Analysis
-
max time kernel
14s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29-12-2023 22:49
Static task
static1
Behavioral task
behavioral1
Sample
06194ae42efb4403b501d255e4ee8a4e.dll
Resource
win7-20231215-en
General
-
Target
06194ae42efb4403b501d255e4ee8a4e.dll
-
Size
2.9MB
-
MD5
06194ae42efb4403b501d255e4ee8a4e
-
SHA1
865df6831aee519d1619f07d5bfe5474fd5d5d26
-
SHA256
3c710eec70ecf93ecdf44c999dafdab9edc3552a0c7a546116441691499be7b7
-
SHA512
299da5d167d66a68f2ae5bbdf7bc64921840aa1a1a7bcbb9226bb8863fb8ba05ac383589eb6275e107c89ee5c130bef616f85fb2c1c28fb06aeb5efc915d6cf3
-
SSDEEP
12288:hVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:QfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1220-5-0x0000000002A80000-0x0000000002A81000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
rundll32.exepid Process 2216 rundll32.exe 2216 rundll32.exe 2216 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06194ae42efb4403b501d255e4ee8a4e.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2216
-
C:\Windows\system32\SystemPropertiesRemote.exeC:\Windows\system32\SystemPropertiesRemote.exe1⤵PID:2960
-
C:\Users\Admin\AppData\Local\nVENOP6\SystemPropertiesRemote.exeC:\Users\Admin\AppData\Local\nVENOP6\SystemPropertiesRemote.exe1⤵PID:2928
-
C:\Windows\system32\mblctr.exeC:\Windows\system32\mblctr.exe1⤵PID:1212
-
C:\Users\Admin\AppData\Local\HsHEoIOt\mblctr.exeC:\Users\Admin\AppData\Local\HsHEoIOt\mblctr.exe1⤵PID:2032
-
C:\Windows\system32\spreview.exeC:\Windows\system32\spreview.exe1⤵PID:2640
-
C:\Users\Admin\AppData\Local\cVcIHm\spreview.exeC:\Users\Admin\AppData\Local\cVcIHm\spreview.exe1⤵PID:320
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5d63f012429a572ecf304be3128fa48b2
SHA1240d51bd1afae65286c155417b7b8c66d5339e9e
SHA2561c2fbc2a0378965adc0822534561fee6a56df0ef6cfefa1ce8d3f0b956b23af7
SHA512691d098f2d9495b2317bdc6839847ff565799cce6a2271411624b8ff80a0a18c0b24f9596e7bb641dd6b0387a94ad67e85e58d8d16db7139a8968c7ae5a67a89
-
Filesize
9KB
MD5e2405f02b089b396abcf8e4a934ae6ce
SHA1bf373f04d83ae82b62242ca914572eb773de820f
SHA2569aa8525c8a80710480b0a0e4c84ed423451810dda879da6142da3463f974ec9d
SHA512938bda52d28d2eacd482a8a7617d36261ca9e7e134811128c2fbb79becff662c62569c86fa80d81895c1b45984d2ff5db3cdd0f5f39f55f768d69db7b4b9bb93
-
Filesize
2KB
MD5d23dbdf459b919b2f57f4bc65f5a2f2a
SHA1a2ddb5b1119f9bc4e30cf3658fac6605203b7ade
SHA25649b3c27489c93c9e8d68a872a3a9da30544ebeda83e858176b8e6956830d4acc
