Overview

overview

10

Static

static

3

75f422efd2...16.dll

windows7-x64

10

75f422efd2...16.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2024 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75f422efd262f9ac592bce3923b002004354138d2c5517bcacc87d5c24cbda16.dll

  • Size

    700KB

  • MD5

    558bbcc95d7c303c8344a2926d04d498

  • SHA1

    b1bb749b3f56ba22aba58421acc3f30d81eeda14

  • SHA256

    75f422efd262f9ac592bce3923b002004354138d2c5517bcacc87d5c24cbda16

  • SHA512

    9055ee1a2e5508eb6e500773ba037bd82a94a8a39584ea865bd1b87f55e7b9ab90626245a1ecd44cdfc5ad974fd618e55f35f0d4433b5359b8aa6326472ed90d

  • SSDEEP

    6144:c34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTL:cIKp/UWCZdCDh2IZDwAFRpR6Aub

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 12 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\75f422efd262f9ac592bce3923b002004354138d2c5517bcacc87d5c24cbda16.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1840
  • C:\Windows\system32\wusa.exe
    C:\Windows\system32\wusa.exe
    1⤵
      PID:552
    • C:\Users\Admin\AppData\Local\pZf6UKg\wusa.exe
      C:\Users\Admin\AppData\Local\pZf6UKg\wusa.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      PID:1444
    • C:\Windows\system32\calc.exe
      C:\Windows\system32\calc.exe
      1⤵
        PID:2224
      • C:\Users\Admin\AppData\Local\FHxNPIx\calc.exe
        C:\Users\Admin\AppData\Local\FHxNPIx\calc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2104
      • C:\Windows\system32\cttune.exe
        C:\Windows\system32\cttune.exe
        1⤵
          PID:1728
        • C:\Users\Admin\AppData\Local\v0doO\cttune.exe
          C:\Users\Admin\AppData\Local\v0doO\cttune.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2644

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\FHxNPIx\calc.exe
          Filesize

          897KB

          MD5

          10e4a1d2132ccb5c6759f038cdb6f3c9

          SHA1

          42d36eeb2140441b48287b7cd30b38105986d68f

          SHA256

          c6a91cba00bf87cdb064c49adaac82255cbec6fdd48fd21f9b3b96abf019916b

          SHA512

          9bd44afb164ab3e09a784c765cd03838d2e5f696c549fc233eb5a69cada47a8e1fb62095568cb272a80da579d9d0e124b1c27cf61bb2ac8cf6e584a722d8864d

          Download Submit

        • C:\Users\Admin\AppData\Local\pZf6UKg\WTSAPI32.dll
          Filesize

          704KB

          MD5

          99e51836b23a98e2b7971b664c1515b3

          SHA1

          903ffacf74b81f7a6c62d837fe7008c18dec3698

          SHA256

          18480d12a7819b7af42857af45a565aecdd063d7edbb4b8ef8a19068a29f0cf3

          SHA512

          db4606d93440567d8b7d5b0dda48e24c693d5c1041fa20f52104b6ddbcdfe689ee9a276091e68ac76b1c49f9529a646bda1d430856a630051cb95f07b5e75966

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Wbvsyha.lnk
          Filesize

          1KB

          MD5

          84a9f2ffb4f4729113ef9cd5dfebc980

          SHA1

          e62b8e29c3fc80aa3675995ec89dc33ceef9615e

          SHA256

          c2d143194c7508fe8ddf55a3386185627281ec060d2939ee8e817c83f55d63b5

          SHA512

          ab06d9d2232ca8760e87e94ba4f22c41893920c04c2c2be313b34429dc4b5769943f2d8f9e34b5089bdfacda8f6cbb54159c0633d490608240e13841657a7a7b

