Analysis
-
max time kernel
0s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2023 22:02
Static task
static1
Behavioral task
behavioral1
Sample
0512aedf039191c7a60c97cd87a5d490.dll
Resource
win7-20231215-en
General
-
Target
0512aedf039191c7a60c97cd87a5d490.dll
-
Size
1.9MB
-
MD5
0512aedf039191c7a60c97cd87a5d490
-
SHA1
f5ffb6e18f6e8c2b06d040509d4542f13fdfa459
-
SHA256
d168ef7be6e3b73f63a62c817c0d87e4dd84cbe577454da94b7cc8bf8ff55879
-
SHA512
71b20bfb893dc6013c4d790b19dd92815a33b269ae2125ac7afaccf2821a196c843ee41696d978d2b1ef2789fa789c52d1829dcefa23e9cdbc02cbb973dfe6a3
-
SSDEEP
12288:YVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:NfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3488-4-0x0000000002AB0000-0x0000000002AB1000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid Process 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0512aedf039191c7a60c97cd87a5d490.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:1356
-
C:\Users\Admin\AppData\Local\Dx4\EhStorAuthn.exeC:\Users\Admin\AppData\Local\Dx4\EhStorAuthn.exe1⤵PID:4960
-
C:\Users\Admin\AppData\Local\4eT\wscript.exeC:\Users\Admin\AppData\Local\4eT\wscript.exe1⤵PID:3976
-
C:\Windows\system32\wscript.exeC:\Windows\system32\wscript.exe1⤵PID:1532
-
C:\Users\Admin\AppData\Local\bB6Cw3S\upfc.exeC:\Users\Admin\AppData\Local\bB6Cw3S\upfc.exe1⤵PID:1584
-
C:\Windows\system32\upfc.exeC:\Windows\system32\upfc.exe1⤵PID:4552
-
C:\Windows\system32\EhStorAuthn.exeC:\Windows\system32\EhStorAuthn.exe1⤵PID:976
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5e89cdd42374ee74b19ea18b179856f83
SHA1534e5645376873126fd2c9a24e463a47ca963f3d
SHA2561ea0219eabb1fc0ffc103338533d40fb4d9489f814f3beffda0254696facfba8
SHA512c1895e3d6d15176419e17c50afeb5188d85481ecf5d6253dd14e4a4fe31ed735cc052b6ae8692724bbf8888c3eef326eb55388157e75dd272b6837863b54dac8
-
Filesize
6KB
MD5a1d7e3aa2cb9620abc16dc99d2e98af6
SHA1664154129020372e8b7521f754bc32a94d75b6a2
SHA2561b404ca65182a4473fbc04437f25c84b2a47c558db008e07b161fdcf540c89a9
SHA512ae8ceaea70732194f3d79c9be69d3e0002d4432405f86e590955c80e2926a60e5311c492ba38226cfce38df36c34abd821c910b3d9258b0f17f5471a24e1d515
-
Filesize
34KB
MD54286433d83e7bd3f68c8b3ee7acfb0f3
SHA1017507dd3f29f92a8ef186f752dbce1b22709520
SHA256dbc9c3665b58f2b88fd68c2d4d4ac500209cca823a0e3da5e84d494cbfb5203d
SHA512c37b61ec0dbe90a6d5cae6cc37aec7c4b8b90c5411141034b3d665b33d0f7c9730e3cbbafea163e587bfe495646373cf437cbad96b395ac312c83774f3877d24
-
Filesize
24KB
MD5a7e0f0bd7819507ecdfc638f29e9b885
SHA1309bc0ddad63617205926531f4509a820e48d2f6
SHA256283e2e89a1c34c2e8d16efff57a9b2be06feb3a6595683791455857b821614f2
SHA512519087d2ca1ff7118dfd03eb2a7c24f0ea27471e98c261bccbb5d7d622af5075eab08c2d77c532d4dee6af8192832f71311a19ec9a34dced178df4ffb8b4e372
-
Filesize
50KB
MD5091ccca07d24d56fe365f9b790a5d467
SHA101c2c3e14768d0c775d256e9260b634e6fc96bf0
SHA256d8fb01faa50f23a17230989889264f759a4679453ebdedc70f9547103143aed9
SHA5122f641f4c4bf5a7f594719a6f68e5d0703d018cb763c7f1023206b2f63d4b19791201fcaf86a3adb7ab97e178ef4c42fc122c987ca7eb24b5bddaf86f61bbf99e
-
Filesize
40KB
MD5529a746fc4baa5dec1f6fb3a41764331
