Overview

overview

10

Static

static

3

12ea510522...0N.dll

windows7-x64

10

12ea510522...0N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2025 17:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12ea5105223f47e666b8ada79a01b005d6f9e8a2e2473f4806122462e2f8e4d0N.dll

  • Size

    800KB

  • MD5

    5dbc2a1522bc37b5103a1cbcd8fb0520

  • SHA1

    ca646063f9e2cc6ca352f0bb81d67d9aef78a02f

  • SHA256

    12ea5105223f47e666b8ada79a01b005d6f9e8a2e2473f4806122462e2f8e4d0

  • SHA512

    51768b4c6a6396ba6282bb3d5f3347440e884a1f258d40f2567b09564b429c676e211f8f610961c5eda27b0fb7e64c29ad0a888c9cd75df584d22c60cc3a5033

  • SSDEEP

    12288:wGVNJAvuPFUl/faxmVlBLXKCgFfEK7JRLeHlX//ve7wEN:h3JAvRl/fKQKCgFfx4P/vaw

Score
10/10
dridexbotnetdiscoveryevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\12ea5105223f47e666b8ada79a01b005d6f9e8a2e2473f4806122462e2f8e4d0N.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:4692
  • C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\sppsvc.exe
    1⤵
      PID:1060
    • C:\Users\Admin\AppData\Local\nTMi8\sppsvc.exe
      C:\Users\Admin\AppData\Local\nTMi8\sppsvc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2016
    • C:\Windows\system32\shrpubw.exe
      C:\Windows\system32\shrpubw.exe
      1⤵
        PID:4160
      • C:\Users\Admin\AppData\Local\s1Ju3D\shrpubw.exe
        C:\Users\Admin\AppData\Local\s1Ju3D\shrpubw.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Suspicious behavior: GetForegroundWindowSpam
        PID:4904
      • C:\Windows\system32\SnippingTool.exe
        C:\Windows\system32\SnippingTool.exe
        1⤵
        • System Network Configuration Discovery: Internet Connection Discovery
        PID:4880
      • C:\Users\Admin\AppData\Local\WoDXam\SnippingTool.exe
        C:\Users\Admin\AppData\Local\WoDXam\SnippingTool.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • System Network Configuration Discovery: Internet Connection Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        PID:3268

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\WoDXam\OLEACC.dll
        Filesize

        804KB

        MD5

        77436ec3bb94dbdba0d8c52245006812

        SHA1

        ac35edf631fe487c46fcd9fef913726bcf3526ab

        SHA256

        7da1b96e55e345abbcc5147bea056fdc2962f7f7ca1da94c3ea6e302c47a93f9

        SHA512

        15d3afa62c76224b282b71098f6c946c402e9937dbb807fbf335786bf687d128e6d35a7bc4a753561fa456d64e79f2b600bf7d4b314d643f8d697f4c10ba8734

        Download Submit

      • C:\Users\Admin\AppData\Local\WoDXam\SnippingTool.exe
        Filesize

        3.2MB

        MD5

        f06d69f2fdd4d6a4e16f55769b7dccc1

        SHA1

        735eb9b032d924b59a8767b9d49bdb88bed05220

        SHA256

        83be001996cd4d9e5a1a8cd130e17e5b5ee81c9b5cf1b9d9196d8a39fbf7506d

        SHA512

        ccc1bff59636e91763659749d67b9f6255765ed5aed4b40b6f8111d4136a7e2fe9e0726396b0c837e4ab8717528134273ffc0825a205e501a13bf1d3aee5046b

        Download Submit

      • C:\Users\Admin\AppData\Local\nTMi8\XmlLite.dll
        Filesize

        804KB

        MD5

        e8e4ac08830be0bdff870136011cb025

        SHA1

        0f3408c3a111412e4c77c284008d93e98dff8989

        SHA256

        97f7ed6a270a33e0fa8977a1b526ec2395876c162858bb6a6c9e9221cb05c830

        SHA512

        281ec2ccda96b2f878626746559f66729aa989f3617b9f0658fcf473540efb0add2dfcc0093fc1f983f1b72f7bfc668979bf9c92879c81475f06ab199f0d2ea6

