Overview

overview

10

Static

static

3

123a833c6a...ff.dll

windows7-x64

10

123a833c6a...ff.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-01-2025 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.dll

  • Size

    984KB

  • MD5

    f5e2ec95b6d3d591609351b2c32c15fc

  • SHA1

    56ff4415603201d5367280e88348a56f24e4863b

  • SHA256

    123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff

  • SHA512

    ccd2977e2a21ea3f8c0ca0774f84af450813a9b338dcf31e59ae377f7cca9206e64f7be2e756ead7abcc61114b7d1a20480bec7dca56e6252d264fbc824f6fc0

  • SSDEEP

    24576:yWyoHFMVMKkN3ZvxEhb0IsaQ4KriCo0j6Ijgx:1nuVMK6vx2RsIKNrjE

Score
10/10
dridexbotnetdefense_evasionpayloadpersistencetrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    defense_evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\123a833c6ad4fefb0e612a93c8bfb2fda9525414b308f18c9d3ea56a5ea37fff.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3564
  • C:\Windows\system32\CameraSettingsUIHost.exe
    C:\Windows\system32\CameraSettingsUIHost.exe
    1⤵
      PID:512
    • C:\Users\Admin\AppData\Local\tdioC4m\CameraSettingsUIHost.exe
      C:\Users\Admin\AppData\Local\tdioC4m\CameraSettingsUIHost.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3936
    • C:\Windows\system32\Taskmgr.exe
      C:\Windows\system32\Taskmgr.exe
      1⤵
        PID:4640
      • C:\Users\Admin\AppData\Local\XOCiIdhZ\Taskmgr.exe
        C:\Users\Admin\AppData\Local\XOCiIdhZ\Taskmgr.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4572
      • C:\Windows\system32\DevicePairingWizard.exe
        C:\Windows\system32\DevicePairingWizard.exe
        1⤵
          PID:1036
        • C:\Users\Admin\AppData\Local\OiubIr\DevicePairingWizard.exe
          C:\Users\Admin\AppData\Local\OiubIr\DevicePairingWizard.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:3668

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\OiubIr\DevicePairingWizard.exe
          Filesize

          93KB

          MD5

          d0e40a5a0c7dad2d6e5040d7fbc37533

          SHA1

          b0eabbd37a97a1abcd90bd56394f5c45585699eb

          SHA256

          2adaf3a5d3fde149626e3fef0e943c7029a135c04688acf357b2d8d04c81981b

          SHA512

          1191c2efcadd53b74d085612025c44b6cd54dd69493632950e30ada650d5ed79e3468c138f389cd3bc21ea103059a63eb38d9d919a62d932a38830c93f57731f

          Download Submit

        • C:\Users\Admin\AppData\Local\OiubIr\MFC42u.dll
          Filesize

          1012KB

          MD5

          79fe7843bb1660add317762566185a67

          SHA1

          7d1dd71ed84f970b38a069df38d9860663da15fb

          SHA256

          50892d4c945dd8fdb92f96e4caeb41eb7434c0fac0c1815622073df1b45dfbe8

          SHA512

          370398d5d178adfb519e29dcf0a6b1349fc4bf7d4dedba6d7f851da3be2364b1eba0c554d39f019d98ac7b53655b1c7fb301358882702a6aebdd26eeb0400fe9

          Download Submit

        • C:\Users\Admin\AppData\Local\XOCiIdhZ\DUI70.dll
          Filesize

          1.2MB

          MD5

          ec1915292bb5600f0f00bec9789369fa

          SHA1

          86593ea88f530a1ed87aa73b143af4d83a4c148c

          SHA256

          18383f3aa0c018d1e949233f7cf5d60d3865176b968abc30080e903876c1acd6

          SHA512

          1079dc8d429f16983aee8343968db843f23ee0a4d98ef8809171c66edc7c16bee49e41a7f77d262ba070f4707c3b927999f57e842d2236c68a45e14f50d0d599