SHA51202bd54f19b2bbeeb4cdf9dfded07d570f27bd7580f60351adb824f64fa39067efcecf4a84142b133c20d0d4e5437c38435f28e56576348df5d49211594be9bca
-
Filesize
17KB
MD56cec599d3319d3c9aa062708de3ea645
SHA1bd3eb26e40692424d28b65c5754fe8f1f442361a
SHA2567f6f6baed15e7f1a8e07cce3166efe95b1422595a66a17a21504da7dceecf4f2
SHA5122f0b3723266c717a351b2e59e8e6ce2bdebe09657919b5914079ab72515b483d4ee8522a75b02a4a7ef9b3b1523f7a95367224cdb5ca3cd8778a95a0a11e374e
-
Filesize
7KB
MD536a3ac541f4aa4215dc06b61f8110ddd
SHA1a881dcf2cde16fd9e703a19b90172fb1b704bb59
SHA256c2348c600af4a907b4b65a121a8f5a1852f4d0f1b5478227836fab85c24d318c
SHA512b86e2325d10bfd5e553abffc77ea202aa83fc771da86a424c89bf244d248ac8fc42a9f12f4ce3828af533ec4ebd16fb728ceb6f3be11cbfb82abdd030e129fbf
-
Filesize
47KB
MD5620b7f54d33545822801e7fbd907d257
SHA19b668ab07c43e381fbe721de9388df729a587732
SHA256d9d8908a829e27a644ff8848db5679e875acd46bf5935d7be13622f157c8da6b
SHA512d75d45e20b32169dff0bfff5077dd6a6be7b82619ec055492d87f0f40dfcccea665744511e119f4d93a84d832921db45fc90b4f56e171ee8683acd434d24bad2
-
Filesize
18KB
MD59b350d7503908265a154b47a86345b07
SHA11d2284776d1e6012f4fcc29f158ff7ff1070110a
SHA256b263cda02f09f8697d35b40c5e57b2a37982739c7f895ba067c15c9d492be300
SHA51235e86331f51f8b7d46acee13a2803bd62a705cc5202620906e265b34a120ed159f475ce5384bdb2310ce2bf3739268243dcc926278a0f201b12e70a35d1f9c1b
-
Filesize
38KB
MD56d1fa6ea29440c4bdbd46221a3a44f2c
SHA120e3b306b37639ee19d1768bad0532789be03f95
SHA256345f5285ca213160f522c3fe056e123bbc9443bf49641df8e7d841f999cd9bff
SHA5127f7a656dfb73b5bd83ed54536a5fb1127e54b974698c4f21dae63b5a1ba92a6b20c6d03370c21f2cf970e3de8adb9a1193586af0e1165f39b8e61df964da6517
-
Filesize
40KB
MD5c0a3f16a87082bc6c206b9c672291c51
SHA1c39a6960fc55efa770f65b7ddd2b87e1f15144b7
SHA256c73b1d233b97cc85ddda8e9dcaf59caf343b88c95821fbd6fd09b37d1f6092d2
SHA5127ff97c023b6f0bc229c098efb6fb3020a126b9fcb3b89896ec8fd00000cb7016a08ed879da08141ce6abc812cb490b139b2a835cbd6f135769fa6216331d85d7
-
Filesize
1KB
MD5950bc70858795a7415c82993942da0f5
SHA1730c31588c6c4e11607a449cdbce07bfb0d3a58c
SHA2566c65e58f55ac8ead5a9ba150c389299bb71bf6333386bf32dd597d33e304ebb0
SHA5120792381cef6e7ecd38972351a4b9b1ac50220c4771c509d8913171e9d41d32fb72ef2e48ac25b02462995243d2013aaedf306679e6d9245fd862a23211d777ea
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
45KB
MD59de9c1d4c3e3e7c69c0e4ee671f9571b
SHA1a02a21b15139ef773542cc7c1f873fdaa3fcb969
SHA256dea2f77c3f5cdb542da97e91c786ca1cf9176da5aacab4314797dfcb9daf7417
SHA51235aaf88bb06a62cd5ae5732f87a1425f870270318bf819217508e02b30d809a959b7e7988ccecdd88865c3331cc9a88d8803581f2567f999bf0c69e33e2b50bd
