Analysis
-
max time kernel
18s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2023 23:05
Static task
static1
Behavioral task
behavioral1
Sample
06757f0f902f5be0f5997657f6eb9265.dll
Resource
win7-20231215-en
General
-
Target
06757f0f902f5be0f5997657f6eb9265.dll
-
Size
1.7MB
-
MD5
06757f0f902f5be0f5997657f6eb9265
-
SHA1
e6a16036b2f2b471440093625ff7712b274b3a88
-
SHA256
ae2ad50601ea9427bbd5976872c8854d51b8411b1d542a6df8d32169b62848ec
-
SHA512
3694179f2495a0f92bee6096f1a4c7cde9f1b0953051ce9d9e618a72548410d12362d6ca3204c803d3e6f234d80c56cb62150d958f33c15afcbd262b22ef5015
-
SSDEEP
12288:8VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:JfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3384-4-0x0000000001550000-0x0000000001551000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid Process 2672 rundll32.exe 2672 rundll32.exe 2672 rundll32.exe 2672 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06757f0f902f5be0f5997657f6eb9265.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2672
-
C:\Windows\system32\isoburn.exeC:\Windows\system32\isoburn.exe1⤵PID:3420
-
C:\Users\Admin\AppData\Local\tEcwNK\isoburn.exeC:\Users\Admin\AppData\Local\tEcwNK\isoburn.exe1⤵PID:2240
-
C:\Windows\system32\psr.exeC:\Windows\system32\psr.exe1⤵PID:3712
-
C:\Users\Admin\AppData\Local\c98YH5\psr.exeC:\Users\Admin\AppData\Local\c98YH5\psr.exe1⤵PID:1792
-
C:\Windows\system32\GamePanel.exeC:\Windows\system32\GamePanel.exe1⤵PID:4424
-
C:\Users\Admin\AppData\Local\472dBAsAH\GamePanel.exeC:\Users\Admin\AppData\Local\472dBAsAH\GamePanel.exe1⤵PID:4412
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD5f18e222e66e075f9562877560232aaef
SHA1a15b7218292b4cf7b592934065dc981bd28f6f8d
SHA256e345d290bac19b4e98bff9cd50168012af5e54ab652eda05de46b248d0123c78
SHA512b606af03c0eebe720e8bd093212fe98ae3a064f54165cd633d036c9d577254017398e36af7f207ca4f327ade66f2151c900127a4859d2e82a07885ba2714860c
-
Filesize
8KB
MD51e7c1e39c62abc019c0d4a56f4466d56
SHA1e54743c3aa943fa4a49226e666dd30b6f5722bde
SHA25623a146e81d63e06c257df96b7f6ae553372bb2303d4e00069aebfc3ce6884b2d
SHA512bd4ae40612710a5d0643f3d5f0afce3af2722348ce04337cd2fd5bbbe748086a7c96b42072481e8488ed2e149b53dc93191682fd40b630eabd95b225faa9d9e8
-
Filesize
44KB
MD5f71f35c9dd048ebd9ec751e7879e1611
SHA1d2713f219d8c1833a9e2e2bfe2f9232067e23a49
SHA256290d38a70af324a55cb7aadeae86dd365795d52c10186969a157faf7bc0e40be
SHA512c5ad7198076db74b54a5c3430ebddf40fa16f6e0b8a9d72af514e5c72a5a73ca411b8f36e3e6d3d683ff2edb006d07ce4051cd158349acc32478c6f13a66cea5
-
Filesize
102KB
MD546a5e098ef18babd7bb8c922a9b66e18
SHA1063fdb82191bde22eb311ac918f49356581c84c6
SHA25670587503de79e3bd1d9ac258dceff1d3c06c2ef9c0d6863cb2ac17667e48a46c
SHA5128432b2ac534de17430e0d0ff830e0cdfb44f1c23918f0130f862d7eb2e171931664997e1f9d302c5c60fe4e3694fb396b1f55c7c19032de3f5a610de7fd46698
-
Filesize
86KB
MD5d6702b9c88074e8d933777882cbd05f3
SHA1e090a2849e7bfdce032223b069c1a86747f6ad24
SHA256e79e0717c1e616e570008527ecf72616a328d3261994c42c9720a57112e67bfc
SHA512c7af363d83d63cda44c2319e9173407d7526e54377a63334e38b090e519cc940bb3eb5305ef057c6931dbb27404de009b2e7cde9bd4a55c9d9af3a8fb747a164
-
Filesize
10KB
MD559b0df6e6f2e0f7e1e432045c4b81393
SHA1faa64aa86bdc54350cf9fbefd3bdbf871d9b9644
SHA2560c1a46e4f353a67dc2f69094f84da6512f97780bccfd7d06c3eef188cac0d2e3
