Analysis
-
max time kernel
3s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2023 19:48
Static task
static1
Behavioral task
behavioral1
Sample
023797dc02047e4d9ff5a2192e29df8a.dll
Resource
win7-20231215-en
General
-
Target
023797dc02047e4d9ff5a2192e29df8a.dll
-
Size
2.3MB
-
MD5
023797dc02047e4d9ff5a2192e29df8a
-
SHA1
bc008687c6b96d7bc46acff71d9a241ca71356fe
-
SHA256
9f8c3763244712c98190cd47b908b20c1a3486de99e3cf4b0d9b59b02bcb5f9e
-
SHA512
37b71cf639bdd78a10062511269b785c22eec6bf578ada8b0385c98b826a654d8351efe4f57d3e03afc9d32623ea212fbd0753da5fd1bfe15a18dd1047185867
-
SSDEEP
12288:DVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:SfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3428-4-0x0000000002E80000-0x0000000002E81000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid Process 4812 rundll32.exe 4812 rundll32.exe 4812 rundll32.exe 4812 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes:
description pid Process Token: SeShutdownPrivilege 3428 Token: SeCreatePagefilePrivilege 3428 Token: SeShutdownPrivilege 3428 Token: SeCreatePagefilePrivilege 3428 Token: SeShutdownPrivilege 3428 Token: SeCreatePagefilePrivilege 3428 Token: SeShutdownPrivilege 3428 Token: SeCreatePagefilePrivilege 3428 -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
pid Process 3428 3428
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\023797dc02047e4d9ff5a2192e29df8a.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
C:\Windows\system32\dialer.exeC:\Windows\system32\dialer.exe1⤵PID:804
-
C:\Windows\system32\LicensingUI.exeC:\Windows\system32\LicensingUI.exe1⤵PID:4944
-
C:\Users\Admin\AppData\Local\KB5CgUxjh\dialer.exeC:\Users\Admin\AppData\Local\KB5CgUxjh\dialer.exe1⤵PID:716
-
C:\Windows\system32\dialer.exeC:\Windows\system32\dialer.exe1⤵PID:3124
-
C:\Users\Admin\AppData\Local\YeJ7\LicensingUI.exeC:\Users\Admin\AppData\Local\YeJ7\LicensingUI.exe1⤵PID:4308
-
C:\Users\Admin\AppData\Local\r9IkvDO\dialer.exeC:\Users\Admin\AppData\Local\r9IkvDO\dialer.exe1⤵PID:1656
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD553b19f4741865c00149f7ccd4114443e
SHA1ef11b91625870aac6d44ee8617e1e4d25ae7f3ad
SHA2563aed139ae8d03c9c789b8b73c957b3b09b588d7ee4f97a21f3627fd32522703f
SHA5128b0d28956d076b5237761e692123e9dd85ebb4c69db69e6e48da3b5e0c34492300ce1c406e0fcaaba40fa1f7c2cf5dde746897ba579ddd8f2ffb9e4660f547b2
-
Filesize
99KB
MD563b0450f40216bd8631d96045489b35a
SHA1973d8caf21289625a51f3ed5b0ff6379b68a080c
SHA256bcefa3d6718919dd2759b753d59d06be35dc1871702a6a1bf1a257e5f51bf08c
SHA512ff3a63637cf6fdf0e583c354afb38bb5567ecbd01105f094003e7e6591b836587340047b5bd68a807fb6e2700f91fbbe3c6ae900fef9479d7a8c202f65323eef
-
Filesize
39KB
MD5b2626bdcf079c6516fc016ac5646df93
SHA1838268205bd97d62a31094d53643c356ea7848a6
SHA256e3ac5e6196f3a98c1946d85c653866c318bb2a86dd865deffa7b52f665d699bb
SHA512615cfe1f91b895513c687906bf3439ca352afcadd3b73f950af0a3b5fb1b358168a7a25a6796407b212fde5f803dd880bcdc350d8bac7e7594090d37ce259971
-
Filesize
60KB
MD56935f8327e12e0621cb0500ea483fb07
