Overview

overview

10

Static

static

3

055334a15a...ed.dll

windows7-x64

10

055334a15a...ed.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2024 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    055334a15a5473829f0ee5d7e2695ddd6be6e87e1eaeab9b2bbdc2571dec8ded.dll

  • Size

    776KB

  • MD5

    5275646a6840ccb66702495f74f2bcb1

  • SHA1

    7914b808819e702bc2d457de368310d19496e7dc

  • SHA256

    055334a15a5473829f0ee5d7e2695ddd6be6e87e1eaeab9b2bbdc2571dec8ded

  • SHA512

    2ac366a058c1800216e623cce710cc1c42fb942e304365ba9a7eb6b8e6000c7ba2d639210e1f5bf4927243105edf105ee5d3913fe936df68ee0a9270f670c31f

  • SSDEEP

    24576:pWyonFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij:EHuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\055334a15a5473829f0ee5d7e2695ddd6be6e87e1eaeab9b2bbdc2571dec8ded.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2688
  • C:\Windows\system32\wisptis.exe
    C:\Windows\system32\wisptis.exe
    1⤵
      PID:2580
    • C:\Users\Admin\AppData\Local\JysA8IqAh\wisptis.exe
      C:\Users\Admin\AppData\Local\JysA8IqAh\wisptis.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2632
    • C:\Windows\system32\dvdupgrd.exe
      C:\Windows\system32\dvdupgrd.exe
      1⤵
        PID:3040
      • C:\Users\Admin\AppData\Local\iI0jIBwK\dvdupgrd.exe
        C:\Users\Admin\AppData\Local\iI0jIBwK\dvdupgrd.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3064
      • C:\Windows\system32\xpsrchvw.exe
        C:\Windows\system32\xpsrchvw.exe
        1⤵
          PID:1156
        • C:\Users\Admin\AppData\Local\Iza7Usz\xpsrchvw.exe
          C:\Users\Admin\AppData\Local\Iza7Usz\xpsrchvw.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:908

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\JysA8IqAh\wisptis.exe
          Filesize

          396KB

          MD5

          02e20372d9d6d28e37ba9704edc90b67

          SHA1

          d7d18ba0df95c3507bf20be8d72e25c5d11ab40c

          SHA256

          3338129ddf6fb53d6e743c10bc39ec372d9b2c39c607cbe8a71cff929f854144

          SHA512

          bcad8894614dcfc1429be04829c217e7c8ac3c40ea3927073de3421d96d9815739ee1b84f0200eb18b3b8406b972bd934204b7b31638c9fe7c297fb201ed4200

          Download Submit

        • C:\Users\Admin\AppData\Local\iI0jIBwK\VERSION.dll
          Filesize

          776KB

          MD5

          727206f2b75ae57f209fef9bce568766

          SHA1

          22fd901438a3860bb4f0978ec51e1a75dea3201a

          SHA256

          3fa37cedae09bd27c0a0616e69cf4263b19f6f637472a2490a53394967f40841

          SHA512

          da964261703ef50002c87e8f55f72880004dfae5067b2f671c0ab53f7560841949602fbd314eb84e4df063a0168f2233fa27d539663049cb5a15b4cef91b69e1

          Download Submit

        • C:\Users\Admin\AppData\Local\iI0jIBwK\dvdupgrd.exe
          Filesize

          25KB

          MD5

          75a9b4172eac01d9648c6d2133af952f

          SHA1

          63c7e1af762d2b584e9cc841e8b0100f2a482b81

          SHA256

          18f9f520c7157023b0e7dfe7433a63c4dedd47b04d24aac4038b795893050736

          SHA512

          5a7a2c7f184efd9c84256a1a0a5e7aeb95432d63a567196be54e7a9437a5ada9b922983c5fc0cafb16eab4493665d8e56e2f646f9f6a2d6179986925ffcdf769

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ukatmrkmywz.lnk
          Filesize

