Overview

overview

10

Static

static

3

af26296c75...6d.dll

windows7-x64

10

af26296c75...6d.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af26296c75ff26f7ee865df424522d75366ae3e2e80d7d9e89ef8c9398b0836d.dll

  • Size

    1.2MB

  • MD5

    304109f9a5c3726818b4c3668fdb71fd

  • SHA1

    2eb804e205d15d314e7f67d503940f69f5dc2ef8

  • SHA256

    af26296c75ff26f7ee865df424522d75366ae3e2e80d7d9e89ef8c9398b0836d

  • SHA512

    cf01fca33392dc40495f4c39eb1fd240b425018c7088ca9782d883bb135b5dd469a11941d0d680a69e881fa95c4147d70fe567aeba7e98ff6adfd5c0ca1a0e01

  • SSDEEP

    24576:ZVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:ZV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\af26296c75ff26f7ee865df424522d75366ae3e2e80d7d9e89ef8c9398b0836d.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2092
  • C:\Windows\system32\msinfo32.exe
    C:\Windows\system32\msinfo32.exe
    1⤵
      PID:2628
    • C:\Users\Admin\AppData\Local\Z9eTuJ\msinfo32.exe
      C:\Users\Admin\AppData\Local\Z9eTuJ\msinfo32.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2316
    • C:\Windows\system32\p2phost.exe
      C:\Windows\system32\p2phost.exe
      1⤵
        PID:3064
      • C:\Users\Admin\AppData\Local\Ft260\p2phost.exe
        C:\Users\Admin\AppData\Local\Ft260\p2phost.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2124
      • C:\Windows\system32\p2phost.exe
        C:\Windows\system32\p2phost.exe
        1⤵
          PID:2860
        • C:\Users\Admin\AppData\Local\Einf\p2phost.exe
          C:\Users\Admin\AppData\Local\Einf\p2phost.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2848

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Einf\P2PCOLLAB.dll
          Filesize

          1.2MB

          MD5

          25c1a66ee70f968bf0377020a56966ae

          SHA1

          4c4c4de73e8a1951f8f57e4d28889fcfa98a1128

          SHA256

          6df431baa5d6b673e6a060e68cb9f9dfbe9ad79cd1798895c98c346c0e61d370

          SHA512

          74852eec1e9649ed6b161512f8a74eb757bddb560981727d8cf880235cfd4cc077ecb509463c00affd8bd870603db977087bac05caa6a2931c14e6ac05bd8a30

          Download Submit

        • C:\Users\Admin\AppData\Local\Ft260\P2PCOLLAB.dll
          Filesize

          1.2MB

          MD5

          1c4d4c6e7467fcd2e052e22709a70185

          SHA1

          6e512323231d2948f4023f5c46b3b2354c6fdfa2

          SHA256

          9c495c8315f332c89879ceead285c93886d72c4c06ea7caaaf35023bb5be4bcb

          SHA512

          d7396e14840e3e58f8b1b3709542ebeeb8183ee054d3711df642a6b79fa6839549799dd0801adb3f610bb021eb513e4fc3fad32ab960fac8c7dfa035c51500e4

          Download Submit

        • C:\Users\Admin\AppData\Local\Z9eTuJ\MFC42u.dll
          Filesize

          1.3MB

          MD5

          0bdb32eb2b17a4b1b9fe3df1753dcdec

          SHA1

          81e86b2a51edf626cc3ba1044f9fcc55f87fb0ae

          SHA256

          1ceaf5b35975773e20632b894143178f3ecdcfc7f57072c334dfaa4246f98ff9

          SHA512

          db1c78f293d3e4a388c54a13e345a83fd544beef0d12a4d7629c09e5da7c2f965583c1967208e3caf362f56b98a5dfec5863f4f1f5c81cf6d359950cbe3322a2

          Download Submit

        • C:\Users\Admin\AppData\Local\Z9eTuJ\msinfo32.exe
          Filesize

          370KB

          MD5

          d291620d4c51c5f5ffa62ccdc52c5c13

          SHA1

          2081c97f15b1c2a2eadce366baf3c510da553cc7

          SHA256

          76e959dd7db31726c040d46cfa86b681479967aea36db5f625e80bd36422e8ae

          SHA512

          75f9bcce4c596dae1f4d78e13d9d53b0c31988d2170c3d9f5db352b8c8a1c8ca58f4a002b30a4b328b8f4769008b750b8a1c9fda44a582e11c3adc38345c334b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Gwifj.lnk
          Filesize

          735B

          MD5

          c3218dfd6b5bf5bf3e6b78b51234d9fb

          SHA1

          ebfd81271b728f23ab3d621e610bd902ab1295dc

          SHA256

          f933c88719ea67be9b03f064a1699277147a939993d3de0dd53ce31befe35216

          SHA512

          8acf01ca47e8c1a91239d2d41e4d624b53c42a2ae607e9766d8dea0ab63e8dee29871ba03bf0f33c82b2e2ba53e9ae786810d97ef519179f507c7b6b9067ff55

          Download Submit

        • \Users\Admin\AppData\Local\Ft260\p2phost.exe
          Filesize

          172KB

          MD5

          0dbd420477352b278dfdc24f4672b79c

          SHA1

          df446f25be33ac60371557717073249a64e04bb2

          SHA256

          1baba169de6c8f3b3c33cea96314c67b709a171bdc8ea9c250a0d016db767345

          SHA512

          84014b2dcc00f9fa1a337089ad4d4abcaa9e3155171978ec07bc155ddaebebfabb529d8de3578e564b3aae59545f52d71af173ebb50d2af252f219ac60b453d1

          Download Submit

        • memory/1148-28-0x0000000077180000-0x0000000077182000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1148-38-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-11-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-12-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-26-0x00000000029B0000-0x00000000029B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1148-25-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-16-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-15-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-14-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-13-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-4-0x0000000076DE6000-0x0000000076DE7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1148-27-0x0000000076FF1000-0x0000000076FF2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1148-37-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-10-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-5-0x0000000002D20000-0x0000000002D21000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1148-47-0x0000000076DE6000-0x0000000076DE7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1148-8-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-9-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1148-7-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2092-46-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2092-0-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2092-1-0x0000000140000000-0x0000000140143000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2124-73-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2124-78-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2316-56-0x0000000140000000-0x000000014014A000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2316-61-0x0000000140000000-0x000000014014A000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2316-55-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2848-95-0x0000000140000000-0x0000000140144000-memory.dmp

          Filesize

          1.3MB

          Download