SHA51250ac9e2c07adec9d4f4565660d5a1c0a38b4d057ce2d5507e49b8b2c8706bbc9ab13b749433cc721ace277812ab6b43ee4eb58542ee815a92afceda794d771a9
-
Filesize
48KB
MD56c6a9414d7ea733854bb291a842453e1
SHA121859c452d2dc4bc9f23e2eb4433123790efc675
SHA256992de858b0ff2412a2c771aa6836c6f6b8bafdb1e93f3dc2a3af4415ca282232
SHA512a4c8bcb0b177e44ea37029cf0c031204eefb0700a172a14ead5e16fd7861099e44b268c2d7909fda531c69713765842019f13ea8c2b01a1ad647c54f78925abb
-
Filesize
43KB
MD59d224e27dcc684bf79a4c646f2682abf
SHA1680063e009fa1e787b553d29ca79cd79e6db37c6
SHA2563ae642570dc4bc32f3e46631677bbb9a6a95eb0f3e9e91de5d1eb203d0cd6fdb
SHA5120287d7e186f74eb4181989383c4d0aa9d596c65b4f98ded07125e1acb8c27b95606a5bf81d0f6636bcd41c2669b7dba6ece2cc7e1e09bee53b92b4724ebac729
-
Filesize
45KB
MD5a56e2cbc1d7958bb39663c5549f8b03e
SHA13e3850e425d730be051a0b3a6820acaf14f74fe0
SHA2560489ad1f87cc458650f0491dbf3a2f402de05ecbdce773a0e0b3d493f347a644
SHA512ae7ea8ac1449a228136a182c5e391b063b69b3317339b950d67847f8395a0defba2dbc991b007918c094906dc12e4d4c2ea4f27769bd0c4b720bc3685bc9ea9b
-
Filesize
1KB
MD5b26ab5dea30d7a79fbe21ff99510f04d
SHA1b524cf8c3edb3ed735908e0c6aa8c2f6434394ae
SHA256ea916499b6d5a573ac9e7aaaff69bae0288815e86f1d156f452212c82877863d
SHA51288ac35fddaa45a88486b6dfac203110b69a7974123fc1a2ef2f6f64bdfcda6fa10d2c8619db601e4337d3b09b3b24d7d0230607d6d613e6d49981bf2e70ac3b0
-
Filesize
55KB
MD508c6a135af06886401124d69cb42306b
SHA1fa4e3550b40beb60efcf8c898c196c618bf1f873
SHA25685ec449e91a6911d582b976707d5f5e8de376813777d1da24e5f1cff08fc1ab4
SHA5129c880d5a037a9ceee13ea900b64b3aef9dd09ca4c703bd5c3c6bebc6e87f9225ca314309b553fe27de8b8f33737c82f28048b69b720187ec06d3c18e0e37f0de
-
Filesize
1KB
MD5ad19ec45c94e06aaf6d7a1efd69b2aae
SHA11232c62d5ae0b897ddab5e646068d183cf235318
SHA256a061a44e46ec2e5b1bd9870d01a225713f3178b4bd595eb519bbf534b7b97354
SHA512f417bedc64bf0c718ba640f70bbdd44d96aeaf4a2b9ccba59d175617d1c7630d7a86f34d4cefc1a5eff6c04fd634be251a8f23a0008dc7b9f88b4d9b34dc4eef
-
Filesize
41KB
MD5e9bb796d2d3c7ab88d2cc99ce93f294b
SHA1cfceaab1df2a5f8601925f9eb5f17a978cf2bf3a
SHA25680ec8f2ae6d38d99b786fbce3cae3a78878d88b2fa2f00f5bc5fc87e2ab4c9bd
SHA5124da20f8631353adc5df6ac4e9a762b172f3c7f1484c432316c34dce3741d759fed2ce65fdaa187df86eb9c048efeefe02fbe09de6342ee7927bb1621baf17dc4
-
Filesize
1KB
MD53ab97077d51348e470f86ab4ce706a5f
SHA17fdaa66160ccc05a0ad3db2e78efedf2cc1c8d19
SHA25602146440a81385197492390c279ce9197273716ce9bebc279bd90f556c1aaf3f
SHA5122c08e90e926c38b1f8c8adb916d496e67c033b29ebaa532c44076e98540f0b26e35dbc17fc6a31e2a20c88198e42eb142c2ed2879bae156ad2e237caafb4b0ba
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-983843758-932321429-1636175382-1000\u2FlSkVS\UxTheme.dll
Filesize29KB
MD575d3dc712a80b8ff601459d7a490b063
SHA113fa50934678e8f07f5790777aae5846a006707e
SHA256f8f3ed968e321963292e6a7b0a569d926da37c934ede7175521f0c8807c3637b
SHA512a22543a969e6271b7e4cbbfdf90272b795b0d678a0a7429bbcee9f3337bbc063e930093da23305ee266f2c0b53c9834fa3642c87573fc1ae2f7eb3186629d275
-
Filesize
6KB
MD587440dadb17880f79168ba7dcb5540ee
SHA1f792a0a7104337c509699b54d233ff92696e7059
SHA256b3c652752c66bc7ce09a75b1015b65271ebe6784d92ce06abf15d42a315e2ac2
SHA512cd7b1b166f16bf9f9e758c32ac507d3de12e25178ff6f01f41a0a42ee40f3d7fae199db8dcbaa56bd303116f62e56b950c7d37c2eccb143b4f69b800c269579f