Analysis
-
max time kernel
3s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 00:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
08813f878cb82d72137f676d7e09709d.dll
Resource
win7-20231129-en
4 signatures
150 seconds
General
-
Target
08813f878cb82d72137f676d7e09709d.dll
-
Size
2.5MB
-
MD5
08813f878cb82d72137f676d7e09709d
-
SHA1
f88f26f38331241120189c141189e91d8ca4dd50
-
SHA256
d019c751d5e32cf0c6ae6a66e17f3c47b9ab46b76eea50f8d5e450841060c8ac
-
SHA512
8d363518c30a7c18c5efba51af8a9eb517e2995ae3e11da66231badbea752b861a00f71bee7635498b536400c9dab1e24fffa92c7e6ccbd10e6e2b24319c3cfc
-
SSDEEP
12288:kVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:BfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1400-5-0x0000000002E60000-0x0000000002E61000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
rundll32.exepid Process 2216 rundll32.exe 2216 rundll32.exe 2216 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\08813f878cb82d72137f676d7e09709d.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2216
-
C:\Users\Admin\AppData\Local\tpr\TpmInit.exeC:\Users\Admin\AppData\Local\tpr\TpmInit.exe1⤵PID:2500
-
C:\Windows\system32\TpmInit.exeC:\Windows\system32\TpmInit.exe1⤵PID:2616
-
C:\Windows\system32\shrpubw.exeC:\Windows\system32\shrpubw.exe1⤵PID:2156
-
C:\Users\Admin\AppData\Local\J6uajT5\shrpubw.exeC:\Users\Admin\AppData\Local\J6uajT5\shrpubw.exe1⤵PID:2228
-
C:\Windows\system32\dpapimig.exeC:\Windows\system32\dpapimig.exe1⤵PID:2756
-
C:\Users\Admin\AppData\Local\wYvObBc\dpapimig.exeC:\Users\Admin\AppData\Local\wYvObBc\dpapimig.exe1⤵PID:2248