Analysis
-
max time kernel
4s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2023 16:33
Static task
static1
Behavioral task
behavioral1
Sample
f31c9ea6eaecfbc1d3581dd755a4944f.dll
Resource
win7-20231129-en
General
-
Target
f31c9ea6eaecfbc1d3581dd755a4944f.dll
-
Size
2.3MB
-
MD5
f31c9ea6eaecfbc1d3581dd755a4944f
-
SHA1
94d3949951aa11a15bb76f8186612568117086ea
-
SHA256
c52b166abcd2b1f2055342f5e28d79527a621c723f52a0a2b0ea9e55d3e46136
-
SHA512
3036a7c406a530486e7b26d1499103bca0fcd14769856b5bd0aa1a983e07004d4301d5e7b2b8b78936e67d5099dac66e4887dce3cec6ce4a89688f381f372c5a
-
SSDEEP
12288:/VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1cNeu:2fP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3520-4-0x0000000002F50000-0x0000000002F51000-memory.dmp dridex_stager_shellcode -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
regsvr32.exepid Process 740 regsvr32.exe 740 regsvr32.exe 740 regsvr32.exe 740 regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\f31c9ea6eaecfbc1d3581dd755a4944f.dll1⤵
- Suspicious behavior: EnumeratesProcesses
PID:740
-
C:\Windows\system32\phoneactivate.exeC:\Windows\system32\phoneactivate.exe1⤵PID:2256
-
C:\Windows\system32\dialer.exeC:\Windows\system32\dialer.exe1⤵PID:2716
-
C:\Users\Admin\AppData\Local\bUdEA7\SystemPropertiesDataExecutionPrevention.exeC:\Users\Admin\AppData\Local\bUdEA7\SystemPropertiesDataExecutionPrevention.exe1⤵PID:772
-
C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exeC:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe1⤵PID:4844
-
C:\Users\Admin\AppData\Local\DLuP\dialer.exeC:\Users\Admin\AppData\Local\DLuP\dialer.exe1⤵PID:4632
-
C:\Users\Admin\AppData\Local\XVb42Xa\phoneactivate.exeC:\Users\Admin\AppData\Local\XVb42Xa\phoneactivate.exe1⤵PID:4152
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD5a383446fac0b374962d886501a80b365
SHA1b3587cdb7047d0e4685cfc7b67a8f6520ae60930
SHA2568b1e6e82a91c09eb49416c8e2b1981672a412fdef8dde8872907a2c53b92fa86
SHA512af02756dd3c4ae28ebca20402da0012c2ac56074d7c82717ab7b25cb74d65c15a9f08c96fbf1c9002644d63956a5d746f116180a0f037b2a7b43d11c419b3b00
-
Filesize
60KB
MD5bf9231156a26d833dd93da63d59088d1
SHA18f0c8c2be2902a214dc043fe7863c5d869c1e385
SHA256e3b7473c8a2677f1d53c0943ffb9fe9aea05304084d0aa34e6b4040446fa4587
SHA512ff63aa19fb4850182d516fb60df9aabf3d69f457954a149b1eb47fec60d9f8be640f3233a37a8e186e7173ecc9ad10b7b656866d07aa655fd36256ad0dfa1034
-
Filesize
39KB
MD5b2626bdcf079c6516fc016ac5646df93
SHA1838268205bd97d62a31094d53643c356ea7848a6
SHA256e3ac5e6196f3a98c1946d85c653866c318bb2a86dd865deffa7b52f665d699bb
SHA512615cfe1f91b895513c687906bf3439ca352afcadd3b73f950af0a3b5fb1b358168a7a25a6796407b212fde5f803dd880bcdc350d8bac7e7594090d37ce259971
-
Filesize
130KB
MD552ee211a7dba63b6ce95af7c5ea124e1
SHA1a118c424907bdbf961d594376d665e9df10bb08c
SHA2568db044d66470135abc0ff51f4066369597c8fbd567b7fbc8a1646b892f9bbf67
SHA512225b2e2139e53a719b1e33796e1cb022d9afd94e11f9a77b92726848430defa59c5895873c12c5f9d632ae21cbf5cc796256f686aec817b02953c0c9a9b0c17a
-
Filesize
90KB
MD54abee8c87c1e7fc843a2149ff6aa1615
SHA1b60c49491d2ceb9181105d05ac7fdc85cad36440
SHA2562ff0916dfd3df7b2514a39016509e0169dc4e42a9f9d7f47fc5f09d0f82bc4f5
