Analysis
-
max time kernel
3s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29-12-2023 19:17
Static task
static1
Behavioral task
behavioral1
Sample
017476e0432360ddcea82be7784d62c3.dll
Resource
win7-20231129-en
General
-
Target
017476e0432360ddcea82be7784d62c3.dll
-
Size
1.1MB
-
MD5
017476e0432360ddcea82be7784d62c3
-
SHA1
76763b98160cd831bbb09e2d7c99bd62d5f326c0
-
SHA256
442c78bea97cb5946f1754ba2e848784a617e377208e3c7f06f3e33b1a5192a1
-
SHA512
67a6fed3bf7893abe319a3df10baa17b9fbb38604a990c59f0f93fed127dae0efe2084088210ccc61da9bb6c372d0eaff01c4f030df1108b4da59182d1f54b40
-
SSDEEP
12288:vVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:GfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1376-5-0x0000000002AA0000-0x0000000002AA1000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
rundll32.exepid Process 2088 rundll32.exe 2088 rundll32.exe 2088 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\017476e0432360ddcea82be7784d62c3.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2088
-
C:\Windows\system32\fvenotify.exeC:\Windows\system32\fvenotify.exe1⤵PID:2760
-
C:\Users\Admin\AppData\Local\A6gXC0\fvenotify.exeC:\Users\Admin\AppData\Local\A6gXC0\fvenotify.exe1⤵PID:2492
-
C:\Users\Admin\AppData\Local\qStPivP\raserver.exeC:\Users\Admin\AppData\Local\qStPivP\raserver.exe1⤵PID:636
-
C:\Windows\system32\raserver.exeC:\Windows\system32\raserver.exe1⤵PID:2992
-
C:\Users\Admin\AppData\Local\vt1FDm\SndVol.exeC:\Users\Admin\AppData\Local\vt1FDm\SndVol.exe1⤵PID:2772
-
C:\Windows\system32\SndVol.exeC:\Windows\system32\SndVol.exe1⤵PID:2792
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD5851a7861442df6b3e001570ed7f4aa62
SHA17f6700e3c83b09f6fbbc0940226fd3cdc59e2da6
SHA2565e0dd77b527df8700a841447554b26fcaa3334b7fc2be6c87c723a5e4038bbe4
SHA512e2b1e5dbb0b6d365baaa0d5b38cac3d82d3de492190f97dea7f70c8797bddea33c448f92a53e05e215b8de999cf0c10183b047eed56a39657b4f190bc7330798
-
Filesize
2KB
MD5e7aed7bf76e000a08f9c0dca631f955f
SHA1059d89c62fd9a2ac77e72f84228df6ea67d24a89
SHA25684ff05ce8dd3ee9e90af1dd94e1367a103a3176b9990b92d0aafe60a71216c73
SHA512c5494e2693c5c13888036687f51b721c9e5f40824cf5aee2a0df6336d3515c44d1e85cc8cffa0cdcc888772ecf7c052d23f922707b2f397e452de8ebb5ea75eb
-
Filesize
49KB
MD5d6cd9197c1450e2c9f56cc828cc5425e
SHA1e7a1678b9c0405eefcef5056ef446f048b5c9ddc
SHA256591bfb171c80c9763d982957c2b44c8e710fe358f1a2c8c239676e60a3722180
SHA512c5a0f46bbd2680c0732083296a83b4d5e097d4486b62e4f736e0e65e8cad4fd7853e470ed5b0b00d5c542648bab702360466967e184fa6717a083678387c73d3
-
Filesize
49KB
MD594a4bd796518cc17d93ac428169d05d3
SHA1ede6ba9fb90f6d11c66df5491a958875d1f246d3
