Analysis
-
max time kernel
0s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 00:26
Static task
static1
Behavioral task
behavioral1
Sample
08813f878cb82d72137f676d7e09709d.dll
Resource
win7-20231129-en
General
-
Target
08813f878cb82d72137f676d7e09709d.dll
-
Size
2.5MB
-
MD5
08813f878cb82d72137f676d7e09709d
-
SHA1
f88f26f38331241120189c141189e91d8ca4dd50
-
SHA256
d019c751d5e32cf0c6ae6a66e17f3c47b9ab46b76eea50f8d5e450841060c8ac
-
SHA512
8d363518c30a7c18c5efba51af8a9eb517e2995ae3e11da66231badbea752b861a00f71bee7635498b536400c9dab1e24fffa92c7e6ccbd10e6e2b24319c3cfc
-
SSDEEP
12288:kVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:BfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3560-4-0x0000000002700000-0x0000000002701000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid Process 1268 rundll32.exe 1268 rundll32.exe 1268 rundll32.exe 1268 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\08813f878cb82d72137f676d7e09709d.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:1268
-
C:\Windows\system32\SnippingTool.exeC:\Windows\system32\SnippingTool.exe1⤵PID:4968
-
C:\Users\Admin\AppData\Local\KNl5pWS\SnippingTool.exeC:\Users\Admin\AppData\Local\KNl5pWS\SnippingTool.exe1⤵PID:212
-
C:\Windows\system32\SystemPropertiesPerformance.exeC:\Windows\system32\SystemPropertiesPerformance.exe1⤵PID:372
-
C:\Users\Admin\AppData\Local\scNI\SystemPropertiesPerformance.exeC:\Users\Admin\AppData\Local\scNI\SystemPropertiesPerformance.exe1⤵PID:3124
-
C:\Windows\system32\WFS.exeC:\Windows\system32\WFS.exe1⤵PID:1708
-
C:\Users\Admin\AppData\Local\M0Yq9A0LP\WFS.exeC:\Users\Admin\AppData\Local\M0Yq9A0LP\WFS.exe1⤵PID:3760
-
C:\Users\Admin\AppData\Local\v3WX0c\rdpshell.exeC:\Users\Admin\AppData\Local\v3WX0c\rdpshell.exe1⤵PID:1412
-
C:\Windows\system32\rdpshell.exeC:\Windows\system32\rdpshell.exe1⤵PID:3608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.2MB
MD5f06d69f2fdd4d6a4e16f55769b7dccc1
SHA1735eb9b032d924b59a8767b9d49bdb88bed05220
SHA25683be001996cd4d9e5a1a8cd130e17e5b5ee81c9b5cf1b9d9196d8a39fbf7506d
SHA512ccc1bff59636e91763659749d67b9f6255765ed5aed4b40b6f8111d4136a7e2fe9e0726396b0c837e4ab8717528134273ffc0825a205e501a13bf1d3aee5046b
-
Filesize
2.5MB
MD5efb660c46eabf1839d56a247b76eb486
SHA128f5a8401ea50912ab78960c9ac0782ce50e876b
SHA256b7f5bc51aeae152db7860ad5eb1be113f908a4ec586c9a9ab3e773d1cc2def06
SHA5120b9736c7abb12457598bb78fd312b7a7a216ed42b36261d5cb505b656cb182d666d67174db4c69300ecb25f34fa1f45fd8f72d1e9ba0257d6e3f78efa65b3b32
-
Filesize
944KB
MD53cbc8d0f65e3db6c76c119ed7c2ffd85
SHA1e74f794d86196e3bbb852522479946cceeed7e01
SHA256e23e4182efe7ed61aaf369696e1ce304c3818df33d1663872b6d3c75499d81f4
SHA51226ae5845a804b9eb752078f1ffa80a476648a8a9508b4f7ba56c94acd4198f3ba59c77add4feb7e0420070222af56521ca5f6334f466d5db272c816930513f0a
-
Filesize
2.5MB
MD5ffa29a0f8976cfd0978359816ac1ceef
SHA119bbf883dade99f5b8aa9aa6a905ff715407489b
SHA256ad0a9b592c828be50149228eca0a24c348590c082333a7d72a4347e1415d6f98
SHA512948d243a46ebd239f562552a858a21464d22b4e0b9a2f6aa25d28b56d40aa6e229bbc2e7ba40f2242c9485e54bc15fde3f0747f4f8be7d4ad0a6122e7f3bdcd3
-
Filesize
2.5MB
MD501c83aec0f436727c461955e4ce5a073
SHA133b2c4420dd10b80cc4ca69fb83f9020ea4d7da1
SHA256ad09755a40e452d57b913485173a69228fa102e6c444066234dc1cfa44a8fa1a
SHA5124bc10e985d2f80f449a5036fb1a4a0c0659ca08f266b5c8b0febb737f16aa54877ec4f7da0ccf8c3614616c7fc7ca5bdc8bd8524a16059c52c1b98ef16d75b9b
-
Filesize
82KB
MD5e4fbf7cab8669c7c9cef92205d2f2ffc
SHA1adbfa782b7998720fa85678cc85863b961975e28
SHA256b266318d45a4245556a2e39b763f2f11eca780969105f6f103e53dd0a492bb30
SHA512c5c62578d04133352d6cb7b018df96a7b55c18d6111ab8bf2bfe232a3315a63b07047fa5b0b88551d152085776c66169b47566242c8c4c5e0333c55adc64e1b6
-
Filesize
2.5MB
MD5281f5c6b3f8604b2a89f75d82072d3bf
SHA1e5cfb1b1efa4f4043fc27c5f1bc34711bc1a4325
SHA256c6c78ae89fe5715b713859b6789c3a601104a6ccb36303addd0829c94b8e401a
SHA5120cf401348549e0b43338e95f8b426cd2ba7122db7428076baca0f87809dc099fdedb53f65f1b29d4ef5a8c8dcd332a41a2b839ceb5bf74cd544550ca6eacf7b7
-
Filesize
468KB
MD5428066713f225bb8431340fa670671d4
SHA147f6878ff33317c3fc09c494df729a463bda174c
SHA256da6c395a2018d3439ad580a19e6a1ca5ff29ef9074411ee9f9f1b0a6365dfebd
SHA512292aad2762ae4dc519c69411aa114a29894f60ffac103813db4946f2fac4f5a166f66523c421529d6847c0882d8ab467392ee8da1e3a4fca0d6d4e6ebda5b737