Overview

overview

10

Static

static

3

dac160c6d3...f1.dll

windows7-x64

10

dac160c6d3...f1.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2025 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dac160c6d30f4ea4ee0bfa29faf72f93de7bf24340286ad025ab16fb007a17f1.dll

  • Size

    716KB

  • MD5

    1495a2d3a5052564d2318936861a0530

  • SHA1

    df2db259ff86f00d6b52836e757565346cb77f48

  • SHA256

    dac160c6d30f4ea4ee0bfa29faf72f93de7bf24340286ad025ab16fb007a17f1

  • SHA512

    5319b738bb4922b00e5ad97708c83ce0bc8166b04ed24c89d2f50c510f6e91777bc9c1e04e48ceed6363cfe52abf34dd31186099251da3899b18456b4d4a0d59

  • SSDEEP

    12288:ROCRucgLs3bu9FRcOL5yEPAIiCj6ELV32KrXZiQJ8cXFpoTj:cCroYbu9FvAEPAIiy6ELV32KlFs

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 10 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dac160c6d30f4ea4ee0bfa29faf72f93de7bf24340286ad025ab16fb007a17f1.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2432
  • C:\Windows\system32\BdeUISrv.exe
    C:\Windows\system32\BdeUISrv.exe
    1⤵
      PID:3028
    • C:\Users\Admin\AppData\Local\YPnT\BdeUISrv.exe
      C:\Users\Admin\AppData\Local\YPnT\BdeUISrv.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      PID:2640
    • C:\Windows\system32\eudcedit.exe
      C:\Windows\system32\eudcedit.exe
      1⤵
        PID:3036
      • C:\Users\Admin\AppData\Local\YXAUCVXL\eudcedit.exe
        C:\Users\Admin\AppData\Local\YXAUCVXL\eudcedit.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:536
      • C:\Windows\system32\dwm.exe
        C:\Windows\system32\dwm.exe
        1⤵
          PID:352
        • C:\Users\Admin\AppData\Local\jKlG\dwm.exe
          C:\Users\Admin\AppData\Local\jKlG\dwm.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1020

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\YPnT\WTSAPI32.dll
          Filesize

          720KB

          MD5

          f5e138d005dcdb27d5b920b69c98682d

          SHA1

          fe2d647e61a9a8ca68b0107446d896e340caae68

          SHA256

          4bfe445c17f4acf532c62dd67707ad0adf5e13ba220b4142b35191afbbf90fcf

          SHA512

          43bcd0733cbae1ce13fc67e79692478f8125e29310a3a34fe6ad0e481ce87d2d31bce3a52c88e8c634af22e19861f322ed4114ae420e0416e64c22bdf7c11318

          Download Submit

        • C:\Users\Admin\AppData\Local\YXAUCVXL\MFC42u.dll
          Filesize

          744KB

          MD5

          6fa9b9831ffbf45192f9e983ab6a6c06

          SHA1

          82bd618abac2bbd4fbac2739bcf559e47105b316

          SHA256

          3893678ce09939980d92d318697f040a2fb25cacc500f125fd3f3f6477747a8b

          SHA512

          bf21d2b92b42f15f4ca45a01c1d117ea929839465860b5437ad83bbe73c443365455cbc6ec6ddb523781d25b66c22ff9240a1df126716c20c890bc93a71ff2e9

          Download Submit

        • C:\Users\Admin\AppData\Local\jKlG\UxTheme.dll
          Filesize

          720KB

          MD5

          6df8009b9e469aef7b0778578fac1226

          SHA1

          7ae987a601ab6f3b741a5e836dff58a374c6e793

          SHA256

          1986d1caab723954f090f2fec35f3925929e1b5fed2a5ed209c94e607fdbd138

          SHA512

          55786e539e31f70c00d66149f5a9267c1cc6fa278d5b8cc3b6ef8652f8d67fc1851f1f2a469fac317bf72ee2928c7de385f69fc76485481536633328801665ad

          Download Submit

        • C:\Users\Admin\AppData\Local\jKlG\dwm.exe
          Filesize

          117KB

          MD5

          f162d5f5e845b9dc352dd1bad8cef1bc

          SHA1

          35bc294b7e1f062ef5cb5fa1bd3fc942a3e37ae2

          SHA256

          8a7b7528db30ab123b060d8e41954d95913c07bb40cdae32e97f9edb0baf79c7

          SHA512

          7077e800453a4564a24af022636a2f6547bdae2c9c6f4ed080d0c98415ecc4fbf538109cbebd456e321b9b74a00613d647b63998e31925fbd841fc9d4613e851

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ykefwsdudlbqds.lnk
          Filesize

          1010B

          MD5

          2e06cfccd463caf8812b358325d2fc68

          SHA1

          d330a2aedbe375e37876caab823c79221faeb7c5

          SHA256

          a7f19e07ca99d53bb51b981d3ca955cd22cb903d5575062787ad538ca761bf96

          SHA512

          38eac4249ab28a748b96a8ca4b4156230451d2186a93b5f25728c9c3b5d72e6971a65d9264497a5e7bbc40b90e8f76ba94442797d17eb2b2400f048ddc36bc76

          Download Submit

        • \Users\Admin\AppData\Local\YPnT\BdeUISrv.exe
          Filesize

          47KB

          MD5

          1da6b19be5d4949c868a264bc5e74206

          SHA1

          d5ee86ba03a03ef8c93d93accafe40461084c839

          SHA256

          00330a0e0eb1dbb6ee84997963f8e15c7c15c1df787f1c7f109609d7b31bd35c

          SHA512

          9cee858c55eb0852e5bad53a675a094ae591b46b07afe9fb4224cac32e0be577fe36c1ed3e9f6bda4d4eb0c924a773d00e3181cd97f07e24c6c68c70f2b002c6

          Download Submit

        • \Users\Admin\AppData\Local\YXAUCVXL\eudcedit.exe
          Filesize

          351KB

          MD5

          35e397d6ca8407b86d8a7972f0c90711

          SHA1

          6b39830003906ef82442522d22b80460c03f6082

          SHA256

          1f64118bdc3515e8e9fce6ad182f6d0c8a6528d638fedb4901a6152cde4c7cde

          SHA512

          71b0c4ac120e5841308b0c19718bdc28366b0d79c8177091328ef5421392b9ee5e4758816ffb8c0977f178e1b33ed064f64781eaf7d6952878dc8aea402f035e

          Download Submit

        • memory/536-77-0x0000000140000000-0x00000001400BA000-memory.dmp

          Filesize

          744KB

          Download

        • memory/536-78-0x0000000077180000-0x0000000077329000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/536-72-0x0000000140000000-0x00000001400BA000-memory.dmp

          Filesize

          744KB

          Download

        • memory/536-74-0x0000000077180000-0x0000000077329000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1020-93-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/1236-36-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-24-0x0000000002530000-0x0000000002537000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1236-6-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-29-0x00000000771D1000-0x00000000771D2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1236-26-0x0000000077360000-0x0000000077362000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1236-25-0x0000000077330000-0x0000000077332000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1236-3-0x0000000076FC6000-0x0000000076FC7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1236-37-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-4-0x0000000002550000-0x0000000002551000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1236-46-0x0000000076FC6000-0x0000000076FC7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1236-10-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-11-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-7-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-8-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-23-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-9-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-12-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-13-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/1236-14-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/2432-45-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/2432-0-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/2432-2-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2640-59-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2640-60-0x0000000077180000-0x0000000077329000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2640-56-0x0000000077180000-0x0000000077329000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2640-54-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download