SHA256497a78101ec3db281c8a0f05fd87d1a83ddc37ac3b1d0f387170277015ee21e8
SHA512550e8e612550c318cc2c33c18701b7050c7d464a8df08a4c0350a82fc0fe2b4d38cf102eba427d187ff3a5dc0ee19a6a507294bae92cc93d16a39877066a6f90
-
Filesize
16KB
MD556e928c04bfe67fc11252fca637f5908
SHA115ce8e79ccb32c3fd5b804b3e9f4dc5c2f47a475
SHA2563d81e3fc02cd493fef044e7595d2c34a865f149ac90a5c10fd3dd81bf4af438c
SHA512c29341ce94988cfa75d5b6338ef7b320448c055df5f7b06444d7c6ea9ec7cafe9bca3283bbeb80ec8a55dc45479bbeee300b7e53348c3c45e10cad70af7c601c
-
Filesize
8KB
MD5a4193ea7fb50ecd2e9753895ea65bdc6
SHA1a52ca1b631db0b4f927c0821abc709e49ed8310a
SHA256bb6f0a4d5b29c8394ae098d4ce9b25849f9587fe5820f7f06cca57eef5240920
SHA5125d5ca7cc6eadce069734eba9ca549bec4463040c0dab4bb4caf1d4199c5fc39892bfd4f6747b5e661609e894105f1e650b22819c81541e2ad3a1d71e03084029
-
Filesize
25KB
MD5a491f37f08a8b09f90d7561205dbc690
SHA1ccd89123981d767442ba26d5f1590c20bc520ecd
SHA2560d437c11e6e4c24d14f9e9463171fee2dbf80042bcab049a40e7a3694a066a66
SHA512ac2f2b96a32790947b7bb170bf08e8c5419a13e8f7bfde24423b619d9b03790f6f842655a5852bdc24365ff4a3f00322df2411d1c91dc85d5ef2ee395965b8d6
-
Filesize
1KB
MD5c2d86fa691dd94bb1ed6735120394b55
SHA19911ea7b9956be6a9143a7f9ac07823070a8d0e4
SHA256d238712a9aecc2b7216aac1705412addfc2e227549137703446b9e80a8a07c74
SHA5124349d8b84403994eb1ff2f2c2e282083490d614de332d918449bbb4a0822a373f688fceaab76396818acef6b0c6bd4b1b4f8f4b085893d92cce01e71f478889a
-
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\QOvPRyNi\UxTheme.dll
Filesize16KB
MD5cb8efb99cb2b75695b596c57d20f7d70
SHA1f7efe1212b0c1e5675a63fbf6ebdd735bd2ac213
SHA25613bc85e674d511d5ec35690f42b2fc2617fa77c5460c5a050156474cb14f4ac6
SHA51224279948da1a18df9b1441323345d94006325ad3a6708d586aeeaa57295c8987044b5e42d063b0427acfa03582d5b7a208ead588367970ea93ab9eff284bcc0b
-
Filesize
17KB
MD5a0fbf5a93265ef8ae596209113430ebc
SHA1bb593b6b6fd4f1fb67afd7400606e213063d7fd5
SHA2565efac9c69975ae0f9f178407490bbffe19dc07ae03ac811d4ac01e5c498c7b46
SHA5122bcab8a3ce0b10fee86d043dbc6e13ae3a588500c353466ca70f4c37e24828905797836573dc291ce5aab12ec7a2d9f724a87259668274e4ecf472d91709cc6b
-
Filesize
2KB
MD5427164573ab0ad5cc4cca9714704388b
SHA1063c6fbf3ca377d4669c5bfc381901fe031877d3
SHA2560b258282621d0bab48ac6731fd0bf7ef4c2ef1352fd3c69c3ea014b224f23ae0
SHA5124a658a2628172229a6485536bd1fe72911cd00209f6f22a65cde0ba3c3294e8d8bc22f11c692c3146d631268d5d8391abb144ddc4c10884fe7174ce3645bcff7
-
Filesize
4KB
MD5efa6660d66cadf088cf6332ddc7b3c47
SHA1eeac71f013857823de44f2e46045dcddf2ab6b1d
SHA25624fd6aa1b69b8f1c88e7d7cf9b9cb5d3ef39b6d0ed623aefcb5d09587dfc5420
