Analysis
-
max time kernel
3s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22-12-2023 15:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e3ddd19537fbfe6e4dd6fd445c3f6e3c.dll
Resource
win7-20231215-en
4 signatures
150 seconds
General
-
Target
e3ddd19537fbfe6e4dd6fd445c3f6e3c.dll
-
Size
1.5MB
-
MD5
e3ddd19537fbfe6e4dd6fd445c3f6e3c
-
SHA1
f9a944568c74a806d93ce6315e0db57dc5cbd86b
-
SHA256
688f0f9ec8429037d5775788166500e6dac955c36caa2eab4e6b16d88c07d370
-
SHA512
0320184082b47982b2fdec30094002cdbed0cebaf83299fa089a612d06117581f7206116ac76e656674e8c08d6f55db890465b7b4ee53687d1e901fadc2cfb1c
-
SSDEEP
12288:oVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:9fP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1208-5-0x0000000003D70000-0x0000000003D71000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
rundll32.exepid Process 816 rundll32.exe 816 rundll32.exe 816 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e3ddd19537fbfe6e4dd6fd445c3f6e3c.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:816
-
C:\Windows\system32\dccw.exeC:\Windows\system32\dccw.exe1⤵PID:2612
-
C:\Users\Admin\AppData\Local\XzGD5YI\dccw.exeC:\Users\Admin\AppData\Local\XzGD5YI\dccw.exe1⤵PID:1936
-
C:\Windows\system32\psr.exeC:\Windows\system32\psr.exe1⤵PID:2780
-
C:\Users\Admin\AppData\Local\ySWKfy\psr.exeC:\Users\Admin\AppData\Local\ySWKfy\psr.exe1⤵PID:2004
-
C:\Users\Admin\AppData\Local\K58Q\TpmInit.exeC:\Users\Admin\AppData\Local\K58Q\TpmInit.exe1⤵PID:2884
-
C:\Windows\system32\TpmInit.exeC:\Windows\system32\TpmInit.exe1⤵PID:2000
-
C:\Users\Admin\AppData\Local\2Gl6lrSql\msra.exeC:\Users\Admin\AppData\Local\2Gl6lrSql\msra.exe1⤵PID:2212
-
C:\Windows\system32\msra.exeC:\Windows\system32\msra.exe1⤵PID:676