Overview

overview

10

Static

static

3

0b0ec7eecb...6c.dll

windows7-x64

10

0b0ec7eecb...6c.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2025 19:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b0ec7eecb4b63062e0d4735a65313574f5c783b0c214d0a260b0112dedb216c.dll

  • Size

    780KB

  • MD5

    a7403fbba743c09ca421f165debe67db

  • SHA1

    5adc0273eb1887ce490df360724ccc6e25abf0ce

  • SHA256

    0b0ec7eecb4b63062e0d4735a65313574f5c783b0c214d0a260b0112dedb216c

  • SHA512

    2c05321dcd4b74e20352ddafd9b2598eaf3beae29215af310c07dad8a6064d8535ac81b4c0c70e01e0d29ef0faac8836f12bfba69da5100e952f34da9cda5c2d

  • SSDEEP

    24576:4WyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij:PnuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b0ec7eecb4b63062e0d4735a65313574f5c783b0c214d0a260b0112dedb216c.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1704
  • C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
    C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
    1⤵
      PID:2736
    • C:\Users\Admin\AppData\Local\kMXPSdHL\WindowsAnytimeUpgradeResults.exe
      C:\Users\Admin\AppData\Local\kMXPSdHL\WindowsAnytimeUpgradeResults.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2868
    • C:\Windows\system32\cttune.exe
      C:\Windows\system32\cttune.exe
      1⤵
        PID:316
      • C:\Users\Admin\AppData\Local\v36VJZmZ\cttune.exe
        C:\Users\Admin\AppData\Local\v36VJZmZ\cttune.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1424
      • C:\Windows\system32\consent.exe
        C:\Windows\system32\consent.exe
        1⤵
          PID:840
        • C:\Users\Admin\AppData\Local\0N9iomQ\consent.exe
          C:\Users\Admin\AppData\Local\0N9iomQ\consent.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2200

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\0N9iomQ\WINSTA.dll
          Filesize

          788KB

          MD5

          a2966e0cc173a2ecd91ac32f2dd9ca73

          SHA1

          10ebaafd4348fb9e589eb01fafe4e04dff80c4ab

          SHA256

          19d0fa520c4be5cd6852888500d9e6b14424dfdc3df64baf6d6bb50de41abc44

          SHA512

          336e4e8efe2be3c2c0bbe16d6f102872bec644679fb1777b9e10539e9587e9b29818ee2fb16b461b777c7b80c497459f106c821df81d075e63de2a6f29576837

          Download Submit

        • C:\Users\Admin\AppData\Local\kMXPSdHL\UxTheme.dll
          Filesize

          784KB

          MD5

          ce6bf3097812cdd98dd6819f1143dd11

          SHA1

          80aa645ff375a9f0b660af9205892f677dae8143

          SHA256

          7543b194524b8e33d71a0f2f718e1a969b06dcdb8ea25255acf7e5cfb3c29ee6

          SHA512

          832208f4d3c9921b434a4797ec3dc01a23681fff717648e8750671289ac131f3a544e8614fc9f051525859f9d41e4ad766db4b73be0775ecfebec52c0d17ae72

          Download Submit

        • C:\Users\Admin\AppData\Local\v36VJZmZ\OLEACC.dll
          Filesize

          780KB

          MD5

          78053fa1079a5a2ceb4d1c4f9977dd41

          SHA1

          e3ce0d50530789c30bad7989963c6e2589b9aaf7

          SHA256

          7f51348cccb93743bd774ca5136b478d8541ff28db5d842c7df7bac201a21790

          SHA512

          515c0f01f68b3b38c4b28b86eec365e4b80bca70a7af04b4906a446e051cf1d5f720784ff8f8354f771fef3bb7a47bacce9a728b465921dddfcee3cb9844c3bd

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Lcuygmmobxhxaxh.lnk
          Filesize

