Overview

overview

10

Static

static

3

138cd54735...7N.dll

windows7-x64

10

138cd54735...7N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2025 14:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277N.dll

  • Size

    984KB

  • MD5

    89f99b617454ae1d26f9c5614f19fd30

  • SHA1

    43194372fae7b50a95e00580ce5d64134e4c1b7d

  • SHA256

    138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277

  • SHA512

    fb0445aba4301466b7c5d8dea9afbf87e0ab5d0bbbcee924d22af97700370f0dd13a80691ab322ffabbbb16e287df160344f5f7a54b1834be2b0fda0089470a3

  • SSDEEP

    24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijg:1nuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetdefense_evasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    defense_evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277N.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4320
  • C:\Windows\system32\mmc.exe
    C:\Windows\system32\mmc.exe
    1⤵
      PID:528
    • C:\Users\Admin\AppData\Local\LF7PC\mmc.exe
      C:\Users\Admin\AppData\Local\LF7PC\mmc.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:1668
    • C:\Windows\system32\Magnify.exe
      C:\Windows\system32\Magnify.exe
      1⤵
        PID:1880
      • C:\Users\Admin\AppData\Local\zkQQjbnzj\Magnify.exe
        C:\Users\Admin\AppData\Local\zkQQjbnzj\Magnify.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2012
      • C:\Windows\system32\msdt.exe
        C:\Windows\system32\msdt.exe
        1⤵
          PID:3004
        • C:\Users\Admin\AppData\Local\Z3oVws\msdt.exe
          C:\Users\Admin\AppData\Local\Z3oVws\msdt.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4404

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\LF7PC\UxTheme.dll
          Filesize

          988KB

          MD5

          8cf2d12f6e31c12a78fe09d7b9ce1f68

          SHA1

          bad18d11a5a10e680c3ac39eb774862f93907f2b

          SHA256

          7dd37ef1b8f75bb0671ec4abb8fbce312188acecab79d9b7819e5a9042a32089

          SHA512

          b1a77879de76089e0f5496a7a5ff94b7ebbe13867b19a78d7a27d21116ddbf763da859f350fd7487e179d46369a006551ce8b0401a566eab2a37ee246d97aa35

          Download Submit

        • C:\Users\Admin\AppData\Local\LF7PC\mmc.exe
          Filesize

          1.8MB

          MD5

          8c86b80518406f14a4952d67185032d6

          SHA1

          9269f1fbcf65fefbc88a2e239519c21efe0f6ba5

          SHA256

          895eef1eda5700a425934ae3782d4741dfefb7deafa53891bde490150187b98a

          SHA512

          1bbdaa3ae8b5716ad2bd517055533e286ddb8a6c23cbc7aa602143dbb1ae132b513088ab61527c49737c554269c51416cceb80206ac8128ac6b003f1864eb099

          Download Submit

        • C:\Users\Admin\AppData\Local\Z3oVws\DUser.dll
          Filesize

          992KB

          MD5

          baa46ce655868134a9ac10c868b5d01d

          SHA1

          d08a936517bb4922d3b84bd57ced1659b30781f2

          SHA256

          f97259c071dad0340dad5cbc51420fd6ff60285852cf15881452f382ea5d6178

          SHA512

          3e4bf23b98a7d97c3aa85553547520a3e95fac1a14299b15be7e18f9d9c058c7be7e2f8ad90e80a96b25e4ad79619010ee26d942daa5500a45ba29f35c33eed2

          Download Submit

        • C:\Users\Admin\AppData\Local\Z3oVws\msdt.exe
          Filesize

          421KB

          MD5

          992c3f0cc8180f2f51156671e027ae75

          SHA1

          942ec8c2ccfcacd75a1cd86cbe8873aee5115e29

          SHA256

          6859d1b5d1beaa2985b298f3fcee67f0aac747687a9dec2b4376585e99e9756f

          SHA512

          1f1b8d39e29274cfc87a9ef1510adb9c530086a421c121523376731c8933c6e234e9146310d3767ce888a8dce7a5713221f4d25e5b7b6398d06ae2be2b99eadf

          Download Submit

        • C:\Users\Admin\AppData\Local\zkQQjbnzj\Magnify.exe
          Filesize

          639KB

          MD5

          4029890c147e3b4c6f41dfb5f9834d42

          SHA1

          10d08b3f6dabe8171ca2dd52e5737e3402951c75

          SHA256

          57137f784594793dc0669042ccd3a71ddbfedeb77da6d97173d82613e08add4d

          SHA512

          dbdc60f8692f13c23dbed0b76e9c6758a5b413bd6aaf4e4d0ba74e69c0871eb759da95c3f85a31d972388b545dcf3bb8abbcbedd29a1e7e48c065130b98b893d

          Download Submit

        • C:\Users\Admin\AppData\Local\zkQQjbnzj\dwmapi.dll
          Filesize

          988KB

          MD5

          a2f276c0d30263d532aed94a849a9357

          SHA1

          ebef68c77f5dd2081b07760da1a9ce7a0a550aa7

          SHA256

          a20d4a162aa6076321be8eef891a0db8c06afcf839867b4fe662a35f9d4a32f4

          SHA512

          19187ed9d12fc0e2daa858f6fe8c9e7b4762ba349c18fde85c82ac24d6faff27174d042bc188b94a470a5238e7fcce08b21206bf440706f0108cf5ba4203eaef

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ehuvmtvuxjwd.lnk
          Filesize

          1KB

          MD5

          073523a2f00e7cfc5774ed3bd8cb2dce

          SHA1

          945b5469fae6fe4cd36395c4256cf665de2fee2d

          SHA256

          d4daabc3419b840a6a6893910571aa7af9d8f0f88bca03d813a17f156d771f08

          SHA512

          d2febc50bbad7271017aefa230ed33177fbc8c0533a963215152353ae13747a5072942682bccc7b7c6ea4e725dd84aaeefc205cbc558783798d3fed533c44737

          Download Submit

        • memory/1668-48-0x0000000002550000-0x0000000002557000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1668-49-0x00007FFD9E310000-0x00007FFD9E407000-memory.dmp

          Filesize

          988KB

          Download

        • memory/1668-45-0x00007FFD9E310000-0x00007FFD9E407000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2012-58-0x000002D3315B0000-0x000002D3315B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2012-64-0x00007FFD9EE90000-0x00007FFD9EF87000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2012-59-0x00007FFD9EE90000-0x00007FFD9EF87000-memory.dmp

          Filesize

          988KB

          Download

        • memory/3592-25-0x0000000001080000-0x0000000001087000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3592-14-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-22-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-12-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-26-0x00007FFDAD340000-0x00007FFDAD350000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3592-33-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-11-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-4-0x00007FFDAB54A000-0x00007FFDAB54B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3592-10-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-8-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-7-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-5-0x0000000002A60000-0x0000000002A61000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3592-15-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-35-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-13-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3592-16-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/4320-1-0x00007FFD9EE90000-0x00007FFD9EF86000-memory.dmp

          Filesize

          984KB

          Download

        • memory/4320-9-0x00007FFD9EE90000-0x00007FFD9EF86000-memory.dmp

          Filesize

          984KB

          Download

        • memory/4320-3-0x000001CD3F520000-0x000001CD3F527000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4404-80-0x00007FFD9EE90000-0x00007FFD9EF88000-memory.dmp

          Filesize

          992KB

          Download

        • memory/4404-75-0x00007FFD9EE90000-0x00007FFD9EF88000-memory.dmp

          Filesize

          992KB

          Download