef6ca53a874e807eac7e86bacfab16dc3d27f96ffde183de318

          Download Submit

        • \Users\Admin\AppData\Local\sIvDqhc\Netplwiz.exe
          Filesize

          26KB

          MD5

          e43ec3c800d4c0716613392e81fba1d9

          SHA1

          37de6a235e978ecf3bb0fc2c864016c5b0134348

          SHA256

          636606415a85a16a7e6c5c8fcbdf35494991bce1c37dfc19c75ecb7ce12dc65c

          SHA512

          176c6d8b87bc5a9ca06698e2542ff34d474bcbbf21278390127981366eda89769bd9dd712f3b34f4dd8332a0b40ee0e609276400f16b51999471c8ff24522a08

          Download Submit

        • \Users\Admin\AppData\Local\vemxjd2B\dccw.exe
          Filesize

          861KB

          MD5

          a46cee731351eb4146db8e8a63a5c520

          SHA1

          8ea441e4a77642e12987ac842b36034230edd731

          SHA256

          283526a98a83524d21ff23f9109754c6587380b67f74cc02a9a4cd56fdb720d5

          SHA512

          3573c0ae21406db0c6fdda7c065fabde03235bde7f5589910822500bdfa37144f59f6e58e753e7347b899998db1dcb28050ac5a4e2c611558ae5fa405fbbc5cc

          Download Submit

        • \Users\Admin\AppData\Local\zyi1g\SystemPropertiesComputerName.exe
          Filesize

          80KB

          MD5

          bd889683916aa93e84e1a75802918acf

          SHA1

          5ee66571359178613a4256a7470c2c3e6dd93cfa

          SHA256

          0e22894595891a9ff9706e03b3db31a751541c4a773f82420fce57237d6c47cf

          SHA512

          9d76de848b319f44657fb7fbe5a3b927774ae999362ff811a199002ffa77ad9e1638a65a271388e605ab5e5a7cb6ce5aa7fcabc3ed583ade00eaa4c265552026

          Download Submit

        • memory/1036-76-0x000007FEF67B0000-0x000007FEF685B000-memory.dmp

          Filesize

          684KB

          Download

        • memory/1036-72-0x000007FEF67B0000-0x000007FEF685B000-memory.dmp

          Filesize

          684KB

          Download

        • memory/1188-8-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-47-0x0000000076E86000-0x0000000076E87000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-15-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-14-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-13-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-12-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-11-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-10-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-9-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-3-0x0000000076E86000-0x0000000076E87000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-28-0x0000000077220000-0x0000000077222000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1188-27-0x00000000771F0000-0x00000000771F2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1188-38-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-37-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-4-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-16-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-17-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-18-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-6-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-7-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-26-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/1188-25-0x0000000002DA0000-0x0000000002DA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2556-46-0x000007FEF6F30000-0x000007FEF6FDA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/2556-0-0x0000000000230000-0x0000000000237000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2556-1-0x000007FEF6F30000-0x000007FEF6FDA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/2604-92-0x000007FEF67B0000-0x000007FEF685B000-memory.dmp

          Filesize

          684KB

          Download

        • memory/2992-60-0x000007FEF6FE0000-0x000007FEF708B000-memory.dmp

          Filesize

          684KB

          Download

        • memory/2992-56-0x000007FEF6FE0000-0x000007FEF708B000-memory.dmp

          Filesize

          684KB

          Download

        • memory/2992-55-0x0000000000280000-0x0000000000287000-memory.dmp

          Filesize

          28KB

          Download