Malware Analysis Report

2024-11-30 21:33

Sample ID 231231-c4dwnsbae2
Target 24befd9468f957a3f0f14e0bbae4055f
SHA256 09b04ad47e1067462c573c59f7a198c187ebe17232c7ed490e8d0329f7926171
Tags
dridex botnet payload
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

09b04ad47e1067462c573c59f7a198c187ebe17232c7ed490e8d0329f7926171

Threat Level: Known bad

The file 24befd9468f957a3f0f14e0bbae4055f was found to be: Known bad.

Malicious Activity Summary

dridex botnet payload

Dridex

Dridex Shellcode

Unsigned PE

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-31 02:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-31 02:37

Reported

2024-01-05 05:24

Platform

win7-20231215-en

Max time kernel

3s

Max time network

119s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\24befd9468f957a3f0f14e0bbae4055f.dll

Signatures

Dridex

botnet dridex

Dridex Shellcode

botnet payload
Description Indicator Process Target
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\24befd9468f957a3f0f14e0bbae4055f.dll

C:\Users\Admin\AppData\Local\OqYx8Rww\WindowsAnytimeUpgradeResults.exe

C:\Users\Admin\AppData\Local\OqYx8Rww\WindowsAnytimeUpgradeResults.exe

C:\Windows\system32\WindowsAnytimeUpgradeResults.exe

C:\Windows\system32\WindowsAnytimeUpgradeResults.exe

C:\Windows\system32\isoburn.exe

C:\Windows\system32\isoburn.exe

C:\Users\Admin\AppData\Local\uFLL6\isoburn.exe

C:\Users\Admin\AppData\Local\uFLL6\isoburn.exe

C:\Users\Admin\AppData\Local\oo45aYp\cmstp.exe

C:\Users\Admin\AppData\Local\oo45aYp\cmstp.exe

C:\Windows\system32\cmstp.exe

C:\Windows\system32\cmstp.exe

Network

N/A

Files

memory/2284-1-0x0000000140000000-0x0000000140331000-memory.dmp

memory/2284-0-0x00000000001A0000-0x00000000001A7000-memory.dmp

memory/1196-4-0x0000000076FE6000-0x0000000076FE7000-memory.dmp

memory/1196-10-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-14-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-20-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-26-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-33-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-44-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-55-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-59-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-64-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-63-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-66-0x00000000024C0000-0x00000000024C7000-memory.dmp

memory/1196-65-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-75-0x0000000077250000-0x0000000077252000-memory.dmp

memory/1196-74-0x00000000770F1000-0x00000000770F2000-memory.dmp

memory/1196-62-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-61-0x0000000140000000-0x0000000140331000-memory.dmp

memory/2832-104-0x0000000000190000-0x0000000000197000-memory.dmp

memory/1196-60-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-58-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-57-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-56-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-54-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-53-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-52-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-51-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-50-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-49-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-48-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-47-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-46-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-45-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-43-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-42-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-41-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-40-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-39-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-38-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-37-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-36-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-35-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-34-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-32-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-31-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-30-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-29-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-28-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-27-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-25-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-24-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-23-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-22-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-21-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-19-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-18-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-17-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-16-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-15-0x0000000140000000-0x0000000140331000-memory.dmp

memory/2116-142-0x0000000000110000-0x0000000000117000-memory.dmp

memory/1196-13-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-12-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-11-0x0000000140000000-0x0000000140331000-memory.dmp

memory/2284-8-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-7-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-9-0x0000000140000000-0x0000000140331000-memory.dmp

memory/1196-5-0x00000000024E0000-0x00000000024E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Cuhrqknkppepky.lnk

MD5 033392824c1e632d198c1c118b2f3928
SHA1 f1a264a26edbe6f257130a362ae6f006bfcd643e
SHA256 e3b466bdbc9858899a92f07a51da31ee213e47bc3a59c867b56742ec68320cbc
SHA512 2c6df87bde04e20e656f5a89202daa60f390396503c94cd5e3080f8426857e90a905d5ea5da7346e522a7dc668fd01d18afccf47c8bbeea54f0b94d710a24053

memory/1196-166-0x0000000076FE6000-0x0000000076FE7000-memory.dmp

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Maepd1rNLU\UxTheme.dll

MD5 695271622e344c38cd58a34ef04db3ff
SHA1 116b132f9b11ffe112e97b63fea35533977f99f1
SHA256 43162af7a92cba63ee60673d0876a464e110792d7f2d72982c4f2569e19a0c43
SHA512 164c596ba6bacb693e96f6e97bc49aa72c93d2b000d2e1758ab23c3901164fed8cf14c690158dd8d5e92065b9e733e27ef9952aa36a88dc9f3ca390566bb7fd0

C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\1AHQ\VERSION.dll

MD5 8391a3638eb09bd434afc9ac9309fb3c
SHA1 3cf210bc384455b5ba7a666e94d61c93ae0ae82c
SHA256 ec4a02981975e7e3828e714f14fc46c660c2abff49c68fa4914c14051e6436fd
SHA512 8541b36ad9bef3021de91a5430e906366d40700b44c9184d29b4cb4881f68957975873e69b9dedd3555579f1af2242570da6a7b295d0ef15129f807fea2382fd

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-31 02:37

Reported

2024-01-05 05:23

Platform

win10v2004-20231222-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A