Overview

overview

10

Static

static

3

138cd54735...7N.dll

windows7-x64

10

138cd54735...7N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2025 00:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277N.dll

  • Size

    984KB

  • MD5

    89f99b617454ae1d26f9c5614f19fd30

  • SHA1

    43194372fae7b50a95e00580ce5d64134e4c1b7d

  • SHA256

    138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277

  • SHA512

    fb0445aba4301466b7c5d8dea9afbf87e0ab5d0bbbcee924d22af97700370f0dd13a80691ab322ffabbbb16e287df160344f5f7a54b1834be2b0fda0089470a3

  • SSDEEP

    24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijg:1nuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetdefense_evasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    defense_evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277N.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:592
  • C:\Windows\system32\lpksetup.exe
    C:\Windows\system32\lpksetup.exe
    1⤵
      PID:2748
    • C:\Users\Admin\AppData\Local\uLESwCEUe\lpksetup.exe
      C:\Users\Admin\AppData\Local\uLESwCEUe\lpksetup.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2696
    • C:\Windows\system32\mstsc.exe
      C:\Windows\system32\mstsc.exe
      1⤵
        PID:1728
      • C:\Users\Admin\AppData\Local\8gPHWVs\mstsc.exe
        C:\Users\Admin\AppData\Local\8gPHWVs\mstsc.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2728
      • C:\Windows\system32\rdrleakdiag.exe
        C:\Windows\system32\rdrleakdiag.exe
        1⤵
          PID:2668
        • C:\Users\Admin\AppData\Local\pUY\rdrleakdiag.exe
          C:\Users\Admin\AppData\Local\pUY\rdrleakdiag.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2156

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\pUY\VERSION.dll
          Filesize

          984KB

          MD5

          f9d538b6e820c37fc1a397ce39256d97

          SHA1

          9cfae9ddc093e896c789dda2de71a3cae0cabc51

          SHA256

          27863fbd39b69b0bd6e334f9bb364bbfb3bcef5dc8c47c4bc89b1e9d2ad5082b

          SHA512

          457fe0d9f38232340dbf80592a50680297d20d76dd467e81ef83b0e287b81fadf0ffec27991f21fe62b817e09185ba88e2bc4f0d7837e0c565f73555e9143c73

          Download Submit

        • C:\Users\Admin\AppData\Local\uLESwCEUe\dpx.dll
          Filesize

          984KB

          MD5

          097b143f0e851dbce77c29ea74f0fdbf

          SHA1

          23fde08cdd91c71c03de2be0c250f18988570e9d

          SHA256

          269fdf61bfdf2509ecc9e4285b8f02333c061de564801688dad7e6150dc2cd7b

          SHA512

          f0406f1e01b5562078cd2c6e96576b58a411319ea5c631be4e6ec14757f89f5c4b38b4be9c2d2f73646f3a7f0eb11a1557e185afa84f27fdd7f591cb11c02c33

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Wbvsyha.lnk
          Filesize

          1KB

          MD5

          d8ece32817e0d44addafad516f1f048e

          SHA1

          0c39afc7464d463d4a8a9fe7450c4420ee57217b

          SHA256

          43f963831812cf00ce239b086a591d3589edd19f7e5f85f2970d3446424e918d

          SHA512

          f80d260309a274ac191735b081eeb15105f24ec4f4d5cca243ffc59c43376b81ba6ceb5d4cd33717461833df9c6044b4d33db3c6ff7ea403fba3ac764052a61d

          Download Submit

        • \Users\Admin\AppData\Local\8gPHWVs\Secur32.dll
          Filesize

          988KB

          MD5

          10691a4b5a5392ccf4aa7cd1bc38aa46

          SHA1

          a774d346f04458a7b01a9f2afa523da708b4738c

          SHA256

          563af9f8f73e662d924ca9826dc571d415bf5c0558a2c02981c30a71ea982840

          SHA512

          89c5a35dd6905c114988b7b1b394738b3be8b43104e80fca63692d92b4a4a654acb23bf0eb596fa42ba3dca4e612c7454bb5063060e5b3e59cc69d07f0304f95

          Download Submit

        • \Users\Admin\AppData\Local\8gPHWVs\mstsc.exe
          Filesize

          1.1MB

          MD5

          50f739538ef014b2e7ec59431749d838

          SHA1

          b439762b8efe8cfb977e7374c11a7e4d8ed05eb3

          SHA256

          85c510c7fa8d64c70886ea01ec99e7b9064594f021a95b4cf88359421e732be3

          SHA512

          02e231ddc4ac012c597b9db42f8a77fbf35ca8253c030d443a0dd4db3d76a9ee1cced600f12d7bb06305e7a4da4a8fda980faad335adcb12738d80d453cb3cc8

          Download Submit

        • \Users\Admin\AppData\Local\pUY\rdrleakdiag.exe
          Filesize

          39KB

          MD5

          5e058566af53848541fa23fba4bb5b81

          SHA1

          769ce3bfc45e4d56ed01dbeeeca7be22f9b9eed6

          SHA256

          ae83b050fa722da7e4b19fc3d534f0126b1ec055643bb1f267b85b55160f4409

          SHA512

          352029cf0af7583a4c525cfd1da7467446bac410a885b2768d8052f39577ccce85b21d5bd946be6bf8341e7308c8e4f645e4d79232b93aaf6a92d6cd55f598d0

          Download Submit

        • \Users\Admin\AppData\Local\uLESwCEUe\lpksetup.exe
          Filesize

          638KB

          MD5

          50d28f3f8b7c17056520c80a29efe17c

          SHA1

          1b1e62be0a0bdc9aec2e91842c35381297d8f01e

          SHA256

          71613ea48467d1a0b00f8bcaed270b7527fc5771f540a8eb0515b3a5fdc8604f

          SHA512

          92bc60402aacf1a62e47335adf8696a5c0d31637e624628d82b6ec1f17e1ee65ae8edf7e8dcd10933f59c892a4a74d8e461945df0991b706a4a53927c5fd3861

          Download Submit

        • memory/592-0-0x000007FEF67E0000-0x000007FEF68D6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/592-11-0x000007FEF67E0000-0x000007FEF68D6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/592-1-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1112-7-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-8-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-23-0x0000000002540000-0x0000000002547000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1112-22-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-16-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-15-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-14-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-25-0x0000000077060000-0x0000000077062000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1112-34-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-39-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-38-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-13-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-43-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-24-0x0000000076F01000-0x0000000076F02000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1112-4-0x0000000076CF6000-0x0000000076CF7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1112-106-0x0000000076CF6000-0x0000000076CF7000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1112-5-0x0000000002560000-0x0000000002561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1112-9-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-10-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1112-12-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2156-87-0x000007FEF62C0000-0x000007FEF63B6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2156-92-0x000007FEF62C0000-0x000007FEF63B6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2696-52-0x000007FEF6E00000-0x000007FEF6EF6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2696-56-0x0000000000290000-0x0000000000297000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2696-57-0x000007FEF6E00000-0x000007FEF6EF6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2728-74-0x0000000000130000-0x0000000000137000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2728-75-0x000007FEF67E0000-0x000007FEF68D7000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2728-69-0x000007FEF67E0000-0x000007FEF68D7000-memory.dmp

          Filesize

          988KB

          Download