Overview

overview

10

Static

static

3

7d0d0741e7...2N.dll

windows7-x64

10

7d0d0741e7...2N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-01-2025 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d0d0741e73494cff1e171462a4ea59722bac96b61e879434a8bb9db08ff5e02N.dll

  • Size

    780KB

  • MD5

    775a049f3b2398ff45264c04593ff930

  • SHA1

    5e9196f8fcf4c5de7a6ccc6735448f32e3bd0b8e

  • SHA256

    7d0d0741e73494cff1e171462a4ea59722bac96b61e879434a8bb9db08ff5e02

  • SHA512

    f57692d7ea085e6c203f760c4257f7b963f6e9dfbcc168612664069b68539825754d0729f30854fd435932eb7e597b2ccba11bec90961cba21a5b85c24e6444a

  • SSDEEP

    12288:kbP23onr2XV7KrPqgmNiQhDOy4/AT4r/E16K1QS/lsHAGHdDvRQ2sd1gqQ:kbe42XV7KWgmjDR/T4a/Mdjm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d0d0741e73494cff1e171462a4ea59722bac96b61e879434a8bb9db08ff5e02N.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2172
  • C:\Windows\system32\rrinstaller.exe
    C:\Windows\system32\rrinstaller.exe
    1⤵
      PID:2880
    • C:\Users\Admin\AppData\Local\Nyvm4jVg\rrinstaller.exe
      C:\Users\Admin\AppData\Local\Nyvm4jVg\rrinstaller.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2828
    • C:\Windows\system32\dvdupgrd.exe
      C:\Windows\system32\dvdupgrd.exe
      1⤵
        PID:2632
      • C:\Users\Admin\AppData\Local\vopO\dvdupgrd.exe
        C:\Users\Admin\AppData\Local\vopO\dvdupgrd.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1188
      • C:\Windows\system32\mmc.exe
        C:\Windows\system32\mmc.exe
        1⤵
          PID:2812
        • C:\Users\Admin\AppData\Local\6X06Q\mmc.exe
          C:\Users\Admin\AppData\Local\6X06Q\mmc.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1580

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\6X06Q\UxTheme.dll
          Filesize

          784KB

          MD5

          16938caf3517dff7b8b01ea13eb27965

          SHA1

          5388141b421468af2264fe38f31812f6c4e06a24

          SHA256

          6ae526487d408a4ef9235b9251206e8d045b988fa33b005866422584e1bdcc2a

          SHA512

          f693a5104326dc18fca7c27065c176bd917b509f18be7a6b65e5ded9e0eda9aee529b2462f1f3b87c475034ddc44529bc74b058a0872b3e972f8daa7c41f296f

          Download Submit

        • C:\Users\Admin\AppData\Local\6X06Q\mmc.exe
          Filesize

          2.0MB

          MD5

          9fea051a9585f2a303d55745b4bf63aa

          SHA1

          f5dc12d658402900a2b01af2f018d113619b96b8

          SHA256

          b212e59e4c7fe77f6f189138d9d8b151e50eb83a35d6eadfb1e4bb0b4262c484

          SHA512

          beba79f0b6710929871fbdf378d3c0a41f230ac30cbfa87173f7b77c35e06425f48db42ed3b16d5d9bcb7ef0098dffcd0d2947da8fb7ec1136ea62205f1afc76

          Download Submit

        • C:\Users\Admin\AppData\Local\Nyvm4jVg\MFPlat.DLL
          Filesize

          788KB

          MD5

          4a7f36a503fb5c9da297ac091a0ef8e7

          SHA1

          359b1152f1f80701da67cb73cf0e384ceee8f175

          SHA256

          a57d6fd40d99980844159ad10e226f93406af9a87f12f1d0ef155081000896e6

          SHA512

          f7c08c396dd263ce93178e42d0c0aa8c7b06c532d77c3308c874a09d40d14faefe3e8c5114546ebb6dfbd4df824edbd95776efed34d089d0f56ad69738d85ec0

