Overview

overview

10

Static

static

3

123a833c6a...ff.dll

windows7-x64

10

123a833c6a...ff.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2025 14:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.dll

  • Size

    984KB

  • MD5

    f5e2ec95b6d3d591609351b2c32c15fc

  • SHA1

    56ff4415603201d5367280e88348a56f24e4863b

  • SHA256

    123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff

  • SHA512

    ccd2977e2a21ea3f8c0ca0774f84af450813a9b338dcf31e59ae377f7cca9206e64f7be2e756ead7abcc61114b7d1a20480bec7dca56e6252d264fbc824f6fc0

  • SSDEEP

    24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijgx:1nuVMK6vx2RsIKNrjE

Score
10/10
dridexbotnetdefense_evasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    defense_evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2520
  • C:\Windows\system32\RDVGHelper.exe
    C:\Windows\system32\RDVGHelper.exe
    1⤵
      PID:2804
    • C:\Users\Admin\AppData\Local\eNEBEyRPG\RDVGHelper.exe
      C:\Users\Admin\AppData\Local\eNEBEyRPG\RDVGHelper.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2792
    • C:\Windows\system32\msdt.exe
      C:\Windows\system32\msdt.exe
      1⤵
        PID:2808
      • C:\Users\Admin\AppData\Local\8Dix9sx\msdt.exe
        C:\Users\Admin\AppData\Local\8Dix9sx\msdt.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2608
      • C:\Windows\system32\wisptis.exe
        C:\Windows\system32\wisptis.exe
        1⤵
          PID:2480
        • C:\Users\Admin\AppData\Local\uXHT31FpC\wisptis.exe
          C:\Users\Admin\AppData\Local\uXHT31FpC\wisptis.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2600

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\8Dix9sx\UxTheme.dll
          Filesize

          988KB

          MD5

          725ea464131653fdac83202999f4de66

          SHA1

          207daa3bcca4d7bc88b45453ff1c4e185faee1dd

          SHA256

          849809ceaf32e21a516290a9e7a8e74d800f198e4768b274b0ae4e515e6c4fb6

          SHA512

          b10d32bc21f0cc0ab320dd03198874f1fab76d1c545b2e940059be2098520580b18833df178f20a7eacd5cab26d59b35f3f19c38a6e39132dbe869e6109d3ef4

          Download Submit

        • C:\Users\Admin\AppData\Local\eNEBEyRPG\RDVGHelper.exe
          Filesize

          93KB

          MD5

          53fda4af81e7c4895357a50e848b7cfe

          SHA1

          01fb2d0210f1c47aaf684e31a9fb78f89bba9c0f

          SHA256

          62ab8c2c5b5bd84fd07e96b6a3b87a4ea56946107ed9b7f8076580ae1fefd038

          SHA512

          dbbda90a57d27160c5a3a5e4e94cfc43b1663fcbfe424fdec851e52356f61492bdcf677c46be8aa4e8ccc8be7c389b6aa7bbbce8447e1fae32f03e5e409f4051

          Download Submit

        • C:\Users\Admin\AppData\Local\eNEBEyRPG\WTSAPI32.dll
          Filesize

          988KB

          MD5

          50ef5f673bd8837909d3fbb413db9686

          SHA1

          4ef4ee0cc1ebb8b5cebdef28a3632acea548fb06

          SHA256

          4bb9368847dca8879fd547db282411e808df9cfd72745300881d9ba5f0c283b0

          SHA512

          e807753e17344f11737fc0bcc70165bb78c34f87662a6997b63d26692c3831c0a32b674bbaa50efe8afe44ab0d1bf144e75aacb5aa8ef4e4be740f93af6f4833

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Adlnwv.lnk
          Filesize

          689B

          MD5

          9fc721aec78c56261d51978dc1f02dbe

          SHA1

          14176ec8bbcd7df748edef5c691860bf98c66eb4

          SHA256

          5d76f3296653b30ffd6d6476ab0f39fc19f9f1eddeb15d5ae8d4df4116f9b232

          SHA512

          646d6be8804483feb6ad35736a3a9d11ff07cd68a5280ec72a49e98e2f69cae2bb88b7802cf9d38aa8bb827fe72e595aea6a5b993472857d9e9d1d2e50feb577

          Download Submit

        • \Users\Admin\AppData\Local\8Dix9sx\msdt.exe
          Filesize

          1.0MB

          MD5

          aecb7b09566b1f83f61d5a4b44ae9c7e

          SHA1

          3a4a2338c6b5ac833dc87497e04fe89c5481e289

          SHA256

          fbdbe7a2027cab237c4635ef71c1a93cf7afc4b79d56b63a119b7f8e3029ccf5

          SHA512

          6e14200262e0729ebcab2226c3eac729ab5af2a4c6f4f9c3e2950cc203387d9a0a447cf38665c724d4397353931fd10064dc067e043a3579538a6144e33e4746

          Download Submit

        • \Users\Admin\AppData\Local\uXHT31FpC\HID.DLL
          Filesize

          988KB

          MD5

          b95ed54607b2a5025ce92a6fa045b54b

          SHA1

          32145772cdf8347be88e5c89ee34e82fa64c28aa

          SHA256

          3e19b68463941464c3351aa5007dae971be998ba5fcac77d3ae3fa3dd5900cc4

          SHA512

          9ace50b94155d4d3f158a8dc8b3fe5dcfd4ccf928ac741fe6df929ad63b7a413bdbb8d9216f15fd875ca2022a52bcc0d3d43b9c56d117e12b27fc4503e8cb046

          Download Submit

        • \Users\Admin\AppData\Local\uXHT31FpC\wisptis.exe
          Filesize

          396KB

          MD5

          02e20372d9d6d28e37ba9704edc90b67

          SHA1

          d7d18ba0df95c3507bf20be8d72e25c5d11ab40c

          SHA256

          3338129ddf6fb53d6e743c10bc39ec372d9b2c39c607cbe8a71cff929f854144

          SHA512

          bcad8894614dcfc1429be04829c217e7c8ac3c40ea3927073de3421d96d9815739ee1b84f0200eb18b3b8406b972bd934204b7b31638c9fe7c297fb201ed4200

          Download Submit

        • memory/1188-8-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-11-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-107-0x0000000076ED6000-0x0000000076ED7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-7-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-24-0x00000000770E1000-0x00000000770E2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-23-0x0000000002ED0000-0x0000000002ED7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1188-22-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-16-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-15-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-14-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-27-0x0000000077240000-0x0000000077242000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1188-34-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-39-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-38-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-4-0x0000000076ED6000-0x0000000076ED7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-9-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-5-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1188-13-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1188-12-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2520-10-0x000007FEF61A0000-0x000007FEF6296000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2520-0-0x000007FEF61A0000-0x000007FEF6296000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2520-3-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2600-93-0x000007FEF61A0000-0x000007FEF6297000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2608-75-0x000007FEF61A0000-0x000007FEF6297000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2608-71-0x000007FEF61A0000-0x000007FEF6297000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2608-70-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2792-52-0x000007FEF67A0000-0x000007FEF6897000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2792-57-0x0000000000100000-0x0000000000107000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2792-58-0x000007FEF67A0000-0x000007FEF6897000-memory.dmp

          Filesize

          988KB

          Download