Overview

overview

10

Static

static

3

8025132bca...9N.dll

windows7-x64

10

8025132bca...9N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2024 04:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8025132bcaf7924552395dabb6c102b0d64e94465f457199304512134f69baf9N.dll

  • Size

    668KB

  • MD5

    cb9ab1885f0cd6d07f21394cfc141ea0

  • SHA1

    03e106e193e40c8de8965a6a34330bd202016dd2

  • SHA256

    8025132bcaf7924552395dabb6c102b0d64e94465f457199304512134f69baf9

  • SHA512

    dd5c17633f836f956bc1fc7d7076a833177e1ec9e3f609aea25ab6659b88844ae755360cf1e15c193097cbb95ee1443e32391fbe7ee471817177c7228451bfa5

  • SSDEEP

    6144:F34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:FIKp/UWCZdCDh2IZDwAFRpR6Au

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 12 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8025132bcaf7924552395dabb6c102b0d64e94465f457199304512134f69baf9N.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2064
  • C:\Windows\system32\tcmsetup.exe
    C:\Windows\system32\tcmsetup.exe
    1⤵
      PID:2500
    • C:\Users\Admin\AppData\Local\37qntx\tcmsetup.exe
      C:\Users\Admin\AppData\Local\37qntx\tcmsetup.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2732
    • C:\Windows\system32\iexpress.exe
      C:\Windows\system32\iexpress.exe
      1⤵
        PID:2656
      • C:\Users\Admin\AppData\Local\yFwOhAZ\iexpress.exe
        C:\Users\Admin\AppData\Local\yFwOhAZ\iexpress.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2688
      • C:\Windows\system32\wermgr.exe
        C:\Windows\system32\wermgr.exe
        1⤵
          PID:1828
        • C:\Users\Admin\AppData\Local\UtmWCW\wermgr.exe
          C:\Users\Admin\AppData\Local\UtmWCW\wermgr.exe
          1⤵
          • Executes dropped EXE
          PID:1656
        • C:\Windows\system32\dvdupgrd.exe
          C:\Windows\system32\dvdupgrd.exe
          1⤵
            PID:1968
          • C:\Users\Admin\AppData\Local\VpyWqIvW\dvdupgrd.exe
            C:\Users\Admin\AppData\Local\VpyWqIvW\dvdupgrd.exe
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            PID:1924

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\37qntx\TAPI32.dll
            Filesize

            676KB

            MD5

            73688a2eaab624a123b283717b22d7e7

            SHA1

            42f5daec578a3061fc645d519954ac038879d6f6

            SHA256

            7a40c579428574839e1eff2a09a6dbd233836233d46baf907544bf1b307c21f6

            SHA512

            347add6c7713298fd2e57e15e661d8d4def3c522e2e820ad40fbec7da1065414b48bcfefeb6088b0d7db94206d3f11c643d342177b04db941db9ef9f50d003b7

            Download Submit

          • C:\Users\Admin\AppData\Local\VpyWqIvW\VERSION.dll
            Filesize

            672KB

            MD5

            8a996e1c5934bd1a5de7650aac4e0a14

            SHA1

            5e6a63f6967287b1b641bf17a3bf800fcb97ea28

            SHA256

            36bbb7944391edff9d488d764d69de015cd3081ac997e0c38bbe730f2ee84428

            SHA512

            5c675a3724e3871f50e8109f65fb7ac2639407c7fbb287c0e8778466b346255aec78982172d0330a2cb9a5130a46b26702e5b6057904fde69cca6f6287350e43

            Download Submit

          • C:\Users\Admin\AppData\Local\yFwOhAZ\VERSION.dll
            Filesize

            672KB

            MD5

            96777572780b8b7505c0a7f26beedb34

            SHA1

            b310495e30115c18e2cfe8052797b3af714b3f81

            SHA256

            88fe46135bde4def98e3df2fd5343ca8c9f7ed1971cd95419507d9b58d21cfef

            SHA512

            a569b299ada889c8271038f81c18e93a97f12f4706d98e7dfcbfdacc2171c3ec2f301e334bb2001b5b0a1b332191b740e7132c3d6bce24a605a6efde6d23d594

            Download Submit

          • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ygxjfqh.lnk
            Filesize

            1KB

            MD5

            8e7778da7c85a6c6d64c0e6df2e04bd1

            SHA1

            6fffbd4f0d03e79de57a76314465e6f4752fd4c0

            SHA256

            398e116725c9a1c22c420a184f6789bcfcd9fe3eb069b90859bb521f7c81930e

            SHA512

            c52f8da8738b70ff8dcca1602de3c92e97ddb305e00d99f10ffe8377843c45bb320a338a7f00ea0ffeb7f8ba5f3a9776bf190965f5cf80fd861784b3920a8cee