-
Filesize
92KB
MD542c6271b1037471ac8ded3d43045e3c9
SHA1cf977c241f4359ad28a932ec544c2c8350260ec4
SHA2566ac80942a610a7eb6b24618702c05380dfed7bdcaec8852da9fc148c1de19b41
SHA512bb5799eb06264d59a01a93e11879e7cb143e7241aa30f8baa989e881fd20be2b7532ca21b147e076077e86e46b41c4672022268fc7e20416cb8c1df9ee417d1d
-
Filesize
6KB
MD53c9449697bdf87d8ba458d18602c33e7
SHA1bc97a1843028b508ef98d07e99bbf2c54e83e3f6
SHA25646074f83fc78e7f921a911f2b8a3e174a59ed9737dbc6466fb42372faf8cd61b
SHA5121465e4eb504bbb7db0a704d1c4ebf939153591e76875993e3f14250168fb9501aaa1f52b5ab9628130ca59b382063356d829ae9aef8454acefe04b0ed7024b44
-
Filesize
19KB
MD5122ad10f0ac43029d94373388acaa6ae
SHA12da9c6e57a73979292863e546c285a56d18999cc
SHA2565389fee1c97cd9338b953e42c7e532025ff85860cdb75ab3753fbc2903cb0528
SHA512244301dd553fd1c014d67d4724d9e845c8cda2fec26a267786c0118d53ad531e4c9ca83af67bde6c367a2a8672162cace91b77917953d3bf7a8aeb0cbeb203b4
-
Filesize
21KB
MD5a80eaf6005b3b2e5bb482459d5a7ad93
SHA1c25169efc10c0e866689f96b3493e65cb019e681
SHA25684e23a78ec26922b0d509be66ab8969ebc267d9ed2d8f0d5ad82480e388b54f4
SHA5122a82b4e0efeac04350714f6d0148b53efb6dbbc70971b2f42ac29c5f9c4be467c5a4201bac08e1ef9bbcd3bb19501333561de15c10fe4c82b1e608ad954c02b7
-
Filesize
23KB
MD58175040c62a7688ddb35ef888ff0c469
SHA1b4698e7733d12b21df5ca04c3aa6db20923e7381
SHA256b4ea29d81135db7891a8e5f9da9a2a07f72272fea3dc8e5284d25fc2f825fd17
SHA5122f5b528cbd033bcc36dd1ce644e524505beed13c87563882eb7723eede8fe9cc4c5c4da8c3c25eec62dbbb42fe9990eb71c525ece351ef1d0a0df32d5422c04a
-
Filesize
18KB
MD5ceff312d77ba782d8e2797573c994c2a
SHA1625081b6a87cf683c98fac4d028d0e5e74c4a81d
SHA25645d936c1cb11c236f8b8987f676ff0a70c328620285b1aba9dbfd4248fe2483b
SHA512566cc2a39fced1ef25277c42c5927cdacd48cffc3e56b480b8721b2f617396dab81ab1603823e0d62a5f0ef8f4e5d3ce938e220abe24ce7a72cf0b236058bf5e
-
Filesize
16KB
MD503e3076ddc7cd2192d08d8afb6404114
SHA10d1229e4298b1050028bd0f06bdee3fca23e9c27
SHA25627d95401d42bf8988a2e84b7fe18efa4fe635a5ab293f42fe965dfb2bca70ebb
SHA512cc2e6c7e81f9ed125feb32365665ed11357dc7a0902dfa9852081d9051a63dd0849cfffe483fd66a9f041be1daeea1933738c5fd832256860da0dcbf6344678e
-
Filesize
24KB
MD5eaa499deb3bec72b3d51fb149ffb9310
SHA154f4b0cd85ade3de0b917a91612bc4eb99a24d76
SHA256d77d63dd7dff52d1196b70156e081d2f878a523409d4535d91343397a4cc67e4
SHA5129b98705591a82cd66d35634508b086dc243bb68556a15c681277cb98b005213f3606ea72dddf715c44cf518f6b6db0f28e781805fc23795005fa91a0087bb326