          Download Submit

        • \Users\Admin\AppData\Local\FHxNPIx\WINMM.dll
          Filesize

          708KB

          MD5

          01f65b4ddd5000135f97fc422a946b47

          SHA1

          3265e19010f71bf9f734abc5f41a0da7f2f11b51

          SHA256

          4ec388fd7dffa67fadcfba8ed0c39126a39dbecf1bc1b80d24c3fa354d602fad

          SHA512

          f79e0f8bf9a94f9ab3db083f634ba66d823f4b866273d686ba105243f8b9b1d320955eb7b2ed0f4d43f5a0d10491a2283b2ce1935c81688ae28e7515f4eda8a3

          Download Submit

        • \Users\Admin\AppData\Local\pZf6UKg\wusa.exe
          Filesize

          300KB

          MD5

          c15b3d813f4382ade98f1892350f21c7

          SHA1

          a45c5abc6751bc8b9041e5e07923fa4fc1b4542b

          SHA256

          8f067da98eb3ea9f1db2f0063ff54e07d992fbf051779b467e222639be4127e3

          SHA512

          6d028fe81fe45d0ef291741513ecf939e412912647347d4d5bad89571f33e1084dc0fd26eb7313c7191f938c3f50243f453e2690e2475fc3f5539a20c2ff2f3c

          Download Submit

        • \Users\Admin\AppData\Local\v0doO\UxTheme.dll
          Filesize

          704KB

          MD5

          07e1860563d6d50b993ded6cfc850e49

          SHA1

          55f3736047fde0895db613436c633c75f53fae8a

          SHA256

          1b4153780d2b4f4824f2e4846196779fd212e195e28439792e1198aba5b9033e

          SHA512

          5cd49f3cec1b6fd4a277427451f0931247224d465cb708012744c4f56ed81276de8a802beab959b4ffb5b206e1a5b4bf55ac425149fbd86d959d5c97e0dd626e

          Download Submit

        • \Users\Admin\AppData\Local\v0doO\cttune.exe
          Filesize

          314KB

          MD5

          7116848fd23e6195fcbbccdf83ce9af4

          SHA1

          35fb16a0b68f8a84d5dfac8c110ef5972f1bee93

          SHA256

          39937665f72725bdb3b82389a5dbd906c63f4c14208312d7f7a59d6067e1cfa6

          SHA512

          e38bf57eee5836b8598dd88dc3d266f497d911419a8426f73df6dcaa503611a965aabbd746181cb19bc38eebdb48db778a17f781a8f9e706cbd7a6ebec38f894

          Download Submit

        • memory/1124-13-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-47-0x00000000771E6000-0x00000000771E7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1124-15-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-3-0x00000000771E6000-0x00000000771E7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1124-12-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-11-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-10-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-9-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-8-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-7-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-6-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-26-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-28-0x0000000077580000-0x0000000077582000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1124-27-0x0000000077550000-0x0000000077552000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1124-38-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-37-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-4-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1124-16-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-17-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-25-0x0000000002630000-0x0000000002637000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1124-14-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1124-18-0x0000000140000000-0x00000001400AF000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1444-60-0x000007FEF7FB0000-0x000007FEF8060000-memory.dmp

          Filesize

          704KB

          Download

        • memory/1444-57-0x0000000000180000-0x0000000000187000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1444-55-0x000007FEF7FB0000-0x000007FEF8060000-memory.dmp

          Filesize

          704KB

          Download

        • memory/1840-46-0x000007FEF7FC0000-0x000007FEF806F000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1840-0-0x000007FEF7FC0000-0x000007FEF806F000-memory.dmp

          Filesize

          700KB

          Download

        • memory/1840-2-0x00000000003A0000-0x00000000003A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2104-74-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2104-72-0x000007FEF7EE0000-0x000007FEF7F91000-memory.dmp

          Filesize

          708KB

          Download

        • memory/2104-77-0x000007FEF7EE0000-0x000007FEF7F91000-memory.dmp

          Filesize

          708KB

          Download

        • memory/2644-89-0x000007FEF7EF0000-0x000007FEF7FA0000-memory.dmp

          Filesize

          704KB

          Download

        • memory/2644-93-0x000007FEF7EF0000-0x000007FEF7FA0000-memory.dmp

          Filesize

          704KB

          Download