Analysis
-
max time kernel
3s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22-12-2023 16:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f518a4dec5de3386e7aa4a19fd0f8ac1.dll
Resource
win7-20231215-en
4 signatures
150 seconds
General
-
Target
f518a4dec5de3386e7aa4a19fd0f8ac1.dll
-
Size
1.8MB
-
MD5
f518a4dec5de3386e7aa4a19fd0f8ac1
-
SHA1
0ef8670d9d1e4184daba2959bb6ac675e9ece0b5
-
SHA256
89423c76e59074527f58059a7fbc88c65fb85fa4404b809f6f481d2bb3b602df
-
SHA512
fd16896a386b8f23fa834f37c492d427be4a38cbc474e6264461fd0461cf0143db56cdfb6eed6835117f4debaf9c5237c8694104abe56ca53e34be8a8785f680
-
SSDEEP
12288:LVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:KfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1200-5-0x0000000002A20000-0x0000000002A21000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
rundll32.exepid Process 2052 rundll32.exe 2052 rundll32.exe 2052 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f518a4dec5de3386e7aa4a19fd0f8ac1.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2052
-
C:\Users\Admin\AppData\Local\Wpw3aN\calc.exeC:\Users\Admin\AppData\Local\Wpw3aN\calc.exe1⤵PID:1324
-
C:\Windows\system32\calc.exeC:\Windows\system32\calc.exe1⤵PID:1248
-
C:\Windows\system32\DisplaySwitch.exeC:\Windows\system32\DisplaySwitch.exe1⤵PID:1680
-
C:\Users\Admin\AppData\Local\5BSmtifRo\DisplaySwitch.exeC:\Users\Admin\AppData\Local\5BSmtifRo\DisplaySwitch.exe1⤵PID:1440
-
C:\Users\Admin\AppData\Local\pnlj4uKoq\AdapterTroubleshooter.exeC:\Users\Admin\AppData\Local\pnlj4uKoq\AdapterTroubleshooter.exe1⤵PID:2192
-
C:\Windows\system32\AdapterTroubleshooter.exeC:\Windows\system32\AdapterTroubleshooter.exe1⤵PID:1960