Analysis
-
max time kernel
6s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29-12-2023 22:27
Static task
static1
Behavioral task
behavioral1
Sample
059559658c6c1cd49d30a8f43d1d45b2.dll
Resource
win7-20231215-en
General
-
Target
059559658c6c1cd49d30a8f43d1d45b2.dll
-
Size
1.7MB
-
MD5
059559658c6c1cd49d30a8f43d1d45b2
-
SHA1
56de1a741459ec1a8a18dd216ec3488229c582e2
-
SHA256
9d0e8397fb43fa3f9c5cf6cfff056b1f65f3f6634398d210c008698499967585
-
SHA512
e04306bbbd176acb8936c1ff410bbed29a4f459e25d2315ae27094c01a5e760ae278df1f086ad44c3b462aa4a1ef437cfa835b4fd0d06ee7ab737a12d381c165
-
SSDEEP
12288:UVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:RfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1320-5-0x0000000002740000-0x0000000002741000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
rundll32.exepid Process 2080 rundll32.exe 2080 rundll32.exe 2080 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\059559658c6c1cd49d30a8f43d1d45b2.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2080
-
C:\Windows\system32\msinfo32.exeC:\Windows\system32\msinfo32.exe1⤵PID:2556
-
C:\Users\Admin\AppData\Local\CFC\msinfo32.exeC:\Users\Admin\AppData\Local\CFC\msinfo32.exe1⤵PID:1648
-
C:\Windows\system32\ComputerDefaults.exeC:\Windows\system32\ComputerDefaults.exe1⤵PID:984
-
C:\Users\Admin\AppData\Local\iVNfEiE\ComputerDefaults.exeC:\Users\Admin\AppData\Local\iVNfEiE\ComputerDefaults.exe1⤵PID:1468
-
C:\Windows\system32\dialer.exeC:\Windows\system32\dialer.exe1⤵PID:2516
-
C:\Users\Admin\AppData\Local\eLVXeLo0\dialer.exeC:\Users\Admin\AppData\Local\eLVXeLo0\dialer.exe1⤵PID:2512
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5b287e3b2ae308cdb16f1392bf62aa4f3
SHA1ea8c91fd57fe523496475e967e5949dda6012798
SHA256b2f8d0447d1a6563ba43306469d0cd5ef44ae401a7e2c5989951660626fb60cf
SHA5120803ca62c04f88929247781dc06ebb00d2cbf14279af3f3fd939f174e8f5d9f8226edd62ebd5ded2569454ca0c046b679817325e8f57ffb8bd9231b2ed8ac43b
-
Filesize
58KB
MD551a680a738a1c92a223a5321198bc765
SHA1d2a6197a644a8767f36282996302017f549c866b
SHA256e789061d60b0864b573306eb719f9b11025ab4332fed607ff068684c26fae8fc
SHA51257666c1553869817950b00a24cac571e9e0801e87721094a9b9e5929d2d45bd179e1b87b01ce60790fe58c93c64efd003cf66378ab6d823598b07e1e66132e8b
-
Filesize
75KB
MD55d1241b02473f088141207cf0bdb7294
SHA154e40bff76768410cd154f0401d55a87b759eedb
SHA25668ea0184ca49facc9eb9a601ae4a600604f4faed70f124d01ed61c1f26ed64a6
SHA512051e55f68459b93424c00ad33289ab4a325939c3326776cfb995118fb6c158df00f151698e7c6984f9cc41f1ec2067c85d01cd37fd9438c9584fdbef2fa92c47
-
Filesize
23KB
MD5e43ac67f469306670df7d9a8edd098cd
SHA1a19b9a3f7927872e7cdee45be471fce95d7fca41
SHA25607fe5d249222f0b306bcbd2bc9586170426add97bb47797ac82647bc5341e0ff
SHA512f8e7044f3cdefce21177a155ef28783f729cd9cae4faa5bb5f8a0725ca424c673c400045f6e20e56b7d211239c03ff08a8db209a6c12cf48aaeb8caf50f047ac
-
Filesize
5KB
MD55befcad875be6ca438f9e90ffd0c5e5b
SHA129744924dd7efd50349df044d41ed7476c3983fb
SHA25693379ea6e97bf491305f03d544f7e24e0e140db5806f1e0030e714e236db211c
SHA512bead71b2f320b1a1189d131d9de2f5f65e7105eeca6d7b4f405c482b279bc9f412b894e1342a013964aba87cc838d72f317165797214723ec7895804aed9eaa9
-
Filesize
36KB
MD586bd981f55341273753ac42ea200a81e
SHA114fe410efc9aeb0a905b984ac27719ff0dd10ea7
SHA25640b194be2bad2d3d4d1b69f9aec2853c8b663130810a11607ff72a9e3a06d5b3
SHA51249bb6d4bf7a9356fadde7f6165af6973630827d28b69db10ad477a84d98b08fb82e4daae777166e1ddddb5b5efcdf634e4e9bd34b255dae87462ba32e8bba143
-
Filesize
32KB
MD54a7b5e7ca3f35ba6045370489ebad43c
SHA17fbb8044a20e2d3a11e1de46e425189ed060acbb
