Analysis
-
max time kernel
3s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26-12-2023 00:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4679898201806dc6de8e98d5fe539ed2.dll
Resource
win7-20231215-en
10 signatures
150 seconds
General
-
Target
4679898201806dc6de8e98d5fe539ed2.dll
-
Size
644KB
-
MD5
4679898201806dc6de8e98d5fe539ed2
-
SHA1
0b0a13522449f99f2e4eae9253700b542fca3461
-
SHA256
b60b7a922e6e0e011f495a1be04333582f76e52ddabefa0b020ed51a0d263cde
-
SHA512
62b61499c7f1c8acf7665d18941d4f3a9b0b34f7476921950f92040c251a9f00f4cf59d9859fa8c1960943d412230aa17eaa536f0883745b168101e148a29633
-
SSDEEP
12288:ZKYQ5LL540CV3UIeLPrleV1F0e8gMA/9L0l3HATpKR4:AYQ5p4f0POF0nkls3opKR
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3468-3-0x0000000002A70000-0x0000000002A71000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid Process 3392 rundll32.exe 3392 rundll32.exe 3392 rundll32.exe 3392 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4679898201806dc6de8e98d5fe539ed2.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:3392
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\mqZ.cmd1⤵PID:1216
-
C:\Windows\system32\rdpclip.exeC:\Windows\system32\rdpclip.exe1⤵PID:1796
-
C:\Windows\system32\msdt.exeC:\Windows\system32\msdt.exe1⤵PID:2316
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /Create /F /TN "Mtkoqsmyqyvls" /TR "C:\Windows\system32\xYsMc\msdt.exe" /SC minute /MO 60 /RL highest1⤵
- Creates scheduled task(s)
PID:3320
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\KrK.cmd1⤵PID:2260
-
C:\Windows\system32\schtasks.exeC:\Windows\system32\schtasks.exe /Query /TN "Mtkoqsmyqyvls"1⤵PID:680
-
C:\Windows\system32\schtasks.exeC:\Windows\system32\schtasks.exe /Query /TN "Mtkoqsmyqyvls"1⤵PID:4752
-
C:\Windows\system32\schtasks.exeC:\Windows\system32\schtasks.exe /Query /TN "Mtkoqsmyqyvls"1⤵PID:3504
-
C:\Windows\system32\schtasks.exeC:\Windows\system32\schtasks.exe /Query /TN "Mtkoqsmyqyvls"1⤵PID:2204
-
C:\Windows\system32\schtasks.exeC:\Windows\system32\schtasks.exe /Query /TN "Mtkoqsmyqyvls"1⤵PID:2280
-
C:\Windows\system32\schtasks.exeC:\Windows\system32\schtasks.exe /Query /TN "Mtkoqsmyqyvls"1⤵PID:3824