Overview

overview

10

Static

static

3

138cd54735...77.dll

windows7-x64

10

138cd54735...77.dll

windows10-2004-x64

10

Resubmissions

27-01-2025 12:58

250127-p7vptazqcp 10

27-01-2025 03:53

250127-efybhsyrh1 10

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-01-2025 12:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277.dll

  • Size

    984KB

  • MD5

    89f99b617454ae1d26f9c5614f19fd30

  • SHA1

    43194372fae7b50a95e00580ce5d64134e4c1b7d

  • SHA256

    138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277

  • SHA512

    fb0445aba4301466b7c5d8dea9afbf87e0ab5d0bbbcee924d22af97700370f0dd13a80691ab322ffabbbb16e287df160344f5f7a54b1834be2b0fda0089470a3

  • SSDEEP

    24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijg:1nuVMK6vx2RsIKNrj

Score
10/10
dridexbotnetdefense_evasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    defense_evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\138cd54735f5ce4b638c5bb68c9e0bf5776cf81d776e46592ef10a9bc58b0277.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3264
  • C:\Windows\system32\CameraSettingsUIHost.exe
    C:\Windows\system32\CameraSettingsUIHost.exe
    1⤵
      PID:1956
    • C:\Users\Admin\AppData\Local\9lNBTl7\CameraSettingsUIHost.exe
      C:\Users\Admin\AppData\Local\9lNBTl7\CameraSettingsUIHost.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2896
    • C:\Windows\system32\PresentationHost.exe
      C:\Windows\system32\PresentationHost.exe
      1⤵
        PID:392
      • C:\Users\Admin\AppData\Local\9WYg4j\PresentationHost.exe
        C:\Users\Admin\AppData\Local\9WYg4j\PresentationHost.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1384
      • C:\Windows\system32\raserver.exe
        C:\Windows\system32\raserver.exe
        1⤵
          PID:2748
        • C:\Users\Admin\AppData\Local\OHOImJ\raserver.exe
          C:\Users\Admin\AppData\Local\OHOImJ\raserver.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3076

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\9WYg4j\PresentationHost.exe
          Filesize

          276KB

          MD5

          ef27d65b92d89e8175e6751a57ed9d93

          SHA1

          7279b58e711b459434f047e9098f9131391c3778

          SHA256

          17d6dcfaced6873a4ac0361ff14f48313f270ac9c465e9f02b5c12b5a5274c48

          SHA512

          40f46c3a131bb0388b8a3f7aee422936f6e2aa8d2cda547c43c4e7979c163d06c5aa20033a5156d3eeee5d455eeb929cbce89bcc8bb1766cbb65d7f03dd23e2e

          Download Submit

        • C:\Users\Admin\AppData\Local\9WYg4j\VERSION.dll
          Filesize

          984KB

          MD5

          dd84fcb6687d4fb83a63b4e6e961549d

          SHA1

          3f2bf9852ef96fa25911f2ca94d600e1771ae881

          SHA256

          8210fc1cbe6b90651ff873e7b294b12fd0fcc0bbcd49ddd675aa855c9a6cee4e

          SHA512

          ee0bacfba1d3cb5ca806d9683ad02c75cc45cc77bc408594a2eee0361c1804cf409d0f6e9ae8954d33c96893252b937f215edf037f0efc7a6f41d800df34f937

          Download Submit

        • C:\Users\Admin\AppData\Local\9lNBTl7\CameraSettingsUIHost.exe
          Filesize

          31KB

          MD5

          9e98636523a653c7a648f37be229cf69

          SHA1

          bd4da030e7cf4d55b7c644dfacd26b152e6a14c4

          SHA256

          3bf20bc5a208dfa1ea26a042fd0010b1268dcfedc94ed775f11890bc1d95e717

          SHA512

          41966166e2ddfe40e6f4e6da26bc490775caac9997465c6dd94ba6a664d3a797ffc2aa5684c95702e8657e5cea62a46a75aee3e7d5e07a47dcaaa5c4da565e78

