Overview

overview

10

Static

static

3

138cd54735...77.dll

windows7-x64

10

138cd54735...77.dll

windows10-2004-x64

10

Resubmissions

27-01-2025 12:58

250127-p7vptazqcp 10

27-01-2025 03:53

250127-efybhsyrh1 10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-01-2025 03:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277.dll

  • Size

    984KB

  • MD5

    89f99b617454ae1d26f9c5614f19fd30

  • SHA1

    43194372fae7b50a95e00580ce5d64134e4c1b7d

  • SHA256

    138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277

  • SHA512

    fb0445aba4301466b7c5d8dea9afbf87e0ab5d0bbbcee924d22af97700370f0dd13a80691ab322ffabbbb16e287df160344f5f7a54b1834be2b0fda0089470a3

  • SSDEEP

    24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijg:1nuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetdefense_evasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Drops startup file 3 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    defense_evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3744
  • C:\Windows\system32\msdt.exe
    C:\Windows\system32\msdt.exe
    1⤵
      PID:976
    • C:\Users\Admin\AppData\Local\TAoGUj9TV\msdt.exe
      C:\Users\Admin\AppData\Local\TAoGUj9TV\msdt.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3368
    • C:\Windows\system32\LicensingUI.exe
      C:\Windows\system32\LicensingUI.exe
      1⤵
        PID:4700
      • C:\Users\Admin\AppData\Local\G8hXq\LicensingUI.exe
        C:\Users\Admin\AppData\Local\G8hXq\LicensingUI.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4548
      • C:\Windows\system32\FXSCOVER.exe
        C:\Windows\system32\FXSCOVER.exe
        1⤵
          PID:3624
        • C:\Users\Admin\AppData\Local\A26\FXSCOVER.exe
          C:\Users\Admin\AppData\Local\A26\FXSCOVER.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4680

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\A26\FXSCOVER.exe
          Filesize

          242KB

          MD5

          5769f78d00f22f76a4193dc720d0b2bd

          SHA1

          d62b6cab057e88737cba43fe9b0c6d11a28b53e8

          SHA256

          40e8e6dabfa1485b11cdccf220eb86eeaa8256e99e344cf2b2098d4cdb788a31

          SHA512

          b4b3448a2635b21690c71254d964832e89bf947f7a0d32e79dcc84730f11d4afb4149a810a768878e52f88fc8baec45f1a2fec8e22c5301e9f39fe4fc6a57e3f

          Download Submit

        • C:\Users\Admin\AppData\Local\A26\MFC42u.dll
          Filesize

          1012KB

          MD5

          56bbff0b8acda583a16acb8705a97063

          SHA1

          27a6faebd654325fdd6376a75857b3e675fe49f3

          SHA256

          d4e7974f4cc6328ae7e9b895cd732139bf5a00dd7f0cfdd8ba3510ab3d9d6046

          SHA512

          d370b6b41179576e1c500c748c6123f552cf0d380eb838cb82d378ef6a3334af306682737a67d3001ebad363150fc7667c0fb70d7fe9ad1107c6d3d0222a3108

          Download Submit

        • C:\Users\Admin\AppData\Local\G8hXq\DUI70.dll
          Filesize

          1.2MB

          MD5

          b00f4194767b8ce4cc33230b744f56b0

          SHA1

          914142303a297050fd5a5e6ac5503f600d7ae656

          SHA256

          5a4a16a5cdcbde6968239a951e6fe6b5e2df381199ff0cea0ffbe1226c7d451f

          SHA512

          4c347507953be77b639e304731643adb4eb530df80a9a63d60bbde62de32e01d21e86495e8f36d900e64133ad8581ada8d288b27e102d8834a62899b914762f5