SHA51233cea10930c79db2f33f55d90bc1e327f762ed22a0d3213e78910108818b8a7e99ad8e68be04f3a14e382d547e2f5367a6c8190944982904035719851597d5b7
-
Filesize
62KB
MD5837198683a145ec0b913664019e83f73
SHA1a9a81f972b01ac9e7e28fb7f429cf30fc90bc4a5
SHA256b8a603064a90cfa83fee07db4c06179fca34737f1c18684bd1a1e6d0120b9387
SHA512d0591d1cbc61dd3f043db61ead37729d15dd86d825c7ece0a6e4202ab39c7d335836cfe15c23aa05f2216fdde087b587606057817776061cebc8e67ca3d4d0e0
-
Filesize
22KB
MD5908b10eff3f57115ca45c436e372dd0a
SHA10459b0d200c3e536a0ccf6ecb13628138ff1c702
SHA2568e74f21167df8e75f6e5d0c1b6fdee3f4bed3af4811f90ee6cf28acc8e3e71c9
SHA5129b47619b9e25a2c8b55aba133616ea89884a25b7eca55bd800887e298472b9c39dd58b09fbd6a1deddc741c605fd8e2b4f264c5633e1864f2a79090f1f35cafb
-
Filesize
1KB
MD5426847f2f2ade9f7cd1ae6482785da5b
SHA161ae84672592f101ca3da5680d455e19966215f3
SHA25645daebdc79ada74bb65c1fa350e3a9cd2614a80281543e7c94887e11add82d26
SHA5127adce6ccbf8f930aa60c5e87436a0a4d25959baf3e623053312ddc3befcdaf8b9d8ae72312a6a74ba8bbe0ca69aa0c4f94c2b8bae77e8414054988f3220d4ca9
-
Filesize
18KB
MD59f5f8c9886bc0312fb14cf81870964c4
SHA1c08c94c8a6165a431599052d4d45d5411dfde6ca
SHA256bf86493506c133c5ac89a70d0f233fc79f678d981a82f7ce9e7237305db27459
SHA51219b9139b9743280dbc26e245b73c3c22bc7b351f4919a37438888c4fcbf4b75218f875752f6ba550d206dd926e88569f2450be4669b9cfd71a4feae348eed531
-
Filesize
35KB
MD55f699aa5c4535998bbfb329cf7b74529
SHA13a2f5f87cd883e4eb4aeb250f0ffdf7078175f5c
SHA25641c0451f7e2a9ef229389d5e5ee05d537132d56d5b8adcfe6d094c8b4dc47e37
SHA51262712bb005dbb3dbde55b644fb7002c39b1e1a3d4230fbfd4a1856bdc7160993374b1bc242644b2a61fae77b1b6eec3b4b2ba84e1dd88873890e32eb51d09b5e
-
Filesize
5KB
MD591d35f998d06e4f0851b403ef9d345ba
SHA166cb105defc487f9ce203c86c4fd58e417bea5fc
SHA2562a251a261d2c43bdbf6a5d79a0f174e7c3ae24f063c804d4a53ef494f4abdf4e
SHA51262ed3b136157693e43d37a599a018261637c46e5db48edfab6cc4332f212ad0543c72b04f66fb9f33cb0893060e00b9b6dcce6b7ba948f612de76cb2781f7a23
-
Filesize
3KB
MD57e49a31a2abe6ca3ee878b97421f23a3
SHA1337b081978c310f3dd65bb8838dd4a09d78e35db
SHA256352e8913f91918c22d9d731ec50ab97658c210acfca1baa06214509f13e5ca77
SHA51293c07592aa7762b96193b8eff8acaf0770c213f7868dc5a7326b483f08c6681e8d7252752850938ef74669edc930338de20e6cb2c4de1aa756a99415a20d76c0
-
\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\QOvPRyNi\SndVol.exe
Filesize1KB
MD5324c7d3342a3b0ff363d007ad5774cde
SHA1adb12faad353b37618778f75a3b3a4a424fa8901
SHA25631ee212c53d0d3dd2323c4036c761c97e94a22003e4cf7cb10088bd861282d74
SHA51252ec6d05bef3de55f2d988b58a0cb24c90a397a6388133e5fbf93203edf5c9725744a82191cef6eda79d198b93f06062675d9a0d363f82f280e815119296448c