Overview

overview

10

Static

static

3

899bcc783c...5f.dll

windows7-x64

10

899bcc783c...5f.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-01-2025 11:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    899bcc783c6c38bbc60b714b79c0bd93e7752b34dd0f3ed1020837d65441b15f.dll

  • Size

    768KB

  • MD5

    c8943ebd87a704959163401518291eff

  • SHA1

    436ad153aa4e9c163b885519a4b32aa69f0dca8f

  • SHA256

    899bcc783c6c38bbc60b714b79c0bd93e7752b34dd0f3ed1020837d65441b15f

  • SHA512

    bd9a2fc83e68f853ebe4798f192b2d033ccad0d24d29eba410d160a55cd5fad49f3f74f1bed6df3110bcb69216b642bd90c5c6536ac71d61ed9b014aa9ce324e

  • SSDEEP

    24576:J4ld9/EkwVK+KFjZBxJ4PgGnMsMryIxNB:JK9/EkpVFjPxeftBaj

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\899bcc783c6c38bbc60b714b79c0bd93e7752b34dd0f3ed1020837d65441b15f.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2664
  • C:\Windows\system32\RdpSaUacHelper.exe
    C:\Windows\system32\RdpSaUacHelper.exe
    1⤵
      PID:4940
    • C:\Users\Admin\AppData\Local\LGs\RdpSaUacHelper.exe
      C:\Users\Admin\AppData\Local\LGs\RdpSaUacHelper.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:536
    • C:\Windows\system32\psr.exe
      C:\Windows\system32\psr.exe
      1⤵
        PID:1472
      • C:\Users\Admin\AppData\Local\5atIxYt\psr.exe
        C:\Users\Admin\AppData\Local\5atIxYt\psr.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2716
      • C:\Windows\system32\WMPDMC.exe
        C:\Windows\system32\WMPDMC.exe
        1⤵
          PID:1348
        • C:\Users\Admin\AppData\Local\f7AG\WMPDMC.exe
          C:\Users\Admin\AppData\Local\f7AG\WMPDMC.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3176

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\5atIxYt\VERSION.dll
          Filesize

          772KB

          MD5

          505a3c1eab1e4fb76d16a5db1603cbc1

          SHA1

          f7126e58c4fed52c78ab30b6f3bdb6f97847a4d4

          SHA256

          206ddc402390df2313c2acb907e1cf8df636e7e9a07ad8d2a809f6c9341ab9dc

          SHA512

          73b72dd4ec98b977b57446fddf42f16e73daa2bbed66458a32ce87c65ce6bbdde195b62b014aeda71d30b829a8b687dfd0c51027e624520313bab741370ff7c1

          Download Submit

        • C:\Users\Admin\AppData\Local\5atIxYt\psr.exe
          Filesize

          232KB

          MD5

          ad53ead5379985081b7c3f1f357e545a

          SHA1

          6f5aa32c1d15fbf073558fadafd046d97b60184e

          SHA256

          4f0144f0e3e721b44babbf41b513942e4117f730546105480571f9c8fce56a1f

          SHA512

          433098bd74c34fbadfa447ef45cfa9dc076aef4cf7f2a0a6fe79d5e67f2504eebe8aa31fc1b7a4c5eeb20ede2c5485f75ad0fd77b4ecba3d68ca63313e6f6ea0

          Download Submit

        • C:\Users\Admin\AppData\Local\LGs\RdpSaUacHelper.exe
          Filesize

          33KB

          MD5

          0d5b016ac7e7b6257c069e8bb40845de

          SHA1

          5282f30e90cbd1be8da95b73bc1b6a7d041e43c2

          SHA256

          6a6fdd834af9c79c5ffc5e6b51700030259aeae535f8626df84b07b7d2cee067

          SHA512

          cd44d8b70fc67c692e6966b4ad86a7de9c96df0bade1b3a80cb4767be159d64f3cc04dc5934f7d843b15101865089e43b8aecabddc370b22caf0c48b56b3430e