          1KB

          MD5

          9c6c8323428cb1232c85e236fc624509

          SHA1

          d022d1f9874efb72da9b82c59499b789eeac84ad

          SHA256

          c450edb642869e016df69bf3bd4a578cda5f585bb8e58fcda9b148523a0ac687

          SHA512

          f858e4498ceec2906fe6422f62d60ac2d1b33d0e449d6c8ac2721bdd175c315147e50ab65aa03d83d2e7d053afef4219e4113e03b31d79712c690d010b461708

          Download Submit

        • \Users\Admin\AppData\Local\0N9iomQ\consent.exe
          Filesize

          109KB

          MD5

          0b5511674394666e9d221f8681b2c2e6

          SHA1

          6e4e720dfc424a12383f0b8194e4477e3bc346dc

          SHA256

          ccad775decb5aec98118b381eeccc6d540928035cfb955abcb4ad3ded390b79b

          SHA512

          00d28a00fd3ceaeae42ba6882ffb42aa4cc8b92b07a10f28df8e1931df4b806aebdcfab1976bf8d5ce0b98c64da19d4ee06a6315734fa5f885ecd1f6e1ff16a7

          Download Submit

        • \Users\Admin\AppData\Local\kMXPSdHL\WindowsAnytimeUpgradeResults.exe
          Filesize

          288KB

          MD5

          6f3f29905f0ec4ce22c1fd8acbf6c6de

          SHA1

          68bdfefe549dfa6262ad659f1578f3e87d862773

          SHA256

          e9c4d718d09a28de8a99386b0dd65429f433837c712314e98ec4f01031af595b

          SHA512

          16a9ad3183d7e11d9f0dd3c79363aa9a7af306f4f35a6f1e0cc1e175ef254e8052ec94dfd600dbe882f9ab41254d482cce9190ab7b0c005a34e46c66e8ff5f9e

          Download Submit

        • \Users\Admin\AppData\Local\v36VJZmZ\cttune.exe
          Filesize

          314KB

          MD5

          7116848fd23e6195fcbbccdf83ce9af4

          SHA1

          35fb16a0b68f8a84d5dfac8c110ef5972f1bee93

          SHA256

          39937665f72725bdb3b82389a5dbd906c63f4c14208312d7f7a59d6067e1cfa6

          SHA512

          e38bf57eee5836b8598dd88dc3d266f497d911419a8426f73df6dcaa503611a965aabbd746181cb19bc38eebdb48db778a17f781a8f9e706cbd7a6ebec38f894

          Download Submit

        • memory/1188-25-0x00000000774D0000-0x00000000774D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1188-10-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-107-0x0000000077166000-0x0000000077167000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-24-0x0000000077371000-0x0000000077372000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-23-0x0000000002E00000-0x0000000002E07000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1188-14-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-13-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-12-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-4-0x0000000077166000-0x0000000077167000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-8-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-9-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-34-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-37-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-43-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-22-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-16-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-5-0x0000000002E20000-0x0000000002E21000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-15-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-7-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1424-71-0x000007FEF64F0000-0x000007FEF65B3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1424-70-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1424-76-0x000007FEF64F0000-0x000007FEF65B3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1704-11-0x000007FEF6A40000-0x000007FEF6B03000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1704-3-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1704-0-0x000007FEF6A40000-0x000007FEF6B03000-memory.dmp

          Filesize

          780KB

          Download

        • memory/2200-88-0x000007FEF64F0000-0x000007FEF65B5000-memory.dmp

          Filesize

          788KB

          Download

        • memory/2200-93-0x000007FEF64F0000-0x000007FEF65B5000-memory.dmp

          Filesize

          788KB

          Download

        • memory/2868-52-0x000007FEF6B10000-0x000007FEF6BD4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/2868-55-0x0000000001AC0000-0x0000000001AC7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2868-58-0x000007FEF6B10000-0x000007FEF6BD4000-memory.dmp

          Filesize

          784KB

          Download