            Download Submit

          • \Users\Admin\AppData\Local\37qntx\tcmsetup.exe
            Filesize

            15KB

            MD5

            0b08315da0da7f9f472fbab510bfe7b8

            SHA1

            33ba48fd980216becc532466a5ff8476bec0b31c

            SHA256

            e19556bb7aa39bbd5f0d568a95aec0b3af18dda438cc5737f945243b24d106e7

            SHA512

            c30501546efe2b0c003ef87ac381e901c69ddfc6791c6a5102cff3a07f56555d94995a4413b93036821aa214fc31501fa87eb519e1890ef75b2ec497983ffd58

            Download Submit

          • \Users\Admin\AppData\Local\UtmWCW\wermgr.exe
            Filesize

            49KB

            MD5

            41df7355a5a907e2c1d7804ec028965d

            SHA1

            453263d230c6317eb4a2eb3aceeec1bbcf5e153d

            SHA256

            207bfec939e7c017c4704ba76172ee2c954f485ba593bc1bc8c7666e78251861

            SHA512

            59c9d69d3942543af4f387137226516adec1a4304bd5696c6c1d338f9e5f40d136450907351cce018563df1358e06a792005167f5c08c689df32d809c4cebdcf

            Download Submit

          • \Users\Admin\AppData\Local\VpyWqIvW\dvdupgrd.exe
            Filesize

            25KB

            MD5

            75a9b4172eac01d9648c6d2133af952f

            SHA1

            63c7e1af762d2b584e9cc841e8b0100f2a482b81

            SHA256

            18f9f520c7157023b0e7dfe7433a63c4dedd47b04d24aac4038b795893050736

            SHA512

            5a7a2c7f184efd9c84256a1a0a5e7aeb95432d63a567196be54e7a9437a5ada9b922983c5fc0cafb16eab4493665d8e56e2f646f9f6a2d6179986925ffcdf769

            Download Submit

          • \Users\Admin\AppData\Local\yFwOhAZ\iexpress.exe
            Filesize

            163KB

            MD5

            46fd16f9b1924a2ea8cd5c6716cc654f

            SHA1

            99284bc91cf829e9602b4b95811c1d72977700b6

            SHA256

            9f993a1f6a133fa8375eab99bf1710471dd13ef177ef713acf8921fb4ff565a3

            SHA512

            52c91043f514f3f8ce07f8e60357786eb7236fcf6cdcccca0dd76000b9a23d6b138cebcdec53b01823cb2313ec850fc7bece326ec01d44ed33f4052b789b7629

            Download Submit

          • memory/1188-24-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-14-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-12-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-11-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-10-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-9-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-8-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-7-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-26-0x0000000076F80000-0x0000000076F82000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1188-25-0x0000000076F50000-0x0000000076F52000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1188-3-0x0000000076BE6000-0x0000000076BE7000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-35-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-36-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-6-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-45-0x0000000076BE6000-0x0000000076BE7000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-13-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-15-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-4-0x0000000002530000-0x0000000002531000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-16-0x0000000140000000-0x00000001400A7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/1188-23-0x0000000002510000-0x0000000002517000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1924-96-0x000007FEF5F00000-0x000007FEF5FA8000-memory.dmp

            Filesize

            672KB

            Download

          • memory/1924-100-0x000007FEF5F00000-0x000007FEF5FA8000-memory.dmp

            Filesize

            672KB

            Download

          • memory/2064-44-0x000007FEF6430000-0x000007FEF64D7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/2064-2-0x0000000000190000-0x0000000000197000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2064-0-0x000007FEF6430000-0x000007FEF64D7000-memory.dmp

            Filesize

            668KB

            Download

          • memory/2688-70-0x000007FEF5E60000-0x000007FEF5F08000-memory.dmp

            Filesize

            672KB

            Download

          • memory/2688-72-0x0000000000090000-0x0000000000097000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2688-75-0x000007FEF5E60000-0x000007FEF5F08000-memory.dmp

            Filesize

            672KB

            Download

          • memory/2732-58-0x000007FEF64E0000-0x000007FEF6589000-memory.dmp

            Filesize

            676KB

            Download

          • memory/2732-53-0x0000000000200000-0x0000000000207000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2732-54-0x000007FEF64E0000-0x000007FEF6589000-memory.dmp

            Filesize

            676KB

            Download