SHA256cf941568aeece135f4d459636e4e21ba662f7f82a76b63440fa7a1486c060270
SHA5126fd561e71cd2e2546bcd62af32547f87fd011ff48913abd01649692aa7b6d2d5741b1ac05220fef44d1261cabba73701e36524c9c6399242a973d308a838310c
-
Filesize
13KB
MD570401156f286f63920f0b55a2d0fdb6d
SHA1a77bf0aff534d4f9f3dbb1404715c1795eca4b80
SHA2569a92559c1573dccb4d0da9cc3d25892f7af26339f5d91a7092644db33ca77d61
SHA512e557a99151678cf1901f06e30aa4ed5fac6dfdac2bdf3ec1859e75832db9d0df7fdcff7e46aae345896a3e58a743a4a2f1f4bad494c1ef9a420528a688128af5
-
Filesize
13KB
MD581034b9eda4df9b3bebd4f90915c7948
SHA121fc9dd6fffac544bb2a1d719f3d70c6df803e92
SHA2562ef8456a0c82b692525fb1db24888be3d978b77c17919bee0f1e33f7a557aa88
SHA5126485a514b24fb203d4b9524a42cbc061438049c0eff6dedd07825d908185362caddedd2ce99e2357deaded2ccaf87d75e69e82d5c0d3959d694d07967e41ce98
-
Filesize
1KB
MD543fb0b3fd2ca6c54b0180319d18969c0
SHA1e898d7f4a602eb4ab2dc6b6bbfca709705fd6779
SHA256437905e8fcb6d42ae1edb311c87b3b353102bf6b8d6a60aa5bb244dc40bcffc4
SHA512f2098639a4b6fd9d0c36cf8ecdc66b313f68ec1c91734f455734f8d7fc3a35114648dd464460dae92dd336308c1b31b88a4dfd5fdb5712fb395e8267d06927a0
-
Filesize
1KB
MD569b754b6e32bf8840a5ce64a7a2d0c4b
SHA1dceea94c6566c99d6b553d9bddf48831060db031
SHA256195807b6cd6f0f574b2f9af79640103dc456fd4e76af77a6800a4d59214efd5d
SHA512a49908c48f1ba489e115267f990d1fd8ac205c0708b6a41ed386a9cf1c8007b1e96ba0efa70ae0256dd97dca750274a600a3b76670e773bec0da0dda08282748
-
Filesize
61KB
MD5bbdf4c42ddbfdc4df9efbcc6770363bd
SHA150668a03e70b6bc2245f8b7666715ede7f2b995f
SHA2566080f62e5d6b3a079218e19dca75b59bbee764e9ff86e5cd603bdf68c3c094c3
SHA512e473d945080c8bccc47cbfe88d537c95a811725db472ca32737d3231e709916e201a18c8a7addb4cf2854bf9f8eb851f4552829f365e1b13b02de072a8f86e70
-
Filesize
40KB
MD514e290539bf51b19d7f64b8594a9f84e
SHA133773c34a2a6be28874f7067da8e40fedc2d1dc8
SHA256d5ebfa578f8271fbcf5e1ef136c8107f34a825cf86e0847ecd25a0274ec8c4ad
SHA5129292ebf9eea4d58f704118f26c8294ed66352a342324fd0a33983eecbd60745b00003361b10367246f8ce503e7be3e63700da5f683146f751f34b3e8902025c8
-
Filesize
7KB
MD52e4e2ccd69ee04addf973c1e9141ca46
SHA1e0fd23c8869d8e13915ba4df8b1f46b254d323f9
SHA2568c14518b89587350664e9b59569c0823fcb8ebd02c0c50c60170fb6e3c884c0a
SHA512dda782f58be9e38d55b2f10572df56edccd87e1934080f2b6fd228009d8dac6cb83a2e1cbf75aabd14bd98c416aebd0c90fe2cda8b602ad603d819fd62aad1cb
-
Filesize
2KB
MD52e23ff0050229465a8a0770c00c9c4d0
SHA1763f21ff18596ccb58b150bc313f0768a6add641
SHA256e7e7196bc209b9573086b8c81af9e139f285c18d51e00754b44dac8c350f3bcf
SHA512c5431c764201c00055adf9fd4d828f28da470536d4c60ecefc2f29548d49e0c94e7e660879a5e72f6454640a25c21410a28f8d59e0ee95cc4da7d830f57cb2e0
-
Filesize
29KB
MD53d823de3065e2ec2a64d1e925c0817c8
SHA1ad5032619123cbe5273b269b154fdd306c37d0cc
SHA2567a4d15007142183beac31d4a68b306ec291026e07d547e4aae52fa20e7da814c
SHA512747df9445b58bcde4ffb490c0e5c661b934ad25e592af38c15cc2b0cc10aaa5127c56379edb2acde06fda1874c2f7b6f3c0709a0b4c81627ea42a0755f26e918
-
Filesize
34KB
MD546523e17ee0f6837746924eda7e9bac9
SHA1d6b2a9cc6bd3588fa9804ada5197afda6a9e034b
SHA25623d8a6a1d847a324c556c30e10c8f63c2004aeb42ac3f5a5ca362077f1517382
SHA512c7117c3778650864e685bd89df599d7cdd9319d757344ddc7cfd9403d6673964127f6ff0c5ac48455fd3097af31a6ff09173f85dfa7be2d25f395cdf3692bb9a
-
Filesize
65KB
MD5943947b449875436934b3c261fa798aa
SHA169b1339194854d5d9d54c9e5e36d06a3e522c64c
SHA256f69bc763cb6db7a7cd89450a989eb7154b1f48d9ef0018c9482cf3b974ba261d
SHA512b94395e2d281e5bb3705d733640b033cb1012f4ed1acd7b6ff57cdc9c0993f4996ac3017ce873cb8869e7926633275885cf8dee487fd876169820aee84289feb