SHA51220fece26935017d8dda6f3b90fc43908970c263b2198e814606a74ac2c31d3daf732433ec7e835dea5675b3c419589e98265f1adab7a97544eecb726d788a7f8
-
Filesize
89KB
MD5cdd0bf435d0a1652be5a7a9fc4c2d5d2
SHA1efb754e28ad96e6fe668e4bb465fd9af3b89155c
SHA25623a0e19f78aa38b3c155e3477fceaf4d9ae78f2507a9d8861c91c95a9cdd5f55
SHA51233447984a84dd68bb86906dd4c734682e875de0a75f2eb159197940752afe38f822878c9806ccf62dc45655bf490817259e9f4fc066b009b301ced245c95030e
-
Filesize
64KB
MD51bd362d2de4ab862d1c386a22f1f294d
SHA1bafe54677e1ad55323865fba584e1570f89e3e66
SHA2566a00dead2676608dc1a25551f4dbb8b1b529e3cd47dfe9b649909aed42d79e5f
SHA512a2cf09dbbc5ac45d85e02caeb9f40428dd20030a6fa5dc46f7d567da9527d66dfff0df62877627cd6e8390f269612fcd5df2f972921b059081ee1b87dea2c281
-
Filesize
53KB
MD56d1295362065c7143ccdc9a454e07467
SHA132df7d8c303e082e0fba5600f7cbdb3c13b51743
SHA256a2b861a3950bed2e5ccc20b841987acd84dabd5a168fc85d0ee04eb3d3b330eb
SHA5122b7d9f1368cee0c323d3550077b925cb7acb766268481597cf4a7cc8e01c2e662bbd494d02716dc649266820df8d98e7ad0af515d392d791abdb1f7ed3921db4
-
Filesize
55KB
MD5e5e866f23b6258d5b69d98b8865b11b0
SHA17a670071db0bce5eb35e836ba4aaa707d6fced88
SHA25697a4c4dc6cfd4b095162f55fb0be61b8a29a3f824c8b96c1fbeca8cffa0199dd
SHA51283665b914d9d3366d9eaacb2507a42825f5066f9e2fa2aeed8ec9a9ebf3fa8af7ccfd8664a13eadd74bf5bde523f8e557410b43ae16d1ee377b777cecb17c3ae
-
Filesize
55KB
MD50b649e8402e6c982bc69059fa4d413ab
SHA166e3e6be7560995cc1778ed91bda36266d8bfe3d
SHA256122bea3edeb716d8667f843e7965245b9a8f9953210dbc71c93dbd60b6882afa
SHA5129345d8dd9727262388a7deeed90cee25af04addd8c0296e4b909cafd10e7bc918eb9ed6eae2bf65ea9be99f3433c80f1115aa7ce1c434f33b325758a45a4b4fa
-
Filesize
40KB
MD57fe3668b8538f54ec46fcb7b70c3883b
SHA13d4eec07855916ef84340d7bfd5b7a6d77ae0eec
SHA25690b452123efacc890d9cfb8d9f25ac123ad05c19dcb56dbb472a7732264c3a7e
SHA512e3a2f8f090f5aed85b870ddebf8ad514d9818c1beb964eb155a6f39578aaf947863b1293d44d0d6f56b53936a32a745bcf4671250fec45410390e14cabf76320
-
Filesize
1KB
MD5e28fa2d2b6461dc179f2240b23fb7c82
SHA17e65787d64fac74faec68d1df641b4593fdeeee8
SHA256d33f922b52e74135cdf93cbac4b2812af1713517f0afcce538061386d2b7861e
SHA512b6dbc4e814731699703df2afeb8d2ca3f052305307a2cb9b26cca0d90eb222a8cb7d83f25c9c2cd9bf4be6c289bedd4133959344c3588669ec5f3f95a9b5c146
-
Filesize
87KB
MD5ae865c04b7d13b0344840cfe03b4f680
SHA179615c7ba1002a7f2a7dcd4ae5bec3ee3c789149
SHA2567a0983e06cd3b75d415d9697fde36719050818e9c74039f811741434d1750652
SHA5123ac46945a721fffc079fae7142ba71e7661c0aa16a0c3e5539db3fa902ad34727c2f9b8a0d99e39506e8a9d963c8e5f08e433c9301fd0877c94c7afcb82e29f0
-
Filesize
54KB
MD5d155330072964ced2be91bce9e738613
SHA196630c6938dbee80698cb85c2a266b2ccfecd898
SHA256f7563d376e5151d5a85a82ca750624b2ec63a6e8be843eddb3b26c778fef5dc1
SHA51257724f05958351ad421194bfe4b48382365e5f1e0cd3ae209261b07ebc252c8978a19a7c052e70505b9f8629cc725de689aaf33b794f48af2ec704f67fe27772
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\eoh9LCnO\TAPI32.dll
Filesize88KB
MD5d90686ee96902e3d037a55b82d92a670
SHA171bcfed3b01af393b6a1e6c1abe9ba3908a1193a
SHA256d7960d5a956bd59853fabbfab6b157c97919a6f76885b8d0e3df34a59d7e9637
SHA512c8603b3ffc6a68d9a363f68d065da760f82cf841c28802370ef514c356f3a980a8382be84f94cebc96f71d345461a22b0955f79838dc1510106d540423136eef