Overview

overview

10

Static

static

3

53fb034c28...59.dll

windows7-x64

10

53fb034c28...59.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-11-2024 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53fb034c28cb389cc821736d248159eabf75b962d67c0a04fb05925cfeceac59.dll

  • Size

    676KB

  • MD5

    f598e27e26544b77e5fed315786c5ee6

  • SHA1

    f501b7faadb0716c1c28206d5c1f285a0d22b2bf

  • SHA256

    53fb034c28cb389cc821736d248159eabf75b962d67c0a04fb05925cfeceac59

  • SHA512

    81d118bde5aede49c71e8e55945e62794d7387b987633ce556129316c2df0feada5101b8611326e1f6827637eafb57d1a324a623c61a13a9ac53077f57687492

  • SSDEEP

    6144:W34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:WIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\53fb034c28cb389cc821736d248159eabf75b962d67c0a04fb05925cfeceac59.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3504
  • C:\Windows\system32\dccw.exe
    C:\Windows\system32\dccw.exe
    1⤵
      PID:3460
    • C:\Users\Admin\AppData\Local\gIVjT\dccw.exe
      C:\Users\Admin\AppData\Local\gIVjT\dccw.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2532
    • C:\Windows\system32\AtBroker.exe
      C:\Windows\system32\AtBroker.exe
      1⤵
        PID:648
      • C:\Users\Admin\AppData\Local\tAbyt\AtBroker.exe
        C:\Users\Admin\AppData\Local\tAbyt\AtBroker.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4088
      • C:\Windows\system32\Utilman.exe
        C:\Windows\system32\Utilman.exe
        1⤵
          PID:868
        • C:\Users\Admin\AppData\Local\jKe\Utilman.exe
          C:\Users\Admin\AppData\Local\jKe\Utilman.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3632

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\gIVjT\dccw.exe
          Filesize

          101KB

          MD5

          cb9374911bf5237179785c739a322c0f

          SHA1

          3f4d3dd3d58c9f19dfbb414ded16969ebd9f74b9

          SHA256

          f7f3300b78148a34f6a35796c777a832b638b6d3193e11f4a37f45d4c6dfa845

          SHA512

          9d47521538148b1823c0a17baa86ddf932f06f46d5d8b63fa87b2cc220fb98ce3f933e32d771222937bb8e41c88030839d489d1cd78b062bffeb2980dc6864be

          Download Submit

        • C:\Users\Admin\AppData\Local\gIVjT\dxva2.dll
          Filesize

          680KB

          MD5

          60e526249b5341cad0820c20877d5eda

          SHA1

          8ea766e1dd11b0e1e9e5384ba47f73bd8fd09971

          SHA256

          cd94b9d5d37e405ed1a75fdf82580efcd736ed36c804d3bedfdbb68fca3970ea

          SHA512

          762b3087c019dd708622e40ffc11c32c3d76a62290369850e1d14b15629cd6b680fcc9db4b08be30d78fb16718157d6aa7367aee00c60e64460c087d32f89ea0

          Download Submit

        • C:\Users\Admin\AppData\Local\jKe\DUI70.dll
          Filesize

          956KB

          MD5

          8e33a5c6df2c0a02dc95256b12d7b1d2

          SHA1

          e5e5a32e15402060b2e12b1633736a3809faf16e

          SHA256

          21d47f7fe042d20448f2d72e7c60fc3a0bc9731a81e2c3a885294824fd45d06e

          SHA512

          0aac9649e620b11297b4080eefe46c9a87ae2f24704467d21b275ad1a34b877e817392cc884f265ef66c9ebe6f7922b3b3fda0830aa9641d780656235a533bb0

          Download Submit

        • C:\Users\Admin\AppData\Local\jKe\Utilman.exe
          Filesize

          123KB

          MD5

          a117edc0e74ab4770acf7f7e86e573f7

          SHA1

          5ceffb1a5e05e52aafcbc2d44e1e8445440706f3

          SHA256

          b5bc4fce58403ea554691db678e6c8c448310fe59990990f0e37cd4357567d37

          SHA512

          72883f794ff585fe7e86e818d4d8c54fa9781cab6c3fac6f6956f58a016a91f676e70d14691cbe054ae7b7469c6b4783152fbb694e92b940d9e3595fe3f41d97

          Download Submit

        • C:\Users\Admin\AppData\Local\tAbyt\AtBroker.exe
          Filesize

          90KB

          MD5

          30076e434a015bdf4c136e09351882cc

          SHA1

          584c958a35e23083a0861421357405afd26d9a0c

          SHA256

          ae7b1e298a6e38f0a3428151bfc5565ede50a8d98dafaa147b13cf89c61f2ddd

          SHA512

          675e310c2455acf9220735f34fa527afe87dac691e89cc0edc3c4659147e9fd223f96b7a3beea532047aa0ebc58880a7010343019a50aa73ce69a038e3592024

          Download Submit

        • C:\Users\Admin\AppData\Local\tAbyt\UxTheme.dll
          Filesize

          680KB

          MD5

          79f5fa00bbaac7824dbb5156637a01b8

          SHA1

          94fd4a60ee6bf11ded59595d4d6da534edae1a37

          SHA256

          e6432b489d73dd1f162971328c331daeb75562368cc6d3d1d132b89af8084d82

          SHA512

          3182e2ee1e54f5d0b34e231233139c7a8c638dc7b4b08915a5f1fc1fe89eba3f1335c890795ef87df3b9381e89e5284c5821af8845adb8fc6678c297687cd088

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ybgihhkn.lnk
          Filesize

          1KB

          MD5

          545cf6aa19fafb2d6e549177787a1dae

          SHA1

          4e1dec65660f222f30f109225777fcd6c58cc300

          SHA256

          d3e254a831f8f22bca8773bbe0a4c0e9dbee864081d32d095a0977bbea699a3a

          SHA512

          a81f3eed28d86a771ac34d6a5aa9398b889bcc2040a2f0de9ccae1d7b99781a63031569139d2bd02ec64ff69f0846e6bfd78ab77907d17bdde42ff2a68296db9

          Download Submit

        • memory/2532-52-0x00007FF858030000-0x00007FF8580DA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/2532-48-0x00007FF858030000-0x00007FF8580DA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/2532-47-0x000001FCB0C50000-0x000001FCB0C57000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3412-27-0x00007FF876C20000-0x00007FF876C30000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3412-37-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-15-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-14-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-13-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-12-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-11-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-6-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-10-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-9-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-8-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-7-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-5-0x00007FF8759CA000-0x00007FF8759CB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3412-26-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-3-0x00000000013D0000-0x00000000013D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3412-28-0x00007FF876C10000-0x00007FF876C20000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3412-17-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-25-0x00000000010E0000-0x00000000010E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3412-18-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3412-16-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3504-0-0x00007FF868510000-0x00007FF8685B9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3504-40-0x00007FF868510000-0x00007FF8685B9000-memory.dmp

          Filesize

          676KB

          Download

        • memory/3504-2-0x000001AAD3070000-0x000001AAD3077000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3632-79-0x00007FF857F50000-0x00007FF85803F000-memory.dmp

          Filesize

          956KB

          Download

        • memory/3632-83-0x00007FF857F50000-0x00007FF85803F000-memory.dmp

          Filesize

          956KB

          Download

        • memory/4088-65-0x0000028B5FD90000-0x0000028B5FD97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4088-68-0x00007FF858030000-0x00007FF8580DA000-memory.dmp

          Filesize

          680KB

          Download