          995B

          MD5

          92c319f4bb83eaf67387fc9a36e90140

          SHA1

          2875c15f771545659cbd988b45afdf6c1859e4b2

          SHA256

          4c6caaebf97285fd3cb435d1fcd66257f444500cf470329e7b3fda9cd576c659

          SHA512

          bc0bfeb640d327485febd492860184efd43acc88898f495bde22347878fc6593dc8a0ad768b43a3fd22ae380ba6f1366462c58e425dd013d8bf043e277c26273

          Download Submit

        • \Users\Admin\AppData\Local\Iza7Usz\WINMM.dll
          Filesize

          784KB

          MD5

          e1facf9e590da6bfa91b99824344aba4

          SHA1

          a21bd8167b9b47defbadf8887479a33192e6d047

          SHA256

          c6e0856dad386c4451fc19ae1f8a0777b72a8b55f9068958aeffda2f7ccc252a

          SHA512

          ecbc38f848905912a7ce6c5797279971d4ad93d833a642babeefed81794f2cae9e1742dd0635ced149ebf00ee262c477bb420ce8eb7a7578750e39b4161d231b

          Download Submit

        • \Users\Admin\AppData\Local\Iza7Usz\xpsrchvw.exe
          Filesize

          4.6MB

          MD5

          492cb6a624d5dad73ee0294b5db37dd6

          SHA1

          e74806af04a5147ccabfb5b167eb95a0177c43b3

          SHA256

          ccb4ecd48561ce024ea176b7036f0f2713b98bc82aa37347a30d8187762a8784

          SHA512

          63bf2931764efe767fb42f9576702dd585a032f74ad2be2481eaf309f34950f05974d77b5cb220a3ff89c92af0c7693dc558f8e3a3ee2a0be6c5c07171d03835

          Download Submit

        • \Users\Admin\AppData\Local\JysA8IqAh\MAGNIFICATION.dll
          Filesize

          776KB

          MD5

          962ed42b17658687347af00d7e076ad1

          SHA1

          35b3b7f3be9d2ec49f1a43df7e9b234900c102f0

          SHA256

          bf9faecd53b86c0e1f52d1abfaab635445f32a89f48ff3cfc39f983d5832a0d4

          SHA512

          1980f6bdb2664fc128fbfb49714ed6540b41d23300d90c8c1918567970777dc08b81744ff386610261184f9678104bf86fe6e349a420829e996d649866df4c8d

          Download Submit

        • memory/908-86-0x000007FEF6940000-0x000007FEF6A04000-memory.dmp

          Filesize

          784KB

          Download

        • memory/908-90-0x000007FEF6940000-0x000007FEF6A04000-memory.dmp

          Filesize

          784KB

          Download

        • memory/1212-9-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1212-39-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1212-6-0x0000000002610000-0x0000000002611000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-24-0x0000000077300000-0x0000000077302000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1212-23-0x00000000771A1000-0x00000000771A2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-22-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1212-16-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1212-15-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1212-34-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1212-14-0x00000000025F0000-0x00000000025F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1212-8-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1212-111-0x0000000077096000-0x0000000077097000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-4-0x0000000077096000-0x0000000077097000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1212-7-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1212-13-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1212-10-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1212-12-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2632-51-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2632-52-0x000007FEF75F0000-0x000007FEF76B2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2632-56-0x000007FEF75F0000-0x000007FEF76B2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2688-11-0x000007FEF7520000-0x000007FEF75E2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2688-0-0x000007FEF7520000-0x000007FEF75E2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2688-3-0x0000000001D90000-0x0000000001D97000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3064-68-0x0000000000200000-0x0000000000207000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3064-69-0x000007FEF74C0000-0x000007FEF7582000-memory.dmp

          Filesize

          776KB

          Download

        • memory/3064-74-0x000007FEF74C0000-0x000007FEF7582000-memory.dmp

          Filesize

          776KB

          Download