          Download Submit

        • C:\Users\Admin\AppData\Local\9lNBTl7\DUI70.dll
          Filesize

          1.2MB

          MD5

          7fd0536632d926cb1cdd8dd97e45dda3

          SHA1

          75ac0766b4df3e9d5e467174a39764b9d47a5265

          SHA256

          bef36185b470202d3d9432cda413c72638d755fea11c131aa8bf22d99dbd6bda

          SHA512

          45bdb0f5d6d58a598745ef40b078849dbc86ba89c968129dc413c2dcc31258a76e6078651c5c21391b9a650ade04dc463e87e738e606cedfab7abae9c466552a

          Download Submit

        • C:\Users\Admin\AppData\Local\OHOImJ\WTSAPI32.dll
          Filesize

          988KB

          MD5

          a5a5ef38fb5537960707f8fc3baf3e9f

          SHA1

          20b7876e086d6cf70fb280d972ab8b544742aabb

          SHA256

          46526946fc0f68bb5f0cf6594631d6191d6b5742ad9fc11554b4a6926883237a

          SHA512

          6562097f4ee1134571b0ca96cac7b016ab132fbf53eb9f1032b61fe22ba0bc48dc323bb90d137b016bdffee3b3f0173e8c9c2017191e5ec1ffa48780d9de683c

          Download Submit

        • C:\Users\Admin\AppData\Local\OHOImJ\raserver.exe
          Filesize

          132KB

          MD5

          d1841c6ee4ea45794ced131d4b68b60e

          SHA1

          4be6d2116060d7c723ac2d0b5504efe23198ea01

          SHA256

          38732626242988cc5b8f97fe8d3b030d483046ef66ea90d7ea3607f1adc0600d

          SHA512

          d8bad215872c5956c6e8acac1cd3ad19b85f72b224b068fb71cfd1493705bc7d3390853ba923a1aa461140294f8793247df018484a378e4f026c2a12cb3fa5c9

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Svhpdc.lnk
          Filesize

          1KB

          MD5

          72e1d06d28846abfde8095dac3fe7ab0

          SHA1

          15e700c469faf5e7084dd8cc79e2d789284a6902

          SHA256

          83c4020e2ef478c47c77b9451ca6e000c0a86e9f51fc62151ecec12ba3fb811c

          SHA512

          fd6bc7f9afefc5186b42ddeea4551c5ea4866440e35603bdd22f4c0231d00eed1d4812c1313d7c6fd760a35e24ead1fa40c2f389a61cc58313f3be909f9d9763

          Download Submit

        • memory/1384-61-0x00007FF939850000-0x00007FF939946000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1384-64-0x000002612BD20000-0x000002612BD27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1384-67-0x00007FF939850000-0x00007FF939946000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2896-44-0x000001ACCD530000-0x000001ACCD537000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2896-50-0x00007FF92A050000-0x00007FF92A18C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2896-45-0x00007FF92A050000-0x00007FF92A18C000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3076-78-0x00007FF939850000-0x00007FF939947000-memory.dmp

          Filesize

          988KB

          Download

        • memory/3076-83-0x00007FF939850000-0x00007FF939947000-memory.dmp

          Filesize

          988KB

          Download

        • memory/3264-12-0x00007FF9394D0000-0x00007FF9395C6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3264-0-0x00007FF9394D0000-0x00007FF9395C6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3264-3-0x000002A604DA0000-0x000002A604DA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3432-23-0x0000000000AA0000-0x0000000000AA7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3432-15-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-8-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-9-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-10-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-11-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-13-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-16-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-33-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-35-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-24-0x00007FF948100000-0x00007FF948110000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3432-22-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-14-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-7-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3432-4-0x00007FF946C1A000-0x00007FF946C1B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3432-5-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

          Filesize

          4KB

          Download