Overview

overview

10

Static

static

3

113fdc288d...aN.dll

windows7-x64

10

113fdc288d...aN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2025, 20:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    113fdc288d8786754c54fa4f379ce7882b08d9c047b64055239aff889360a61aN.dll

  • Size

    716KB

  • MD5

    683224e2ae945630da894687d7bf3070

  • SHA1

    94cd595c69ccccf0ea1c153293de4cf30f6b296d

  • SHA256

    113fdc288d8786754c54fa4f379ce7882b08d9c047b64055239aff889360a61a

  • SHA512

    78e54cb31c1e64346cac76dc4a1bbca0cd73c61339b46411381264dcac29e498789da17eb1cd2018bd1cb336ccaeccae0c1cab46614422f2ab44f072f20e26ab

  • SSDEEP

    12288:ROCRucgLs3bu9FRcOL5yEPAIiCj6ELV32KrXZiQJ8cXFpoT:cCroYbu9FvAEPAIiy6ELV32KlF

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\113fdc288d8786754c54fa4f379ce7882b08d9c047b64055239aff889360a61aN.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2248
  • C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
    C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
    1⤵
      PID:2752
    • C:\Users\Admin\AppData\Local\hvfit\WindowsAnytimeUpgradeResults.exe
      C:\Users\Admin\AppData\Local\hvfit\WindowsAnytimeUpgradeResults.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2768
    • C:\Windows\system32\SndVol.exe
      C:\Windows\system32\SndVol.exe
      1⤵
        PID:1692
      • C:\Users\Admin\AppData\Local\j2n\SndVol.exe
        C:\Users\Admin\AppData\Local\j2n\SndVol.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2080
      • C:\Windows\system32\notepad.exe
        C:\Windows\system32\notepad.exe
        1⤵
          PID:316
        • C:\Users\Admin\AppData\Local\u3P\notepad.exe
          C:\Users\Admin\AppData\Local\u3P\notepad.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3056

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\hvfit\DUI70.dll
          Filesize

          924KB

          MD5

          1907509d5c79c9fccae9b6f9b2c14cea

          SHA1

          f837f19f3f21e1dea6ac87cb4f56d2acb14291d0

          SHA256

          3376a1755364fe0a587b619bccb44fe1321c1330148d7b2d6bc4611145bd6db4

          SHA512

          c650466a016fa9830518b7f0f0a83a324d55ba69ba3f13bb1c7938d28ee511d991c9b8b34f285f5a45b0ee6ae4dc7783d49849206f4958ddd404bb1582892be8

          Download Submit

        • C:\Users\Admin\AppData\Local\j2n\dwmapi.dll
          Filesize

          720KB

          MD5

          b98c41db89e580b2a6cb81485de2881b

          SHA1

          b0a03e11dc5e6f048f7468723972e6438bc9e676

          SHA256

          db9bfa06bd36c5f292ff53ed927d3bd163b9a96a5c96552c84d8e6d4f28b1a88

          SHA512

          0be05a3c4d0decb859cafc68ce725d086b1c56ee7231db9d56ea62fd80b616177b61fa1ec8011f6f18b7e773d5e97c49339379bb0fd9063d39c88edab6d22d8a

          Download Submit

        • C:\Users\Admin\AppData\Local\u3P\VERSION.dll
          Filesize

          720KB

          MD5

          fa5fb00a9e58b3be7a9559b47cf20fb7

          SHA1

          164bc022752b77d8d6b327c19cb3c57e60bc83f2

          SHA256

          4d6bc848927787abcffcff8f524817bfb3ece197f49e2f16342e6595028f9e01

          SHA512

          97e02b5f2cb93646139ea3d9703b71d7202f026ab105b70d1483b3cf55c3c5c0579711837b6e2bcbee33bb9d3af691147e5d3b7dcbad484f99eacfb6a06646a1

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Wkybhziu.lnk
          Filesize

          1KB

          MD5

          e0e43a720a66abdfaa621e72b6c01a00

          SHA1

          5410af680008f4aeede81cfca8049558d6877131

          SHA256

          b7e5375034188127e6c436fa94fac30195819d2338c45c50ee7a7c3c0a13d50a

          SHA512

          080860ddb12b05841c9ee791a74d3cc9a1ec2c544fe4ebe33c51fd552445fcce5130ef8d083672edad3d24799ed01538e7f8ca3d5ed32e70993ab47bc11194b6

          Download Submit

        • \Users\Admin\AppData\Local\hvfit\WindowsAnytimeUpgradeResults.exe
          Filesize

          288KB

          MD5

          6f3f29905f0ec4ce22c1fd8acbf6c6de

          SHA1

          68bdfefe549dfa6262ad659f1578f3e87d862773

          SHA256

          e9c4d718d09a28de8a99386b0dd65429f433837c712314e98ec4f01031af595b

          SHA512

          16a9ad3183d7e11d9f0dd3c79363aa9a7af306f4f35a6f1e0cc1e175ef254e8052ec94dfd600dbe882f9ab41254d482cce9190ab7b0c005a34e46c66e8ff5f9e

          Download Submit

        • \Users\Admin\AppData\Local\j2n\SndVol.exe
          Filesize

          267KB

          MD5

          c3489639ec8e181044f6c6bfd3d01ac9

          SHA1

          e057c90b675a6da19596b0ac458c25d7440b7869

          SHA256

          a632ef1a1490d31d76f13997ee56f4f75796bf9e366c76446857e9ae855f4103

          SHA512

          63b96c8afb8c3f5f969459531d3a543f6e8714d5ca1664c6bbb01edd9f5e850856931d7923f363c9dc7d8843deeaad69722d15993641d04e786e02184446c0c9

          Download Submit

        • \Users\Admin\AppData\Local\u3P\notepad.exe
          Filesize

          189KB

          MD5

          f2c7bb8acc97f92e987a2d4087d021b1

          SHA1

          7eb0139d2175739b3ccb0d1110067820be6abd29

          SHA256

          142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2

          SHA512

          2f37a2e503cffbd7c05c7d8a125b55368ce11aad5b62f17aaac7aaf3391a6886fa6a0fd73223e9f30072419bf5762a8af7958e805a52d788ba41f61eb084bfe8

          Download Submit

        • memory/1412-11-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-26-0x00000000774D0000-0x00000000774D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1412-24-0x0000000002260000-0x0000000002267000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1412-23-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-14-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-13-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-12-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-3-0x0000000077136000-0x0000000077137000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1412-10-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-9-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-8-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-25-0x00000000774A0000-0x00000000774A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1412-35-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-34-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-42-0x0000000077136000-0x0000000077137000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1412-27-0x0000000077341000-0x0000000077342000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1412-6-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-7-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1412-4-0x00000000029E0000-0x00000000029E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2080-75-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2080-72-0x00000000772F0000-0x0000000077499000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2080-76-0x00000000772F0000-0x0000000077499000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2080-70-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2248-30-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/2248-1-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/2248-2-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2768-55-0x0000000140000000-0x00000001400E7000-memory.dmp

          Filesize

          924KB

          Download

        • memory/2768-56-0x00000000772F0000-0x0000000077499000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2768-52-0x00000000772F0000-0x0000000077499000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2768-50-0x0000000140000000-0x00000001400E7000-memory.dmp

          Filesize

          924KB

          Download

        • memory/3056-94-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download