Analysis
-
max time kernel
3s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-12-2023 18:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
362efdb462f7563b069081e0de821389.dll
Resource
win7-20231215-en
10 signatures
150 seconds
General
-
Target
362efdb462f7563b069081e0de821389.dll
-
Size
696KB
-
MD5
362efdb462f7563b069081e0de821389
-
SHA1
3d2f676e15b6d677c2e77edd2b5d4aae009423de
-
SHA256
36cce483a655202788e541b658a2c9afe18d4b1868199231874dd1c10fb8962c
-
SHA512
4afa497167ff9b93001d04052f4757e0376c6fd088a1d531691132ca53581bf0f0cb4047b942abafafb3c06e110eee9e02f4ffb50d28795ff7d3bd2e8fbe0362
-
SSDEEP
12288:MEwgKnIhABTW0HcD5a1PKxdZhC+k+V9Hgeb/tf/B9P632vHAA:MEwXnOAx5HcDM1Sxd3ChCHg2/P9yGo
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3348-3-0x0000000002B10000-0x0000000002B11000-memory.dmp dridex_stager_shellcode -
Processes:
resource yara_rule behavioral2/memory/2480-0-0x0000000140000000-0x00000001400AE000-memory.dmp dridex_payload behavioral2/memory/3348-34-0x0000000140000000-0x00000001400AE000-memory.dmp dridex_payload behavioral2/memory/3348-23-0x0000000140000000-0x00000001400AE000-memory.dmp dridex_payload behavioral2/memory/2480-37-0x0000000140000000-0x00000001400AE000-memory.dmp dridex_payload behavioral2/memory/4964-51-0x0000024AB40B0000-0x0000024AB415F000-memory.dmp dridex_payload behavioral2/memory/4964-46-0x0000024AB40B0000-0x0000024AB415F000-memory.dmp dridex_payload behavioral2/memory/852-67-0x0000000140000000-0x00000001400AF000-memory.dmp dridex_payload behavioral2/memory/852-62-0x0000000140000000-0x00000001400AF000-memory.dmp dridex_payload behavioral2/memory/1548-83-0x0000000140000000-0x00000001400AF000-memory.dmp dridex_payload -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid Process 2480 rundll32.exe 2480 rundll32.exe 2480 rundll32.exe 2480 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\362efdb462f7563b069081e0de821389.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2480
-
C:\Users\Admin\AppData\Local\1pMz\ie4uinit.exeC:\Users\Admin\AppData\Local\1pMz\ie4uinit.exe1⤵PID:4964
-
C:\Windows\system32\ie4uinit.exeC:\Windows\system32\ie4uinit.exe1⤵PID:4660
-
C:\Users\Admin\AppData\Local\yNLrN\EaseOfAccessDialog.exeC:\Users\Admin\AppData\Local\yNLrN\EaseOfAccessDialog.exe1⤵PID:852
-
C:\Windows\system32\EaseOfAccessDialog.exeC:\Windows\system32\EaseOfAccessDialog.exe1⤵PID:2636
-
C:\Users\Admin\AppData\Local\b50\SystemPropertiesProtection.exeC:\Users\Admin\AppData\Local\b50\SystemPropertiesProtection.exe1⤵PID:1548
-
C:\Windows\system32\SystemPropertiesProtection.exeC:\Windows\system32\SystemPropertiesProtection.exe1⤵PID:2644