        Download Submit

      • C:\Users\Admin\AppData\Local\nTMi8\sppsvc.exe
        Filesize

        4.4MB

        MD5

        ec6cef0a81f167668e18fa32f1606fce

        SHA1

        6d56837a388ae5573a38a439cee16e6dde5b4de8

        SHA256

        82c59a2f606ebf1a8a0de16be150600ac63ad8351c6bf3952c27a70257cb70f8

        SHA512

        f40b37675329ca7875d958b4b0019082548a563ada217c7431c2ca5c7f93957b242f095f7f04bcdd6240b97ea99e89bfe3a003f97c43366d00a93768fef7b4c5

        Download Submit

      • C:\Users\Admin\AppData\Local\s1Ju3D\MFC42u.dll
        Filesize

        828KB

        MD5

        7c5c600ca9a19a50074bc7aa0bdcd685

        SHA1

        ec4729c370a4b85ec4ee79e574c249bb76f6a544

        SHA256

        bfc1cc8f557ae0c6fc4bc52a6e5348e32b5a00ace68b0ce98e6e75e4cf0ecdcc

        SHA512

        d4ca67148c2c86c6971c8a41d4db9fe2437180579c033b694f85e29f5aa28d4dfd5c4fda0608fa04853d01f695294d17a5007fd76e0738bd278dd0c635680086

        Download Submit

      • C:\Users\Admin\AppData\Local\s1Ju3D\shrpubw.exe
        Filesize

        59KB

        MD5

        9910d5c62428ec5f92b04abf9428eec9

        SHA1

        05f27d7515e8ae1fa3bc974ec65b864ec4c9ac8b

        SHA256

        6b84e6e55d8572d7edf0b6243d00abb651fcb0cddddac8461de5f9bb80035a2e

        SHA512

        01be043f7ff879a683e53962eec58456ba200d6787ea66581bb62669ae65d5e58a5577cdf23441165f7a535fce1dec933e3ad2465c72172b4a1488b24ce722cb

        Download Submit

      • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Zugrajzkhopu.lnk
        Filesize

        1KB

        MD5

        2ef926f83586d74d7ccadef30af464c7

        SHA1

        0430b08af6b15497f86de74f5370f01ef1d15e3b

        SHA256

        bcadff5ead7d89a00edfd8a8f104c3c3d932a17a5fa4bd9343a5875ef7cbe146

        SHA512

        3befcb08482d4df1b683864748ddfb1dfd2d7754ac252ac543808d9aadc450f2344d6c0d9d0eeb18ba228fd492e72713c18c4bd3af7db4faf874f3e1e05dbe0b

        Download Submit

      • memory/2016-49-0x0000000140000000-0x00000001400C9000-memory.dmp

        Filesize

        804KB

        Download

      • memory/2016-44-0x0000000140000000-0x00000001400C9000-memory.dmp

        Filesize

        804KB

        Download

      • memory/2016-43-0x000001E61C5A0000-0x000001E61C5A7000-memory.dmp

        Filesize

        28KB

        Download

      • memory/3268-83-0x0000000140000000-0x00000001400C9000-memory.dmp

        Filesize

        804KB

        Download

      • memory/3268-82-0x00000233409D0000-0x00000233409D7000-memory.dmp

        Filesize

        28KB

        Download

      • memory/3540-34-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3540-21-0x0000000000EE0000-0x0000000000EE7000-memory.dmp

        Filesize

        28KB

        Download

      • memory/3540-7-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3540-32-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3540-6-0x00007FFF93C5A000-0x00007FFF93C5B000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3540-9-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3540-14-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3540-10-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3540-11-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3540-8-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3540-25-0x00007FFF95020000-0x00007FFF95030000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3540-22-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/3540-4-0x0000000002D20000-0x0000000002D21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3540-12-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/4692-13-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/4692-0-0x0000000002600000-0x0000000002607000-memory.dmp

        Filesize

        28KB

        Download

      • memory/4692-2-0x0000000140000000-0x00000001400C8000-memory.dmp

        Filesize

        800KB

        Download

      • memory/4904-60-0x0000000140000000-0x00000001400CF000-memory.dmp

        Filesize

        828KB

        Download

      • memory/4904-66-0x0000000140000000-0x00000001400CF000-memory.dmp

        Filesize

        828KB

        Download

      • memory/4904-63-0x00000258BB4A0000-0x00000258BB4A7000-memory.dmp

        Filesize

        28KB

        Download