          Download Submit

        • C:\Users\Admin\AppData\Local\G8hXq\LicensingUI.exe
          Filesize

          142KB

          MD5

          8b4abc637473c79a003d30bb9c7a05e5

          SHA1

          d1cab953c16d4fdec2b53262f56ac14a914558ca

          SHA256

          0e9eb89aa0df9bb84a8f11b0bb3e9d89905355de34c91508968b4cb78bc3f6c5

          SHA512

          5a40c846c5b3a53ae09114709239d8238c322a7d3758b20ed3fc8e097fc1409f62b4990557c1192e894eabfa89741a9d88bd5175850d039b97dfdf380d1c6eeb

          Download Submit

        • C:\Users\Admin\AppData\Local\TAoGUj9TV\Secur32.dll
          Filesize

          988KB

          MD5

          30aa7e4c1d3ffee0bbb71701cf33fcfd

          SHA1

          d80bfc9fa7f362a42c5d8a4a27e10c9c73519e42

          SHA256

          4cb1b8d1e24ffbc758225f5321a15c6480080ed7989a74c8f869e7b3f780dbbd

          SHA512

          c044312f61b86f54a9d44696ca0fb886c80cddb1cee67286b9d6599c1570779edf3dde4dc45a2b6f736a698cedce6bcbfd7cabac983067e4408c2f2366e867c7

          Download Submit

        • C:\Users\Admin\AppData\Local\TAoGUj9TV\msdt.exe
          Filesize

          421KB

          MD5

          992c3f0cc8180f2f51156671e027ae75

          SHA1

          942ec8c2ccfcacd75a1cd86cbe8873aee5115e29

          SHA256

          6859d1b5d1beaa2985b298f3fcee67f0aac747687a9dec2b4376585e99e9756f

          SHA512

          1f1b8d39e29274cfc87a9ef1510adb9c530086a421c121523376731c8933c6e234e9146310d3767ce888a8dce7a5713221f4d25e5b7b6398d06ae2be2b99eadf

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Yxuzhivmkyvewy.lnk
          Filesize

          1KB

          MD5

          c3b25c7c936c538c0a3e406b03e22c31

          SHA1

          cde73ccb1b4ba8c90771696ee7391fb66ba3850f

          SHA256

          ddeeb9b2386593eb6a46a019c2686cfd6143e33149ee06daf9a5d829d989bb51

          SHA512

          671f0692048ddf79a0e12743546bf196de7b02cc792bf73d021a6585ecbb5810c40fbcb9ee1307883705a3acb98fafd5a1564e7f8e026dbb9ce3969960fd3ac5

          Download Submit

        • memory/3368-50-0x00007FFB93AC0000-0x00007FFB93BB7000-memory.dmp

          Filesize

          988KB

          Download

        • memory/3368-44-0x00007FFB93AC0000-0x00007FFB93BB7000-memory.dmp

          Filesize

          988KB

          Download

        • memory/3368-47-0x000001AA96DB0000-0x000001AA96DB7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3424-23-0x0000000000600000-0x0000000000607000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3424-35-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-5-0x0000000002760000-0x0000000002761000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3424-11-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-10-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-9-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-8-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-7-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-33-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-15-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-16-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-13-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-24-0x00007FFBA3120000-0x00007FFBA3130000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3424-22-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-14-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3424-4-0x00007FFBA161A000-0x00007FFBA161B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3744-0-0x00000181CF420000-0x00000181CF427000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3744-12-0x00007FFB93C70000-0x00007FFB93D66000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3744-1-0x00007FFB93C70000-0x00007FFB93D66000-memory.dmp

          Filesize

          984KB

          Download

        • memory/4548-67-0x00007FFB93C30000-0x00007FFB93D6C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4548-61-0x0000016C25030000-0x0000016C25037000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4548-62-0x00007FFB93C30000-0x00007FFB93D6C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4680-83-0x00007FFB94560000-0x00007FFB9465D000-memory.dmp

          Filesize

          1012KB

          Download

        • memory/4680-78-0x00007FFB94560000-0x00007FFB9465D000-memory.dmp

          Filesize

          1012KB

          Download