Overview

overview

10

Static

static

3

b723987104...47.dll

windows7-x64

10

b723987104...47.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-01-2025 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b723987104cf85aaedc0a5dc457d13be8fa1e12526a8b59551729bcc9b0a6247.dll

  • Size

    776KB

  • MD5

    435455aa73a48604914eb8271db3b4a3

  • SHA1

    8d321b4bd4eb646f18e6507fff8eaa1f93982375

  • SHA256

    b723987104cf85aaedc0a5dc457d13be8fa1e12526a8b59551729bcc9b0a6247

  • SHA512

    797db5b4854395b5b4a0904abcf3e56b43d99faa507c70954216128dcd2861566d78a0d9e6f573aa7ffa3eb220212911e9a8e54a20bc7d0d01e1e0cabd81610f

  • SSDEEP

    24576:1WyoqFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ij:gKuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b723987104cf85aaedc0a5dc457d13be8fa1e12526a8b59551729bcc9b0a6247.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2104
  • C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
    C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
    1⤵
      PID:2556
    • C:\Users\Admin\AppData\Local\l1SPYdqg\SystemPropertiesDataExecutionPrevention.exe
      C:\Users\Admin\AppData\Local\l1SPYdqg\SystemPropertiesDataExecutionPrevention.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2984
    • C:\Windows\system32\mblctr.exe
      C:\Windows\system32\mblctr.exe
      1⤵
        PID:776
      • C:\Users\Admin\AppData\Local\0LLiHDoJ\mblctr.exe
        C:\Users\Admin\AppData\Local\0LLiHDoJ\mblctr.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1064
      • C:\Windows\system32\icardagt.exe
        C:\Windows\system32\icardagt.exe
        1⤵
          PID:2592
        • C:\Users\Admin\AppData\Local\mS4S11\icardagt.exe
          C:\Users\Admin\AppData\Local\mS4S11\icardagt.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2808

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\0LLiHDoJ\WINMM.dll
          Filesize

          784KB

          MD5

          4de2877888c854fff4a14c6c23d113fc

          SHA1

          8f87892ecc461bd84b4cc0c3233b7b23436ef46a

          SHA256

          ecd23123b651c9da901948491bfaa340bb7846eb556b27313fe5625ccf18371f

          SHA512

          a83d812e781787825afe379f5e6a3b88d2c553c5bd2d9cfcaeae164dab00adb3cd9009b516b1b215870a6a4d602cf0e66c2aef5d8740448675fe6b17a50ca368

          Download Submit

        • C:\Users\Admin\AppData\Local\0LLiHDoJ\mblctr.exe
          Filesize

          935KB

          MD5

          fa4c36b574bf387d9582ed2c54a347a8

          SHA1

          149077715ee56c668567e3a9cb9842284f4fe678

          SHA256

          b71cdf708d4a4f045f784de5e5458ebf9a4fa2b188c3f7422e2fbfe19310be3f

          SHA512

          1f04ce0440eec7477153ebc2ce56eaabcbbac58d9d703c03337f030e160d22cd635ae201752bc2962643c75bbf2036afdd69d97e8cbc81260fd0e2f55946bb55

          Download Submit

        • C:\Users\Admin\AppData\Local\l1SPYdqg\SYSDM.CPL
          Filesize

          776KB

          MD5

          6546a2fec9546a5544198c4d0505744f

          SHA1

          46cabb577f518f928a3c60d4bc09b65c94380f65

          SHA256

          e549ecd21d92227fa4a8294230df643444f242e0dc80a8b0e54c50a159d9e095

          SHA512

          885f66b48b308f90684a0df785084ca4a3ec425f12137d7cf212eeafda728407c0b14cd16e4a637837d429b9809c9ba89134a55fb705db9f1266235eade0aa7b

          Download Submit

        • C:\Users\Admin\AppData\Local\mS4S11\UxTheme.dll
          Filesize

          780KB

          MD5

          00522cfdc0a5dcbaa43c1181578e7259

          SHA1

          bafca2f5992bef20d0f280a3b5645d82d852aa5c

          SHA256

          6cf95637b08706ebc3bdb66e278b66b2041ed6dee64979d4b8d1454a90082bb3

          SHA512

          5d41c6329cd37523c09d6523746833c1f8b1f6483ba8af499ea2a34e00db0cf35b7fc1d92b396f2591f168db2703d61be6a3ca6487718d4f36e52c7b0e022de1

          Download Submit

        • C:\Users\Admin\AppData\Local\mS4S11\icardagt.exe
          Filesize

          1.3MB

          MD5

          2fe97a3052e847190a9775431292a3a3

          SHA1

          43edc451ac97365600391fa4af15476a30423ff6

          SHA256

          473d17e571d6947ce93103454f1e9fe27136403125152b97acb6cad5cc2a9ac7

          SHA512

          93ed1f9ef6fb256b53df9c6f2ce03301c0d3a0ef49c3f0604872653e4ba3fce369256f50604dd8386f543e1ea9231f5700213e683d3ea9af9e4d6c427a19117a

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ykefwsdudlbqds.lnk
          Filesize

          1KB

          MD5

          3c130945906b460a21d37618f9fa9456

          SHA1

          2ffc10210df1c9e2e94a6e523f0e4445fb348c61

          SHA256

          0d5c23fc16249171f5c64bc8bea945e672c61f3ccc28413f3904040f64db3a92

          SHA512

          35ada0273452eec877310fe8b59766d2e1f39bc4b7a53e8ea270adf4b94b2a19be8097d1b715f0b2a16959a2528b77d2d12f7514c4fed60e2871e2239fc296df

          Download Submit

        • \Users\Admin\AppData\Local\l1SPYdqg\SystemPropertiesDataExecutionPrevention.exe
          Filesize

          80KB

          MD5

          e43ff7785fac643093b3b16a9300e133

          SHA1

          a30688e84c0b0a22669148fe87680b34fcca2fba

          SHA256

          c8e1b3ecce673035a934d65b25c43ec23416f5bbf52d772e24e48e6fd3e77e9b

          SHA512

          61260999bb57817dea2d404bcf093820679e597298c752d38db181fe9963b5fa47e070d6a3c7c970905035b396389bb02946b44869dc8b9560acc419b065999a

          Download Submit

        • memory/1064-74-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1064-75-0x000007FEF67C0000-0x000007FEF6884000-memory.dmp

          Filesize

          784KB

          Download

        • memory/1064-69-0x000007FEF67C0000-0x000007FEF6884000-memory.dmp

          Filesize

          784KB

          Download

        • memory/1280-11-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-15-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-8-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-7-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-22-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-23-0x0000000077641000-0x0000000077642000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1280-24-0x00000000777A0000-0x00000000777A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1280-33-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-37-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-39-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-42-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-10-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-106-0x0000000077436000-0x0000000077437000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1280-4-0x0000000077436000-0x0000000077437000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1280-5-0x00000000029B0000-0x00000000029B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1280-9-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-13-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/1280-21-0x0000000002990000-0x0000000002997000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1280-14-0x0000000140000000-0x00000001400C2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2104-12-0x000007FEF6DE0000-0x000007FEF6EA2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2104-0-0x000007FEF6DE0000-0x000007FEF6EA2000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2104-3-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2808-87-0x000007FEF67C0000-0x000007FEF6883000-memory.dmp

          Filesize

          780KB

          Download

        • memory/2808-92-0x000007FEF67C0000-0x000007FEF6883000-memory.dmp

          Filesize

          780KB

          Download

        • memory/2984-56-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2984-57-0x000007FEF6DE0000-0x000007FEF6EA2000-memory.dmp

          Filesize

          776KB

          Download