          Download Submit

        • C:\Users\Admin\AppData\Local\vopO\VERSION.dll
          Filesize

          780KB

          MD5

          65116a08299263bd7d8ddf7e827f6951

          SHA1

          6b1ae4b68941016f4a8135c7f3e6905949418cf9

          SHA256

          2ae0ef518c6a4a7a09e2f0c6f628e2b79753a8d088a35699d396fc84408891e6

          SHA512

          ef44de1d92747ecf8c3cd11f09e8fdccc30768213806ee53dbb99780fe3dd968ffb82b1b6d5cf5e5f473ef9773d32692c0a2c1c8f50efda5dc8ad4d1d8b0b3f4

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Wkybhziu.lnk
          Filesize

          998B

          MD5

          421b14faa5d8a6f61cd2f2ec678697fd

          SHA1

          37beb2ce8485e9b14a2febb4f97e505595b576a1

          SHA256

          e27abc729b43c08c1bac10cea5e2438dcfd7a685098b40350aa3190ca07b575e

          SHA512

          919a24c0c45139a35395d7f800e7a22ac14a33f37224428b7d808e5daffe84cce4e27f2d0d6e3a76a97dec99e6411098acfe7bd6a0f31134898a6d423bf1765c

          Download Submit

        • \Users\Admin\AppData\Local\Nyvm4jVg\rrinstaller.exe
          Filesize

          54KB

          MD5

          0d3a73b0b30252680b383532f1758649

          SHA1

          9f098d2037e4dd94eca6d04c37b3d4ad8b0cc931

          SHA256

          fc8a992b6ac311e1b1491ec3e31e273a41f7fdf3f68176321307b68489a03fbc

          SHA512

          a7961f4d8d0e07959d1501d721c7751b01af6704c7da5c1f31e40de5372ee6a1fce2f3e0077c8e6a1bed017e11ce4be9b0d17c04e30b222fb3f0df67b870b2d4

          Download Submit

        • \Users\Admin\AppData\Local\vopO\dvdupgrd.exe
          Filesize

          25KB

          MD5

          75a9b4172eac01d9648c6d2133af952f

          SHA1

          63c7e1af762d2b584e9cc841e8b0100f2a482b81

          SHA256

          18f9f520c7157023b0e7dfe7433a63c4dedd47b04d24aac4038b795893050736

          SHA512

          5a7a2c7f184efd9c84256a1a0a5e7aeb95432d63a567196be54e7a9437a5ada9b922983c5fc0cafb16eab4493665d8e56e2f646f9f6a2d6179986925ffcdf769

          Download Submit

        • memory/1188-70-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1188-64-0x0000000000170000-0x0000000000177000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1192-31-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-9-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-10-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-28-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-27-0x00000000774C0000-0x00000000774C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1192-26-0x0000000077361000-0x0000000077362000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-23-0x0000000002AC0000-0x0000000002AC7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1192-22-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-8-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-97-0x0000000077156000-0x0000000077157000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-38-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-4-0x0000000077156000-0x0000000077157000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-15-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-7-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-11-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-12-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-13-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/1192-5-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1580-82-0x0000000000240000-0x0000000000247000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1580-83-0x0000000140000000-0x00000001400C4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/1580-89-0x0000000140000000-0x00000001400C4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/1580-87-0x00000000FFCB0000-0x00000000FFEC0000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/2172-14-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/2172-0-0x0000000000280000-0x0000000000287000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2172-1-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/2828-47-0x0000000140000000-0x00000001400C5000-memory.dmp

          Filesize

          788KB

          Download

        • memory/2828-52-0x0000000140000000-0x00000001400C5000-memory.dmp

          Filesize

          788KB

          Download

        • memory/2828-46-0x0000000000210000-0x0000000000217000-memory.dmp

          Filesize

          28KB

          Download