          Download Submit

        • C:\Users\Admin\AppData\Local\XOCiIdhZ\Taskmgr.exe
          Filesize

          1.2MB

          MD5

          58d5bc7895f7f32ee308e34f06f25dd5

          SHA1

          7a7f5e991ddeaf73e15a0fdcb5c999c0248a2fa4

          SHA256

          4e305198f15bafd5728b5fb8e7ff48d9f312399c744ecfea0ecac79d93c5e478

          SHA512

          872c84c92b0e4050ae4a4137330ec3cda30008fd15d6413bf7a913c03a021ad41b6131e5a7356b374ced98d37ae207147ebefd93893560dc15c3e9875f93f7a9

          Download Submit

        • C:\Users\Admin\AppData\Local\tdioC4m\CameraSettingsUIHost.exe
          Filesize

          31KB

          MD5

          9e98636523a653c7a648f37be229cf69

          SHA1

          bd4da030e7cf4d55b7c644dfacd26b152e6a14c4

          SHA256

          3bf20bc5a208dfa1ea26a042fd0010b1268dcfedc94ed775f11890bc1d95e717

          SHA512

          41966166e2ddfe40e6f4e6da26bc490775caac9997465c6dd94ba6a664d3a797ffc2aa5684c95702e8657e5cea62a46a75aee3e7d5e07a47dcaaa5c4da565e78

          Download Submit

        • C:\Users\Admin\AppData\Local\tdioC4m\DUI70.dll
          Filesize

          1.2MB

          MD5

          d923d2c51e28d8b4db431e57f0c48d77

          SHA1

          34f24a73bb8672dc3d6318e52e413cd7130e8374

          SHA256

          fcc450a3ead2b31fd51d98a598548e25dadedce7b46ada8df1b6ba6b09566fb8

          SHA512

          ecc38ce284dcdde475504b2aa5f4eabdc2f34f53071c10173e26faed21dee235a4c796924d0e6e15766c0f5b44eaaab8d6e46122c24d76c1dad6d6d64ed16ce3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Updjljcn.lnk
          Filesize

          1KB

          MD5

          53b1e1a93dbf6ff0c90ea9fd15cd67bb

          SHA1

          f6fe536f15ebef3da5b5573b7e189f9a27032e5f

          SHA256

          4f026d148517fe31d3386610da2cd10a54e29771927b5917bf3db9e86ce85456

          SHA512

          7e0a59bae8340b61542528f700a6878f50c062632b9073a9df4943740dc15bef01c58f60bc05e34f6ed38d3f6570009f26db1ee1e4a42c2be3710ab30f3d2f9c

          Download Submit

        • memory/3472-16-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-23-0x0000000000570000-0x0000000000577000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3472-15-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-14-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-5-0x00007FF9FDCEA000-0x00007FF9FDCEB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3472-12-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-11-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-10-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-9-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-8-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-35-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-33-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-22-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-4-0x00000000027E0000-0x00000000027E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3472-7-0x0000000140000000-0x00000001400F6000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3472-24-0x00007FF9FDD80000-0x00007FF9FDD90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3564-0-0x00007FF9EF390000-0x00007FF9EF486000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3564-13-0x00007FF9EF390000-0x00007FF9EF486000-memory.dmp

          Filesize

          984KB

          Download

        • memory/3564-3-0x000001CA7E6E0000-0x000001CA7E6E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3668-78-0x00007FF9E0740000-0x00007FF9E083D000-memory.dmp

          Filesize

          1012KB

          Download

        • memory/3668-83-0x00007FF9E0740000-0x00007FF9E083D000-memory.dmp

          Filesize

          1012KB

          Download

        • memory/3936-50-0x00007FF9EEAC0000-0x00007FF9EEBFC000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3936-49-0x000001F1E49B0000-0x000001F1E49B7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3936-44-0x00007FF9EEAC0000-0x00007FF9EEBFC000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4572-64-0x00000116CB590000-0x00000116CB597000-memory.dmp

          Filesize

          28KB

          Download

        • memory/4572-67-0x00007FF9EEAC0000-0x00007FF9EEBFC000-memory.dmp

          Filesize

          1.2MB

          Download