Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows10-2004-x64

10

The-MALWAR...ll.exe

windows10-2004-x64

10

The-MALWAR...BS.exe

windows10-2004-x64

10

The-MALWAR...in.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows10-2004-x64

7

The-MALWAR....A.exe

windows10-2004-x64

10

The-MALWAR....A.dll

windows10-2004-x64

7

The-MALWAR...r.xlsm

windows10-2004-x64

10

The-MALWAR...36c859

ubuntu-24.04-amd64

8

The-MALWAR...caa742

ubuntu-24.04-amd64

8

The-MALWAR...c1a732

ubuntu-24.04-amd64

8

The-MALWAR...57c046

ubuntu-24.04-amd64

8

The-MALWAR...460a01

ubuntu-24.04-amd64

8

The-MALWAR...ece0c5

ubuntu-24.04-amd64

8

The-MALWAR...257619

ubuntu-18.04-amd64

8

The-MALWAR...fbcc59

ubuntu-24.04-amd64

8

The-MALWAR...54f69c

ubuntu-24.04-amd64

8

The-MALWAR...d539a6

ubuntu-24.04-amd64

8

The-MALWAR...4996dd

ubuntu-24.04-amd64

8

The-MALWAR...8232d5

ubuntu-18.04-amd64

8

The-MALWAR...66b948

ubuntu-22.04-amd64

8

The-MALWAR...f9db86

ubuntu-24.04-amd64

8

The-MALWAR...ea2485

ubuntu-24.04-amd64

8

The-MALWAR...us.exe

windows10-2004-x64

7

The-MALWAR....a.exe

windows10-2004-x64

3

The-MALWAR....a.exe

windows10-2004-x64

7

The-MALWAR...ok.exe

windows10-2004-x64

1

The-MALWAR...y.html

windows10-2004-x64

4

The-MALWAR...ft.exe

windows10-2004-x64

4

The-MALWAR...en.exe

windows10-2004-x64

6

The-MALWAR...ve.apk

android-9-x86

The-MALWAR...ve.apk

android-10-x64

Resubmissions

11/04/2025, 21:31

250411-1cz7lazpx8 10

Analysis

  • max time kernel
    30s
  • max time network
    38s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2025, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.dll

  • Size

    628KB

  • MD5

    97a26d9e3598fea2e1715c6c77b645c2

  • SHA1

    c4bf3a00c9223201aa11178d0f0b53c761a551c4

  • SHA256

    e5df93c0fedca105218296cbfc083bdc535ca99862f10d21a179213203d6794f

  • SHA512

    acfec633714f72bd5c39f16f10e39e88b5c1cf0adab7154891a383912852f92d3415b0b2d874a8f8f3166879e63796a8ed25ee750c6e4be09a4dddd8c849920c

  • SSDEEP

    12288:2oXYZawPO7urFw4HLLDOeLSwg4ULeHOuCqA8:2oXYFIuh5HjhSwiJ8

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Modifies registry class 10 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Banking-Malware\Dridex\Trojan.Dridex.A.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1608
  • C:\Windows\system32\wscript.exe
    C:\Windows\system32\wscript.exe
    1⤵
      PID:4908
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\7FZ.cmd
      1⤵
        PID:5032
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\yt9G\wscript.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:3056
        • C:\Users\Admin\AppData\Roaming\yt9G\wscript.exe
          C:\Users\Admin\AppData\Roaming\yt9G\wscript.exe
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:5056
      • C:\Windows\system32\dxgiadaptercache.exe
        C:\Windows\system32\dxgiadaptercache.exe
        1⤵
          PID:5964
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\OGYzB.cmd
          1⤵
          • Drops file in System32 directory
          PID:3668
        • C:\Windows\System32\fodhelper.exe
          "C:\Windows\System32\fodhelper.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:3028
          • C:\Windows\system32\cmd.exe
            "C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\Oorh3.cmd
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:5844
            • C:\Windows\system32\schtasks.exe
              schtasks.exe /Create /F /TN "Rejhwoosbxuni" /TR C:\Windows\system32\Szm5\dxgiadaptercache.exe /SC minute /MO 60 /RL highest
              3⤵
              • Scheduled Task/Job: Scheduled Task
              PID:5704

        Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7FZ.cmd
          Filesize

          227B

          MD5

          1f7e383fe3fc0c5cb0f7410ec46300bf

          SHA1

          52e6d1f81a0b6d03437a01f5146a22ca963b5e4f

          SHA256

          c7a45329f14a1032d8444812d885a5545ffd0e47e8adeb2009b0b6ba563d4e52

          SHA512

          296aa6b2f3141377b342b6a0f7419d24e256a6fd65b341f729ac5b08b25ce74f866daadf5b59b151d08255da558ff6433ae2aa3bbb106d6f914fa9e9e3b079e5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\LjgC15D.tmp
          Filesize

          628KB

          MD5

          f844ce44cef3c83d7dd3832ca2dbd382

          SHA1

          a874107bd2d6773b55413d36f640922c0378cbca

          SHA256

          a7e4615549ba920e9905bc893e97c38925397817e4e435b7878ed4136fdb7777

          SHA512

          8f404ed328f30aa89fa41bf4db063c0fccf2fac6d606a5a42201ba040bcbcf013318fb3f538d08d11ba9a3f4a3bf3c5567b62d4f8da3e0bcaa6267cbde0de9d3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\OGYzB.cmd
          Filesize

          200B

          MD5

          31c71ab969f2be250621de876fe254d5

          SHA1

          cb56e282ed1a7622d3bbd7be244af760e218887f

          SHA256

          c864ac6f55b1fc10d252f373dcf53ff28558294b414fb9080d5fb7e2fa41d025

          SHA512

          177fb6d5521f2dcdabaf1f7762ad3d3061bd3c83c5beb4992861e8550226fa58798b8a6c33a8d9a173793f78d3c43de1241fcb3d019f07c6102b7d3a13968d69

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Oorh3.cmd
          Filesize

          138B

          MD5

          643c6874c4a57fde6d6f0aedc66171e6

          SHA1

          e7e0923a29d4b826056b4db9baf241f76aed277d

          SHA256

          051a11591f0425110bd510a35e492ba80f5aa2380e8a0e1ebb2bcc945cc8f0b8

          SHA512

          af785e0b502221c7b52c1b8f25a8c06b3c03c8668a427e49175316844b404f9c33a9708a5923bc5c28fcbcc816d1598abcceab97ce510993383f5e819b3298ff

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\XBm9961.tmp
          Filesize

          628KB

          MD5

          fe37fda7e36a08f1010115d6330937d2

          SHA1

          00c4e4740bdfbc316922c9c1f9c6b97b03eb97d8

          SHA256

          7e6fbe9eeee67e52552cc4563d2699f8c48fc847f99585e04c60d6122e0c1303

          SHA512

          a8d72613f8a176cfe598d2b494d98aab13e4f4c1bbc181062964d30f490c701c4ffb4b8ddda8a79cb0639830bcfd006aa31ce51c5468582bafd8e30abff2d08c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\yt9G\wscript.exe
          Filesize

          166KB

          MD5

          a47cbe969ea935bdd3ab568bb126bc80

          SHA1

          15f2facfd05daf46d2c63912916bf2887cebd98a

          SHA256

          34008e2057df8842df210246995385a0441dc1e081d60ad15bd481e062e7f100

          SHA512

          f5c81e6dc4d916944304fc85136e1ff6dee29a21e50a54fe6280a475343eccbfe094171d62475db5f38e07898c061126158c34d48b9d8f4f57f76d49e564e3fc

          Download Submit

        • memory/1608-2-0x000001E047F50000-0x000001E047F57000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1608-0-0x00007FFF91740000-0x00007FFF917DD000-memory.dmp

          Filesize

          628KB

          Download

        • memory/1608-6-0x00007FFF91740000-0x00007FFF917DD000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-7-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-23-0x0000000000780000-0x0000000000787000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3488-10-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-9-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-8-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-14-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-12-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-33-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-31-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-13-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-24-0x00007FFFA00C0000-0x00007FFFA00D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3488-20-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/3488-42-0x0000000002A80000-0x0000000002A81000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3488-4-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3488-3-0x00007FFF9E7DA000-0x00007FFF9E7DB000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3488-11-0x0000000140000000-0x000000014009D000-memory.dmp

          Filesize

          628KB

          Download

        • memory/5056-51-0x00007FFF91760000-0x00007FFF917FD000-memory.dmp

          Filesize

          628KB

          Download

        • memory/5056-49-0x00007FFF91760000-0x00007FFF917FD000-memory.dmp

          Filesize

          628KB

          Download

        • memory/5056-48-0x000001DD46E70000-0x000001DD46E77000-memory.dmp

          Filesize

          28KB

          Download