Overview

overview

10

Static

static

3

123a833c6a...ff.dll

windows7-x64

10

123a833c6a...ff.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-01-2025 13:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.dll

  • Size

    984KB

  • MD5

    f5e2ec95b6d3d591609351b2c32c15fc

  • SHA1

    56ff4415603201d5367280e88348a56f24e4863b

  • SHA256

    123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff

  • SHA512

    ccd2977e2a21ea3f8c0ca0774f84af450813a9b338dcf31e59ae377f7cca9206e64f7be2e756ead7abcc61114b7d1a20480bec7dca56e6252d264fbc824f6fc0

  • SSDEEP

    24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijgx:1nuVMK6vx2RsIKNrjE

Score
10/10
dridexbotnetdefense_evasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    defense_evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:4080
  • C:\Windows\system32\raserver.exe
    C:\Windows\system32\raserver.exe
    1⤵
      PID:3308
    • C:\Users\Admin\AppData\Local\Kk9Pk\raserver.exe
      C:\Users\Admin\AppData\Local\Kk9Pk\raserver.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3208
    • C:\Windows\system32\wermgr.exe
      C:\Windows\system32\wermgr.exe
      1⤵
        PID:2416
      • C:\Users\Admin\AppData\Local\ww6O\wermgr.exe
        C:\Users\Admin\AppData\Local\ww6O\wermgr.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1856
      • C:\Windows\system32\Utilman.exe
        C:\Windows\system32\Utilman.exe
        1⤵
          PID:4884
        • C:\Users\Admin\AppData\Local\VmVMzZ\Utilman.exe
          C:\Users\Admin\AppData\Local\VmVMzZ\Utilman.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4796

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Kk9Pk\WTSAPI32.dll
          Filesize

          988KB

          MD5

          346180e36377afd29a5f4e05d8ffe0e3

          SHA1

          6fd12c02f82dad6023419c67bf7be1957f70374a

          SHA256

          6ec0c2ea653bce881e68ac4490ceeeca6039f97aefec730bd6f56455d2cdbb03

          SHA512

          59736aa1713cf645884a78b138d7677af02798c8a0b873df5908419607b5f3f4f82f7dc29ff00bf78aa5f4bcdda41a77c37ddbca89fd141d3d05680ddd08f274

          Download Submit

        • C:\Users\Admin\AppData\Local\Kk9Pk\raserver.exe
          Filesize

          132KB

          MD5

          d1841c6ee4ea45794ced131d4b68b60e

          SHA1

          4be6d2116060d7c723ac2d0b5504efe23198ea01

          SHA256

          38732626242988cc5b8f97fe8d3b030d483046ef66ea90d7ea3607f1adc0600d

          SHA512

          d8bad215872c5956c6e8acac1cd3ad19b85f72b224b068fb71cfd1493705bc7d3390853ba923a1aa461140294f8793247df018484a378e4f026c2a12cb3fa5c9

          Download Submit

        • C:\Users\Admin\AppData\Local\VmVMzZ\OLEACC.dll
          Filesize

          984KB

          MD5

          b18365129628600168303f27ef9f15e8

          SHA1

          d1025e61800497873dbe382f9b4a7e95ac9c270b

          SHA256

          09e810fd4f44112850223b46dee16a66df79ff8ea36e152dd53394e4587598a6

          SHA512

          3ad63e53fe74bcd4759d04d76b3a48df02caa6135d07b02f5741d8ab179f56168e653f05b1478af0c48172025cc73d3a2955016279d2d1edba895b3ce51d5973

          Download Submit

        • C:\Users\Admin\AppData\Local\VmVMzZ\Utilman.exe
          Filesize

          123KB

          MD5

          a117edc0e74ab4770acf7f7e86e573f7

          SHA1

          5ceffb1a5e05e52aafcbc2d44e1e8445440706f3

          SHA256

          b5bc4fce58403ea554691db678e6c8c448310fe59990990f0e37cd4357567d37

          SHA512

          72883f794ff585fe7e86e818d4d8c54fa9781cab6c3fac6f6956f58a016a91f676e70d14691cbe054ae7b7469c6b4783152fbb694e92b940d9e3595fe3f41d97

          Download Submit

        • C:\Users\Admin\AppData\Local\ww6O\wer.dll
          Filesize

          992KB

          MD5

          7f619b8949b3cf65e9b15815f3868dc8

          SHA1

          77e92c472f481c9cbcb39e997320817b65c4bf31

          SHA256

          5121b12eeb54e748030d599edab100ecf483160ac66109d3c0bbea2c59ee64aa

          SHA512

          f90a48b74e65d1dda07d6ea8b390aa86f9d6251d5d6a6151ebb72c9014eaa557cd366e0dc08553b6fcab9786f5ff690a75d0ffd814a3ee36f11bb717db3b1d42

          Download Submit

        • C:\Users\Admin\AppData\Local\ww6O\wermgr.exe
          Filesize

          223KB

          MD5

          f7991343cf02ed92cb59f394e8b89f1f

          SHA1

          573ad9af63a6a0ab9b209ece518fd582b54cfef5

          SHA256

          1c09759dcd31fdc81bcd6685438d7efb34e0229f1096bfd57d41ecfe614d07dc

          SHA512

          fa3cf314100f5340c7d0f6a70632a308fcadb4b48785753310a053a510169979a89637b8b4fedf4d3690db6b8b55146e323cad70d704c4e2ede4edff5284237d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fkasxldymr.lnk
          Filesize

          1KB

          MD5

          c93ac3896c69b6674421c2582234c825

          SHA1

          f626465f9bf77af9b150efb47d84736d6e1ae09f

          SHA256

          e36c6218cc2ee544c74f1ebd24147c6907445373df619fdd78ebf975cd0dd87a

          SHA512

          c7a568073e8a7e18a0bc8515ed9fc0e9982a264ea4fe6818526f0c824a8be0bebde3901ef215a58667ced8fbfe1d0d0a2414b7541587cc17f124a6dfea6da07a

          Download Submit

        • memory/1856-61-0x00007FFCD7380000-0x00007FFCD7478000-memory.dmp

          Filesize

          992KB

          Download

        • memory/1856-67-0x00007FFCD7380000-0x00007FFCD7478000-memory.dmp

          Filesize

          992KB

          Download

        • memory/1856-66-0x000001CAECF70000-0x000001CAECF77000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3208-50-0x00007FFCD7380000-0x00007FFCD7477000-memory.dmp

          Filesize

          988KB

          Download

        • memory/3208-44-0x000001DB5DD20000-0x000001DB5DD27000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3208-45-0x00007FFCD7380000-0x00007FFCD7477000-memory.dmp

          Filesize

          988KB

          Download

        • memory/3440-14-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-8-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-35-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-26-0x00007FFCE62A0000-0x00007FFCE62B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3440-33-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-22-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-11-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-10-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-9-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-13-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-7-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-5-0x0000000002890000-0x0000000002891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3440-4-0x00007FFCE448A000-0x00007FFCE448B000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3440-15-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-16-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3440-25-0x0000000000A40000-0x0000000000A47000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4080-1-0x00007FFCD7080000-0x00007FFCD7176000-memory.dmp

          Filesize

          984KB

          Download

        • memory/4080-0-0x000002677FD00000-0x000002677FD07000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4080-12-0x00007FFCD7080000-0x00007FFCD7176000-memory.dmp

          Filesize

          984KB

          Download

        • memory/4796-83-0x00007FFCD7080000-0x00007FFCD7176000-memory.dmp

          Filesize

          984KB

          Download