Analysis
-
max time kernel
1s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2023 22:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
057bb2ade128476e59bac8ad60086d9e.dll
Resource
win7-20231215-en
10 signatures
150 seconds
General
-
Target
057bb2ade128476e59bac8ad60086d9e.dll
-
Size
3.2MB
-
MD5
057bb2ade128476e59bac8ad60086d9e
-
SHA1
63c16b30db7718bc853802ede3e3d3f8563f7a5c
-
SHA256
2fd1f1b0c7fb142aa3c4e81bedb7e6722acede96384123b60c86b2dca501b50a
-
SHA512
3bbeba9f3ceae53a739e2689be4cb57cea9f96ee2aeb61ee3f118d3963fcfea082c05f0a1c162887a554c4b2289a4766fb6b9e8b14cc6911ad07a036429a6d61
-
SSDEEP
12288:7VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:afP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3540-4-0x0000000006F90000-0x0000000006F91000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid Process 3180 rundll32.exe 3180 rundll32.exe 3180 rundll32.exe 3180 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\057bb2ade128476e59bac8ad60086d9e.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:3180
-
C:\Windows\system32\DWWIN.EXEC:\Windows\system32\DWWIN.EXE1⤵PID:3036
-
C:\Users\Admin\AppData\Local\iKEJno\DWWIN.EXEC:\Users\Admin\AppData\Local\iKEJno\DWWIN.EXE1⤵PID:2268
-
C:\Windows\system32\WMPDMC.exeC:\Windows\system32\WMPDMC.exe1⤵PID:1568
-
C:\Users\Admin\AppData\Local\W37Ok1My\WMPDMC.exeC:\Users\Admin\AppData\Local\W37Ok1My\WMPDMC.exe1⤵PID:4944
-
C:\Users\Admin\AppData\Local\Fg5wWVuQ6\wlrmdr.exeC:\Users\Admin\AppData\Local\Fg5wWVuQ6\wlrmdr.exe1⤵PID:4156