SHA1dfd9e0ffb9c88f310298b2ed8f586c20334f5218
SHA256241cf89f6bc845ec4161301c51f1959ac4b2b8c54c4974c50e70400838217e51
SHA512867d59d46b7a4ee30946eb6597648b61d509362027a055703b719f000303f1044dcd3a8f9eebcff1a47438142527e966143dbe7539f9c372b512b998cb0b8f82
-
Filesize
40KB
MD527fc04ca19a90bab9a6822da738f5bae
SHA1a87ca76a7685f1667cd1fa9bea68ba984b9cdc81
SHA256e33f1b0bc286780fec32e49087f411c269d43e0281dec2538ee2db6de9b98d87
SHA512913943a569371ec28551b8bb1874f75ccaeb55bb3cd04444daa6c125385f76c082471afcb28720a35b397b80ac8e0dbc481281388051e0d410115740c2cc217d
-
Filesize
61KB
MD5b7c03d0089301703a6a00188238d99c2
SHA1effa01d8c6c52aade41dc62aaefa5fc7c6744749
SHA256aa1658de85bf7b7ebb76ff89b9bb1406b84605aac72f814598062a0cabc2de19
SHA5120cc07d16c2f49a9bc906e1caa68bb9d928f650a88ec754f32ec14ff21db9e2d7d6b4fd7ff6fed899ad6d97955538f21699ec7200d9b90f29bece95bd37dd948e
-
Filesize
54KB
MD55eb2b7f44228a667dd409c347998416f
SHA10ef5465f0a985fb16cdde886d3ad5c91d7d8ef0e
SHA2562199746702b0e7b8046dc4d1e8f7881ccef8bbb300065da36dcff34cfd3b8a99
SHA512605df9a6c73c10a0b1c558131ed6356431cf035950f1c2f1624939acafa2eee0c9a7c4894621a20c01b07119f3eafcf275c3d7c4a81193278566508632df6929
-
Filesize
136KB
MD5a0caa52fb29e049448f12d5b7f43eef5
SHA115e8dff88427f7315997849de6eabbbae717b5a6
SHA2561717c25a8614e45f86b6e8d8c57ab97659a3f30008091997f88b585321ac1121
SHA512eca2e54d24866b7e7aa4b3347010b9ec36f57e0271dbe139f723e6ae988c608852d0ffca37ea264f29dad04e8284c5cc809940c69fe23f8e25471d8068bfc19b
-
Filesize
52KB
MD52907587a1274db6cfb96630b29a305eb
SHA14458b6c7516b599dd495533224e22a9a1af802c2
SHA256e7b0959d6dd76423baa8e5fa5ca426a8c4b5437d9f563678361d5d51c59bf55d
SHA512bf422e99feb3f66b294341f921d60584d839d78211be1dc6ffe19be71e225017fa5d65a4489b63161cfe0873b3eb1a72f8b154289751fe65796de17b5f6af50c
-
Filesize
1KB
MD536b8766b97d083b60fc22c8f2a0210a1
SHA11d08d6e13121a572684a2e5bbd668d7b127de7aa
SHA256383689f17588b4d90e11c67f31cee386276c3c9bf4b76533e4761457ae711d13
SHA5120128f03989b55bf1e33d38f36f2ba24dcf4b394c569304133f65fcf631be177db14ea6f64d1febcb92975ddb339bef0d3ad5dda6b5adba18e1dec730b98408dc
-
Filesize
6KB
MD5a43ac31b698b4e87d1e68ee7f06fcdfa
SHA18f8030d54650e75d392f6f8af28105093138af2b
SHA2567d2853c574bc884e0cc243957cd8175ba026b890d5a8814443f2cb9ae953c8cb
SHA5124cbc3db213fa4cd588391331d43e4f14c16b09637a6907b23429c54a68f375c656c8100f0ece5e75abedf9b1e8fb37d06f074f7b6cf96e8c09dcc312c9a670a4
-
Filesize
19KB
MD53c2a9eb4c98dbbe0e42ef375fa57414b
SHA17e994852adb8e113a8d793a0849fc586c52c7c39
SHA256bc49eaf09842a7c3b8a1fa37b94ba51e17f948736417cb4ba3d877738c8f4663
SHA5126a894e3aa9a12a280540a67769072eac518a43dcdc942059117a9664708386c5b80d5ddbf9970113fda7a3c0c0337ef8eacfe091f5618bf2b4c129b415013bba
-
Filesize
143KB
MD55596e4bd85f6a8e667e1f9ed7206ed0d
SHA174c5aea666751edbae4ef95cdd7cd9f4bd9cd1fa
SHA256711a964371584613d2dcaae383070d9ae5f3c195ed74dfdc8787bd5010701eb5
SHA51260bdda8ba5782c53724a545f21d7f48e500b0ccaaf1dbe466e2bde8b2f607da62caf36247b49120854735f9b25dc5e1ed21d3a73c6034e2579ffaa0fe345e5f9