Overview

overview

10

Static

static

3

24b578f6ed...dN.dll

windows7-x64

10

24b578f6ed...dN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    116s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2025, 02:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24b578f6ed5e0e3936a230c135def3af248deca34d13e377c40212288bc5359dN.dll

  • Size

    780KB

  • MD5

    523e161e7f0441375283519de5dd1640

  • SHA1

    18317845671b0ed94fa1b4633d673c55193e39ad

  • SHA256

    24b578f6ed5e0e3936a230c135def3af248deca34d13e377c40212288bc5359d

  • SHA512

    1556e848fa07d1dc24ca516313c1479dddcd527246df26ddf1dcb01cc8e8a98caf37879c01b4472d93115575791366984f93d401f6ea9047153ab99c8e080b57

  • SSDEEP

    12288:obP23onr2XV7KrPqgmNiQhDOy4/AT4r/E16K1QS/lsHAGHdDvRQ2sd1gqQ:obe42XV7KWgmjDR/T4a/Mdjm

Score
10/10
dridexbotnetdefense_evasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex family
    dridex
  • Dridex Shellcode 1 IoCs

    Detects Dridex Payload shellcode injected in Explorer process.

    botnetpayload
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    defense_evasiontrojan
  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\24b578f6ed5e0e3936a230c135def3af248deca34d13e377c40212288bc5359dN.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3464
  • C:\Windows\system32\BdeUISrv.exe
    C:\Windows\system32\BdeUISrv.exe
    1⤵
      PID:3592
    • C:\Users\Admin\AppData\Local\Mx4zD3j63\BdeUISrv.exe
      C:\Users\Admin\AppData\Local\Mx4zD3j63\BdeUISrv.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:3116
    • C:\Windows\system32\BdeUISrv.exe
      C:\Windows\system32\BdeUISrv.exe
      1⤵
        PID:3396
      • C:\Users\Admin\AppData\Local\QR4FF\BdeUISrv.exe
        C:\Users\Admin\AppData\Local\QR4FF\BdeUISrv.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:764
      • C:\Windows\system32\osk.exe
        C:\Windows\system32\osk.exe
        1⤵
          PID:1980
        • C:\Users\Admin\AppData\Local\2STJxZw\osk.exe
          C:\Users\Admin\AppData\Local\2STJxZw\osk.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:2092

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\2STJxZw\WINMM.dll
          Filesize

          788KB

          MD5

          28a62573c8612c6c633635581ceeb926

          SHA1

          e2b075b6c41b4d9cd5e14b4a31acee76ab538b13

          SHA256

          ea1b7e5c367d9dac4921bcd18a8fa64e4bee47ae37ad1add560497d624da2ad2

          SHA512

          a5202c3d291c652bb5b30b75fb957ab5157104edcadce38b93deb508030639f9d99a8f125bd353aa67a6bd83d1f56d606f7fa98c8a8ccfae1854c5f9227e73ab

          Download Submit

        • C:\Users\Admin\AppData\Local\2STJxZw\osk.exe
          Filesize

          638KB

          MD5

          745f2df5beed97b8c751df83938cb418

          SHA1

          2f9fc33b1bf28e0f14fd75646a7b427ddbe14d25

          SHA256

          f67ef6e31fa0eaed44bfbab5b908be06b56cbc7d5a16ab2a72334d91f2bb6a51

          SHA512

          2125d021e6f45a81bd75c9129f4b098ad9aa15c25d270051f4da42458a9737bff44d6adf17aa1f2547715d159fb621829f7cd3b9d42f1521c919549cc7deb228

          Download Submit

        • C:\Users\Admin\AppData\Local\Mx4zD3j63\BdeUISrv.exe
          Filesize

          54KB

          MD5

          8595075667ff2c9a9f9e2eebc62d8f53

          SHA1

          c48b54e571f05d4e21d015bb3926c2129f19191a

          SHA256

          20b05c77f898be08737082e969b39f54fa39753c8c0a06142eb7ad5e0764a2db

          SHA512

          080dbcdd9234c07efe6cea4919ffa305fdc381ccebed9d1020dd6551b54e20e52387e62a344502fa4a85249defd0f9b506528b8dd34675bc9f51f664b8fc4d88

          Download Submit

        • C:\Users\Admin\AppData\Local\Mx4zD3j63\WTSAPI32.dll
          Filesize

          784KB

          MD5

          eb1c85645a03c1359f2a54c13d7d2952

          SHA1

          eb9c6e4f1bd28b946a973393b5b92fd996b4bdee

          SHA256

          98a031fdb409684fca36d12f84863fc4e8e40aa731546f2fe37fc78c033c5a58

          SHA512

          537b45370c06a6fa4fbbe127da930f85ae4a2abdf4bd78e7cd23e94fb1e5e2958e59bdd7b4b754b642c8b0c47c6faf9e016b3767c1f2c95c3a1369b8dea38d96

          Download Submit

        • C:\Users\Admin\AppData\Local\QR4FF\WTSAPI32.dll
          Filesize

          784KB

          MD5

          cf9c0c33abe4b8f6c76a46f9859080b8

          SHA1

          54eb34f3f1461c79750243b247298d39a7e794aa

          SHA256

          03e9460c444aca758881231c4da1702278a9e6a0851858aea0bdd807b0782e42

          SHA512

          ed4c5a175f50729c79373a7e4b9fc182b5d11a0f22957908b85183c674583566840d95ad5356ee518d2447dddb3ab0fd2fea054ff9d92ca28d52178c97c6eb94

          Download Submit

        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fbavgxcpc.lnk
          Filesize

          1KB

          MD5

          13736c90b067d692b5bac56bf0776fe9

          SHA1

          76a9da8af0a096567939b02b4a7c2a0913b027af

          SHA256

          d855e82c1cc2c8155fed5e3219e8fdc06ea753e380e75249fa0d3e4b73ce5c1c

          SHA512

          119a5131f763a38db6d727a4c0c97cb7472fb638b4e7f3682ebf7c66b8530d5f5b424507fd8c511bdeecbb62dd1062be527e2f8b7f5e4a89f9a1bcf15725935b

          Download Submit

        • memory/764-67-0x0000000140000000-0x00000001400C4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/764-61-0x0000023D90660000-0x0000023D90667000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2092-79-0x0000000140000000-0x00000001400C5000-memory.dmp

          Filesize

          788KB

          Download

        • memory/2092-78-0x00000244DA420000-0x00000244DA427000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2092-84-0x0000000140000000-0x00000001400C5000-memory.dmp

          Filesize

          788KB

          Download

        • memory/3116-50-0x0000000140000000-0x00000001400C4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/3116-47-0x0000019779010000-0x0000019779017000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3116-44-0x0000000140000000-0x00000001400C4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/3188-13-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3188-8-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3188-24-0x00007FFBF58C0000-0x00007FFBF58D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3188-35-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3188-12-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3188-15-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3188-23-0x0000000000A10000-0x0000000000A17000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3188-14-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3188-4-0x00007FFBF3CEA000-0x00007FFBF3CEB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3188-5-0x0000000000A80000-0x0000000000A81000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3188-33-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3188-22-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3188-9-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3188-10-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3188-7-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3464-11-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download

        • memory/3464-3-0x00000135482C0000-0x00000135482C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3464-0-0x0000000140000000-0x00000001400C3000-memory.dmp

          Filesize

          780KB

          Download