Overview

overview

10

Static

static

3

123a833c6a...ff.dll

windows7-x64

10

123a833c6a...ff.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2025 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.dll

  • Size

    984KB

  • MD5

    f5e2ec95b6d3d591609351b2c32c15fc

  • SHA1

    56ff4415603201d5367280e88348a56f24e4863b

  • SHA256

    123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff

  • SHA512

    ccd2977e2a21ea3f8c0ca0774f84af450813a9b338dcf31e59ae377f7cca9206e64f7be2e756ead7abcc61114b7d1a20480bec7dca56e6252d264fbc824f6fc0

  • SSDEEP

    24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijgx:1nuVMK6vx2RsIKNrjE

Score
10/10
dridexbotnetdefense_evasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    defense_evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:2364
  • C:\Windows\system32\wermgr.exe
    C:\Windows\system32\wermgr.exe
    1⤵
      PID:2196
    • C:\Users\Admin\AppData\Local\3Cx\wermgr.exe
      C:\Users\Admin\AppData\Local\3Cx\wermgr.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:2912
    • C:\Windows\system32\osk.exe
      C:\Windows\system32\osk.exe
      1⤵
        PID:2736
      • C:\Users\Admin\AppData\Local\M1fVyLtZ\osk.exe
        C:\Users\Admin\AppData\Local\M1fVyLtZ\osk.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2624
      • C:\Windows\system32\Netplwiz.exe
        C:\Windows\system32\Netplwiz.exe
        1⤵
          PID:1936
        • C:\Users\Admin\AppData\Local\ZxZ\Netplwiz.exe
          C:\Users\Admin\AppData\Local\ZxZ\Netplwiz.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1472

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\3Cx\wermgr.exe
          Filesize

          49KB

          MD5

          41df7355a5a907e2c1d7804ec028965d

          SHA1

          453263d230c6317eb4a2eb3aceeec1bbcf5e153d

          SHA256

          207bfec939e7c017c4704ba76172ee2c954f485ba593bc1bc8c7666e78251861

          SHA512

          59c9d69d3942543af4f387137226516adec1a4304bd5696c6c1d338f9e5f40d136450907351cce018563df1358e06a792005167f5c08c689df32d809c4cebdcf

          Download Submit

        • C:\Users\Admin\AppData\Local\M1fVyLtZ\osk.exe
          Filesize

          676KB

          MD5

          b918311a8e59fb8ccf613a110024deba

          SHA1

          a9a64a53d2d1c023d058cfe23db4c9b4fbe59d1b

          SHA256

          e1f7612086c2d01f15f2e74f1c22bc6abeb56f18e6bda058edce8d780aebb353

          SHA512

          e3a2480e546bf31509d6e0ffb5ce9dc5da3eb93a1a06d8e89b68165f2dd9ad520edac52af4c485c93fe6028dffaf7fcaadaafb04e524954dd117551afff87cf1

          Download Submit

        • C:\Users\Admin\AppData\Local\ZxZ\Netplwiz.exe
          Filesize

          26KB

          MD5

          e43ec3c800d4c0716613392e81fba1d9

          SHA1

          37de6a235e978ecf3bb0fc2c864016c5b0134348

          SHA256

          636606415a85a16a7e6c5c8fcbdf35494991bce1c37dfc19c75ecb7ce12dc65c

          SHA512

          176c6d8b87bc5a9ca06698e2542ff34d474bcbbf21278390127981366eda89769bd9dd712f3b34f4dd8332a0b40ee0e609276400f16b51999471c8ff24522a08

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Ukatmrkmywz.lnk
          Filesize

          1KB

          MD5

          478f89fd7027e64c1b4908a0cf3c5186

          SHA1

          bc7848bfa2111b78efd7581e9ae1e503d949fe5f

          SHA256

          fe4e6fc2308e71dbeef090c0c08c2d0475b410d2318da67f0ac6a667bceabbc1

          SHA512

          bc19dd6ffdab5e720bb152bf775105999a0feed022d29540ba75003aef7e655b4942d82e1f82ea8b4d995df3a5ad66b02ca686f4d8052db96656cc905284e8c7

          Download Submit

        • \Users\Admin\AppData\Local\3Cx\wer.dll
          Filesize

          988KB

          MD5

          951a31a9d7f2385e20536e5a73abd098

          SHA1

          45e3704c5ca2c64d3a19e753bf2f65d7cd14e214

          SHA256

          7edf6a92e9ec0bb6b7153b8a9d76b86d0ddaa613a9b848fdc92cd6f00770a06a

          SHA512

          be642465a29af9b81daee57bb739f43dad4341fb0ab34eb5a7b7b274d021841d1a7350d350824d9d69cec8b5fb3cbde922911c4919de90d469e63e17bafd19b5

          Download Submit

        • \Users\Admin\AppData\Local\M1fVyLtZ\UxTheme.dll
          Filesize

          988KB

          MD5

          bff40eaf2af07e6d3ee6be46c65ff782

          SHA1

          8f7c1a156ad1e175d88fa0b2380abe68a5dfd8db

          SHA256

          bfefca53eeaa707cad031b7f3f72ef28154051d82e8cfb97d08b5f224c47d2ba

          SHA512

          bcd610a583d9d2fba6d947f47110e11b30999ccc84cde294f7251042777d3127bcc56b102eb9edf4174ab73be437ed863c69f55e8dd8315d57dbeaad3d112da9

          Download Submit

        • \Users\Admin\AppData\Local\ZxZ\NETPLWIZ.dll
          Filesize

          984KB

          MD5

          5e8fb406d92709ae899ae48bd1b74980

          SHA1

          f633644874ffa12894c3c3551728187d903b0bd1

          SHA256

          ca7e9d050685735acbd375528bf579ac9f5d1956d8f967e85cf125fceed294b3

          SHA512

          c81a6fd695b75a5492365b457371842d065504c14f0a0893f9758c96ba4e8bc155827e303a69121447b631ae0ca1aed5cc2a9f25587e3f68f36ba50bf3557820

          Download Submit

        • memory/1192-25-0x00000000770F0000-0x00000000770F2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1192-34-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-15-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-22-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-24-0x0000000076F91000-0x0000000076F92000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-23-0x0000000002E10000-0x0000000002E17000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1192-14-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-13-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-12-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-7-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-9-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-8-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-38-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-44-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-5-0x0000000002E30000-0x0000000002E31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-108-0x0000000076D86000-0x0000000076D87000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-4-0x0000000076D86000-0x0000000076D87000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1192-16-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-10-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1192-39-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/1472-94-0x000007FEF5D00000-0x000007FEF5DF6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2364-3-0x0000000000110000-0x0000000000117000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2364-11-0x000007FEF5D00000-0x000007FEF5DF6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2364-0-0x000007FEF5D00000-0x000007FEF5DF6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/2624-70-0x000007FEF5D00000-0x000007FEF5DF7000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2624-69-0x0000000000150000-0x0000000000157000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2624-74-0x000007FEF5D00000-0x000007FEF5DF7000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2912-52-0x0000000000230000-0x0000000000237000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2912-57-0x000007FEF66E0000-0x000007FEF67D7000-memory.dmp

          Filesize

          988KB

          Download

        • memory/2912-53-0x000007FEF66E0000-0x000007FEF67D7000-memory.dmp

          Filesize

          988KB

          Download