Overview

overview

10

Static

static

3

dac160c6d3...f1.dll

windows7-x64

10

dac160c6d3...f1.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2025 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dac160c6d30f4ea4ee0bfa29faf72f93de7bf24340286ad025ab16fb007a17f1.dll

  • Size

    716KB

  • MD5

    1495a2d3a5052564d2318936861a0530

  • SHA1

    df2db259ff86f00d6b52836e757565346cb77f48

  • SHA256

    dac160c6d30f4ea4ee0bfa29faf72f93de7bf24340286ad025ab16fb007a17f1

  • SHA512

    5319b738bb4922b00e5ad97708c83ce0bc8166b04ed24c89d2f50c510f6e91777bc9c1e04e48ceed6363cfe52abf34dd31186099251da3899b18456b4d4a0d59

  • SSDEEP

    12288:ROCRucgLs3bu9FRcOL5yEPAIiCj6ELV32KrXZiQJ8cXFpoTj:cCroYbu9FvAEPAIiy6ELV32KlFs

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Dridex payload 9 IoCs

    Detects Dridex x64 core DLL in memory.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dac160c6d30f4ea4ee0bfa29faf72f93de7bf24340286ad025ab16fb007a17f1.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2040
  • C:\Windows\system32\CloudNotifications.exe
    C:\Windows\system32\CloudNotifications.exe
    1⤵
      PID:4596
    • C:\Users\Admin\AppData\Local\qvE0d0m\CloudNotifications.exe
      C:\Users\Admin\AppData\Local\qvE0d0m\CloudNotifications.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2496
    • C:\Windows\system32\bdeunlock.exe
      C:\Windows\system32\bdeunlock.exe
      1⤵
        PID:2432
      • C:\Users\Admin\AppData\Local\K44\bdeunlock.exe
        C:\Users\Admin\AppData\Local\K44\bdeunlock.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4952
      • C:\Windows\system32\msconfig.exe
        C:\Windows\system32\msconfig.exe
        1⤵
          PID:1596
        • C:\Users\Admin\AppData\Local\fmk\msconfig.exe
          C:\Users\Admin\AppData\Local\fmk\msconfig.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:744

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\K44\DUI70.dll
          Filesize

          996KB

          MD5

          e21cc63afd28a81eb288eca956839c1c

          SHA1

          c2337dc14234b331b854a7b09d136230da2d5d73

          SHA256

          9e7def3a72698a544b0a8b8eb93b2c0258d17535a80d0c72e1cd141d07ee3718

          SHA512

          972e8a9ac643415faeb9aef23ac18f283704755f39cf8ecbe25964e7e482def0615313c5c1f50aa4288632bab7eccf755a36570270857f09d28044328f5e0bd5

          Download Submit

        • C:\Users\Admin\AppData\Local\K44\bdeunlock.exe
          Filesize

          279KB

          MD5

          fef5d67150c249db3c1f4b30a2a5a22e

          SHA1

          41ca037b0229be9338da4d78244b4f0ea5a3d5f3

          SHA256

          dcfdd67bf3244ff86cadaaea50b43cce5479014ea2021c0c2fb40b7c856e5603

          SHA512

          4ded9ca87d9d30c31ab2baededaa6e26681741ea1742d80c318173536c643a01bc049e03a03c3b45b3cb8860464a855830e12e87670503e65eedcdd5e9b2d1e7

          Download Submit

        • C:\Users\Admin\AppData\Local\fmk\VERSION.dll
          Filesize

          720KB

          MD5

          524d8a05fa164cea5d95723936a7a84e

          SHA1

          733548cb9857ebf32c0872864e8b05df53103211

          SHA256

          c3f7380e77efbb38586fa844f948e9460a810a5419218d86178fcf74e9651252

          SHA512

          3f7b76991b192c7c803caf6033a7fc5ea307bd041f2babb8a82951e7bcecad3fbe4eaed637a28780141335d485ddc9ba77dccaf0315a8314ead5330c804cc404

          Download Submit

        • C:\Users\Admin\AppData\Local\fmk\msconfig.exe
          Filesize

          193KB

          MD5

          39009536cafe30c6ef2501fe46c9df5e

          SHA1

          6ff7b4d30f31186de899665c704a105227704b72

          SHA256

          93d2604f7fdf7f014ac5bef63ab177b6107f3cfc26da6cbd9a7ab50c96564a04

          SHA512

          95c9a8bc61c79108634f5578825544323e3d980ae97a105a325c58bc0e44b1d500637459969602f08d6d23d346baec6acd07d8351803981000c797190d48f03a

          Download Submit

        • C:\Users\Admin\AppData\Local\qvE0d0m\CloudNotifications.exe
          Filesize

          59KB

          MD5

          b50dca49bc77046b6f480db6444c3d06

          SHA1

          cc9b38240b0335b1763badcceac37aa9ce547f9e

          SHA256

          96e7e1a3f0f4f6fc6bda3527ab8a739d6dfcab8e534aa7a02b023daebb3c0775

          SHA512

          2a0504ca336e86b92b2f5eff1c458ebd9df36c496331a7247ef0bb8b82eabd86ade7559ddb47ca4169e8365a97e80e5f1d3c1fc330364dea2450608bd692b1d3

          Download Submit

        • C:\Users\Admin\AppData\Local\qvE0d0m\UxTheme.dll
          Filesize

          720KB

          MD5

          bd707d3daa80f9e0eadd3ba851ec3962

          SHA1

          da1fb8e2e376e922034ef16d41c3c6560dc47432

          SHA256

          a1baf72df1e13b228e7a1d270f4e4368f9ca77402183f85d48db7aef91d6c5ad

          SHA512

          3c121231892c35b863f1930cda2b39ada0e6227071df63e9e8087ad4efb66ed1dcc70d48ef66067432eca2d637317929d1263364278027bb334376251a5aff57

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fkasxldymr.lnk
          Filesize

          1KB

          MD5

          ab5f42f12886903972256e4539ee6c77

          SHA1

          1211519882d4121a7997e6fed6deb52183dfb03d

          SHA256

          e90aa353268bac4b5ac3a4eaadfbf8d782fd8e537cbd137e780f498883911bbd

          SHA512

          7a33638deddb744f2f9c60f5121497df70a647ded27573f0bc53f98743ed06e9bf0615a341b3169da7f53414400ba4f446b2e20666e9f7ac7041df5934634ef9

          Download Submit

        • memory/744-81-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2040-1-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/2040-38-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/2040-0-0x000001A568100000-0x000001A568107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2496-50-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2496-45-0x0000000140000000-0x00000001400B4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2496-47-0x0000027B323E0000-0x0000027B323E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3464-25-0x00007FFFF4EA0000-0x00007FFFF4EB0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3464-24-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/3464-7-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/3464-6-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/3464-14-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/3464-10-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/3464-11-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/3464-35-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/3464-12-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/3464-9-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/3464-26-0x00007FFFF4E90000-0x00007FFFF4EA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3464-23-0x0000000002D60000-0x0000000002D67000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3464-5-0x00007FFFF303A000-0x00007FFFF303B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3464-3-0x0000000002E30000-0x0000000002E31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3464-8-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/3464-13-0x0000000140000000-0x00000001400B3000-memory.dmp

          Filesize

          716KB

          Download

        • memory/4952-66-0x0000000140000000-0x00000001400F9000-memory.dmp

          Filesize

          996KB

          Download

        • memory/4952-63-0x0000000140000000-0x00000001400F9000-memory.dmp

          Filesize

          996KB

          Download

        • memory/4952-61-0x000002158E410000-0x000002158E417000-memory.dmp

          Filesize

          28KB

          Download