SHA18696dcf8c61eb0c619ade5eeae2d40ef1a991eea
SHA25603eb6453402183a6098fbfad6eaf266ee59865718c7705a09e330e92e5d31a61
SHA512ebcc19a454c62f34bebe335b16ca562fd5ceba4e2da122a3a871a157f5efc32dfdc554c1245a3ee7a6ce3f2ceb08ab0bbe5579d377535391e418016b35b95c29
-
Filesize
29KB
MD53df4e529477fb0a38153f6792e0a054c
SHA15f55500177c78401d423127dd68ae3a7744989a7
SHA25615257ce982996e364fc57bcd5868a46f7d7e8ab9bf56a71759bba38c47dc165e
SHA5128dac8b4f9ab248aaa7caa96a170916daf51618b93935b1558432e9d10b9dec00e0103399f94e90a6b4ee5ff36a2ba92604a70f0733a245100b56a92f29766d2f
-
Filesize
18KB
MD57ffa1966eeeb89969aed664ed2f35847
SHA16199b50f6d9b9619bd29dc2352cbe25298fd10a0
SHA2567d20164cd12e8b21a3daefec74a43edf3f0813a48b2998b9c43a5b2d0ffba286
SHA5121495e426a62e2660817aeae2d01755fd4e11e59aa99d02d82c0617d5425403fa2096ccd1d9af2c5049d439466a11b01f4c12f0783a6b10a4048c6afd13f9f52a
-
Filesize
1KB
MD57108d9913efe83fdb9659f12e8746ac6
SHA101eb45b40e94213596b195ad01bb9a33097ea833
SHA256e56ce2a2ae091354573b0942d88841125aa2ebf04f62740f36e37e9caafb0ac7
SHA512aef3f9db64612d868df19c7a2e0e04478b97cfc4975367d143e617370cc20a50d79e1444df952cfa023dde8c90a7491c8644b475d930f50d4b77817a5497fdaf
-
Filesize
21KB
MD58e6c608c050c0dc839ba50994f47fa3b
SHA1e8d7b84b1a2b48644aa390b6d5744fd047be200d
SHA256eb0cf164d8ef0636316ccc4a8963e61ee53e386f5d3b4378f061cd072ef8245e
SHA512cc1a9eb555a5353729b3cc310fb0f67be880395ddb042aa0bb1c94d201e2179e99215686e09bf11c770807ac04a3340f7fb5914d9dc872210edcad22d43533c7
-
Filesize
29B
MD510afe080d3d68e8082374c70ae5312ff
SHA16da7ab8c2b9179d426438cb072064baaf8ac6332
SHA2565a179f3e2a089fdb60790c016a913d6753df671f99d74655ceab766bece7e4fd
SHA512aa9edd556fb2cb98df48479a840865b96ea7187ac736ad9a757e6397f5eb7a3d63430a821e8747a6e56a1c3a685b242834d8e8e01ab2e33590fd8404e189186d
-
Filesize
1KB
MD535473b3569566b5ba3b7ed446fc17674
SHA15eef934f1627f3bb694eecb699d7dc59031ed5e2
SHA2567e0cfccfc1ab0794efee62399747cde6ec0692f9445e02d2dd6629705a80ea26
SHA5125fcc32eb08d0539a8d174af60dcf410233434f07f849d6b3f263aa5a2073e116ba4f173e9d5c2c5fa97a5a93faddd6e89068d876a14c165837a11c56a148caf6
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3803511929-1339359695-2191195476-1000\4yBqkVK\XmlLite.dll
Filesize23KB
MD542e0fba27e109ef6c216c29f0572d006
SHA1bbac363b2e0ee4a08024d8d0f760dffe61cce469
SHA2564a070686b32b626ea2396fad01dbda4fdc11d67516bb61f54b4538f812567f93
SHA5121bb72f0ec698f05b3b91183c392885341bef19a1b017ad151df6787abe96b258e9a88ee6a5429985a1d796b399503450531f04d54f9e9f1a6e8d748bde3c69c5
-
Filesize
1KB
MD5a9223f9d8f2260ca2856f809801f8f36
SHA1f30f8d28667fcd14e1933c58077383d2588765e9
SHA256903c4f0fa435d2a433539db4c07d9ae534113f337007a93352335835946dfc39
SHA5124f88768411e7df09b71e420a39768eb82a7dfe17ff72f749d4f9356b96f39ea4e88d39f963a4312b678318216c2f4a9071de59caa071426417b3cceca14561cd
-
Filesize
133KB
MD5e424b0b5623c3d4b6a3c5ec58b2ff1ef
SHA1381757dcb6f5dc7787469e3df524b9a66e43b450
SHA25667626a40c29278c4ef41073aa98078d314e7c398929320244d8f3b24b5c3245d
SHA512a2af0f2700a524b7e30e9517436a6d790adee92f9bd759f7f0c6b425f6c731280b55ecca7f8c7e58e481475b698befdc6f6cc0c8e2babbca2e889da99ff09cb5