          Download Submit

        • C:\Users\Admin\AppData\Local\LGs\WINSTA.dll
          Filesize

          776KB

          MD5

          5d6a74b4f3db5df684ea6f58559f072e

          SHA1

          6d13cc8b820a2f34c214fc7efbcc220a5ee8cdf1

          SHA256

          3e8682542a87b20da9192e59dd8fd44175620344cd7fdd61e3ae614d6f58c34f

          SHA512

          1e46a70e67252c67ecb291d5a7b410644570b045cfb7814b6d9b2adfd6e28cf2124367b3bd7437d3657c68462a745386e0c392cde13775b9f2b27ac7a97097cd

          Download Submit

        • C:\Users\Admin\AppData\Local\f7AG\UxTheme.dll
          Filesize

          772KB

          MD5

          d153b4e24232a8156a9f9139f232b221

          SHA1

          e19f408c0deb03506140670554ce7f1e32228431

          SHA256

          d2bd967916abb466b6a2bda52172c168f80bb0a62d5f157d1c58e5a68c37565b

          SHA512

          9fccaa5dead480b890ef95fc0192776124d399ec58e3118283c3800a7e14f78a23767404162ef51491828086a001a79fbd6a0365fc43a86056e757c5b53f4fcc

          Download Submit

        • C:\Users\Admin\AppData\Local\f7AG\WMPDMC.exe
          Filesize

          1.5MB

          MD5

          59ce6e554da0a622febce19eb61c4d34

          SHA1

          176a4a410cb97b3d4361d2aea0edbf17e15d04c7

          SHA256

          c36eba7186f7367fe717595f3372a49503c9613893c2ab2eff38b625a50d04ba

          SHA512

          e9b0d310416b66e0055381391bb6b0c19ee26bbcf0e3bb9ea7d696d5851e6efbdd9bdeb250c74638b7d73b20528ea1dfb718e75ad5977aaad77aae36cc7b7e18

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Iyqor.lnk
          Filesize

          1KB

          MD5

          ee1fb3a134c55d3d7ae6d5a82dc95454

          SHA1

          19a257e6b2112a47bd12a64c83bf5f78eac30a7c

          SHA256

          d9526768e39561820bdef7d29f99a29b4246ac26a8245dd151b489cfbf18112e

          SHA512

          a2bb35ae1f71632c3ccd963339874231a594405a13e7ad3a71a10a943ada4c267cc158a6d8df24d90817231d2b524a76fc15e0f4c9e4c3377b013714f23eb959

          Download Submit

        • memory/536-49-0x00007FFE25E80000-0x00007FFE25F42000-memory.dmp

          Filesize

          776KB

          Download

        • memory/536-48-0x00000207B5920000-0x00000207B5927000-memory.dmp

          Filesize

          28KB

          Download

        • memory/536-45-0x00007FFE25E80000-0x00007FFE25F42000-memory.dmp

          Filesize

          776KB

          Download

        • memory/2664-13-0x00007FFE265D0000-0x00007FFE26690000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2664-0-0x00007FFE265D0000-0x00007FFE26690000-memory.dmp

          Filesize

          768KB

          Download

        • memory/2664-3-0x0000021221230000-0x0000021221237000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2716-62-0x000001E987EB0000-0x000001E987EB7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2716-59-0x00007FFE25E80000-0x00007FFE25F41000-memory.dmp

          Filesize

          772KB

          Download

        • memory/2716-63-0x00007FFE25E80000-0x00007FFE25F41000-memory.dmp

          Filesize

          772KB

          Download

        • memory/3176-73-0x00007FFE25CD0000-0x00007FFE25D91000-memory.dmp

          Filesize

          772KB

          Download

        • memory/3176-76-0x00000282FEE30000-0x00000282FEE37000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3176-77-0x00007FFE25CD0000-0x00007FFE25D91000-memory.dmp

          Filesize

          772KB

          Download

        • memory/3520-23-0x00000000012F0000-0x00000000012F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3520-33-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-35-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-7-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-9-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-10-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-11-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-12-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-14-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-15-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-16-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-24-0x00007FFE354E0000-0x00007FFE354F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3520-22-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-8-0x0000000140000000-0x00000001400C0000-memory.dmp

          Filesize

          768KB

          Download

        • memory/3520-4-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3520-5-0x00007FFE33C8A000-0x00007FFE33C8B000-memory.dmp

          Filesize

          4KB

          Download