Overview

overview

10

Static

static

3

138cd54735...7N.dll

windows7-x64

10

138cd54735...7N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2025 14:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277N.dll

  • Size

    984KB

  • MD5

    89f99b617454ae1d26f9c5614f19fd30

  • SHA1

    43194372fae7b50a95e00580ce5d64134e4c1b7d

  • SHA256

    138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277

  • SHA512

    fb0445aba4301466b7c5d8dea9afbf87e0ab5d0bbbcee924d22af97700370f0dd13a80691ab322ffabbbb16e287df160344f5f7a54b1834be2b0fda0089470a3

  • SSDEEP

    24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijg:1nuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetdefense_evasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Drops startup file 3 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    defense_evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277N.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2552
  • C:\Windows\system32\FXSCOVER.exe
    C:\Windows\system32\FXSCOVER.exe
    1⤵
      PID:2744
    • C:\Users\Admin\AppData\Local\5ownx3\FXSCOVER.exe
      C:\Users\Admin\AppData\Local\5ownx3\FXSCOVER.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2736
    • C:\Windows\system32\sethc.exe
      C:\Windows\system32\sethc.exe
      1⤵
        PID:1004
      • C:\Users\Admin\AppData\Local\OnG1ANi\sethc.exe
        C:\Users\Admin\AppData\Local\OnG1ANi\sethc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2628
      • C:\Windows\system32\MpSigStub.exe
        C:\Windows\system32\MpSigStub.exe
        1⤵
          PID:2184
        • C:\Users\Admin\AppData\Local\uCdxw\MpSigStub.exe
          C:\Users\Admin\AppData\Local\uCdxw\MpSigStub.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1716

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\5ownx3\FXSCOVER.exe
          Filesize

          261KB

          MD5

          5e2c61be8e093dbfe7fc37585be42869

          SHA1

          ed46cda4ece3ef187b0cf29ca843a6c6735af6c0

          SHA256

          3d1719c1caa5d6b0358830a30713c43a9710fbf7bcedca20815be54d24aa9121

          SHA512

          90bf180c8f6e3d0286a19fcd4727f23925a39c90113db979e1b4bbf8f0491471ad26c877a6e2cf49638b14050d952a9ee02a3c1293129843ec6bba01bc325d0b

          Download Submit

        • C:\Users\Admin\AppData\Local\OnG1ANi\sethc.exe
          Filesize

          272KB

          MD5

          3bcb70da9b5a2011e01e35ed29a3f3f3

          SHA1

          9daecb1ee5d7cbcf46ee154dd642fcd993723a9b

          SHA256

          dd94bf73f0e3652b76cfb774b419ceaa2082bc7f30cc34e28dfa51952fa9ccb5

          SHA512

          69d231132f488fd7033349f232db1207f88f1d5cb84f5422adf0dd5fb7b373dada8fdfac7760b8845e5aab00a7ae56f24d66bbb8aa70c3c8de6ec5c31982b4df

          Download Submit

        • C:\Users\Admin\AppData\Local\uCdxw\MpSigStub.exe
          Filesize

          264KB

          MD5

          2e6bd16aa62e5e95c7b256b10d637f8f

          SHA1

          350be084477b1fe581af83ca79eb58d4defe260f

          SHA256

          d795968b8067bb610033fa4a5b21eb2f96cef61513aba62912b8eb5c6a5ff7b3

          SHA512

          1f37150f6bcbe0df54bb85a5ad585824cea9332baa9be1649a95c1dfb41723de85c09d98fb2ca8261a49c2184d3bda638b84b2b7b60b97fe42a15ab1620a2542

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ukatmrkmywz.lnk
          Filesize

          1KB

          MD5

          21593f791b1b57c8065ea7429a661081

          SHA1

          a4b089b0873159cad8e2e146e2ad65e9ef935e67

          SHA256

          9811d1d2dd53b803c1d3a0d65b919ef042f9690430d81af51c661ee70ddcf7ed

          SHA512

          a36d65d7f7d926536d8aa8e4cb9c2e7d8ce9190fddcd26cc22d2bdb13b780af6dc9423471308db9798c783e7e3c87f5f4d47d40bb759125a0ac226420fe0d622

          Download Submit

        • \Users\Admin\AppData\Local\5ownx3\MFC42u.dll
          Filesize

          1012KB

          MD5

          04a86763254bcfe50522822e44c93fe2

          SHA1

          fd402ce19899fddc4cf555cb8e265c8827c59c63

          SHA256

          beb539abf2aad9e6571520c50a75b8b2fec7393a697a7a73d738aa8058ea10b5

          SHA512

          919bcbce5469fb8b35431fc6d0ebbeb7d5ce2f7b16063f6f40217a7f72359a7b6f45b4980dbe2f9bed0de00d41f9985ace9a05ceb939eadcd9156bd159d5c527

          Download Submit

        • \Users\Admin\AppData\Local\OnG1ANi\UxTheme.dll
          Filesize

          988KB

          MD5

          212bdfe01d6d5a805e12f40478bd3f58

          SHA1

          616ee237178a66a19c5a8469564b4a825b2a9889

          SHA256

          7b4e039120fb15016dd4f99dff99123f053cd2a32ef0733765846a6ff21a9b86

          SHA512

          88b97d6df73bb339b6a6be9f3de9a66383408317a1960ceda0fcb880d20f1346937be848be2141e971ea357ac989f18090bf19afe08e633afc181c99ab7ba2a2

          Download Submit

        • \Users\Admin\AppData\Local\uCdxw\VERSION.dll
          Filesize

          984KB

          MD5

          e9b2cb2436ecb7652b966552690f2a15

          SHA1

          25a185d49877280a413d81c86e109c55f516099d

          SHA256

          ee4923f13d8730b909073e1efa9c657620fddd8949a812972ba07d327102b3ff

          SHA512

          c02c322c89a0190e491ad561a2f2e6c89df0edff303cfcbaf4d81b5291441d5b53471e772e30914b99a576a1877b6ff7c5bf728c0be2e022e0f1b3edf4f42f67

          Download Submit

        • memory/1208-13-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-25-0x0000000077760000-0x0000000077762000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1208-35-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-23-0x0000000002CE0000-0x0000000002CE7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1208-16-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-14-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-43-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-112-0x00000000774F6000-0x00000000774F7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-4-0x00000000774F6000-0x00000000774F7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-15-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-24-0x0000000077601000-0x0000000077602000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1208-22-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-12-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-11-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-39-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-9-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-8-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-7-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1208-5-0x0000000002D00000-0x0000000002D01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1716-99-0x000007FEF66C0000-0x000007FEF67B6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2552-10-0x000007FEF66C0000-0x000007FEF67B6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2552-3-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2552-0-0x000007FEF66C0000-0x000007FEF67B6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2628-74-0x000007FEF66C0000-0x000007FEF67B7000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2628-78-0x000007FEF66C0000-0x000007FEF67B7000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2628-73-0x00000000001A0000-0x00000000001A7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2736-52-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2736-53-0x000007FEF6D50000-0x000007FEF6E4D000-memory.dmp

          Filesize

          1012KB

          Download

        • memory/2736-57-0x000007FEF6D50000-0x000007FEF6E4D000-memory.dmp

          Filesize

          1012KB

          Download