Analysis Overview
SHA256
09b04ad47e1067462c573c59f7a198c187ebe17232c7ed490e8d0329f7926171
Threat Level: Known bad
The file 24befd9468f957a3f0f14e0bbae4055f was found to be: Known bad.
Malicious Activity Summary
Dridex
Dridex Shellcode
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-31 02:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-31 02:37
Reported
2024-01-05 05:24
Platform
win7-20231215-en
Max time kernel
3s
Max time network
119s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\24befd9468f957a3f0f14e0bbae4055f.dll
C:\Users\Admin\AppData\Local\OqYx8Rww\WindowsAnytimeUpgradeResults.exe
C:\Users\Admin\AppData\Local\OqYx8Rww\WindowsAnytimeUpgradeResults.exe
C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
C:\Windows\system32\isoburn.exe
C:\Windows\system32\isoburn.exe
C:\Users\Admin\AppData\Local\uFLL6\isoburn.exe
C:\Users\Admin\AppData\Local\uFLL6\isoburn.exe
C:\Users\Admin\AppData\Local\oo45aYp\cmstp.exe
C:\Users\Admin\AppData\Local\oo45aYp\cmstp.exe
C:\Windows\system32\cmstp.exe
C:\Windows\system32\cmstp.exe
Network
Files
memory/2284-1-0x0000000140000000-0x0000000140331000-memory.dmp
memory/2284-0-0x00000000001A0000-0x00000000001A7000-memory.dmp
memory/1196-4-0x0000000076FE6000-0x0000000076FE7000-memory.dmp
memory/1196-10-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-14-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-20-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-26-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-33-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-44-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-55-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-59-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-64-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-63-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-66-0x00000000024C0000-0x00000000024C7000-memory.dmp
memory/1196-65-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-75-0x0000000077250000-0x0000000077252000-memory.dmp
memory/1196-74-0x00000000770F1000-0x00000000770F2000-memory.dmp
memory/1196-62-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-61-0x0000000140000000-0x0000000140331000-memory.dmp
memory/2832-104-0x0000000000190000-0x0000000000197000-memory.dmp
memory/1196-60-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-58-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-57-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-56-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-54-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-53-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-52-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-51-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-50-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-49-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-48-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-47-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-46-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-45-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-43-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-42-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-41-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-40-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-39-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-38-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-37-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-36-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-35-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-34-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-32-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-31-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-30-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-29-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-28-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-27-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-25-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-24-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-23-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-22-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-21-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-19-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-18-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-17-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-16-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-15-0x0000000140000000-0x0000000140331000-memory.dmp
memory/2116-142-0x0000000000110000-0x0000000000117000-memory.dmp
memory/1196-13-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-12-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-11-0x0000000140000000-0x0000000140331000-memory.dmp
memory/2284-8-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-7-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-9-0x0000000140000000-0x0000000140331000-memory.dmp
memory/1196-5-0x00000000024E0000-0x00000000024E1000-memory.dmp
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Cuhrqknkppepky.lnk
| MD5 | 033392824c1e632d198c1c118b2f3928 |
| SHA1 | f1a264a26edbe6f257130a362ae6f006bfcd643e |
| SHA256 | e3b466bdbc9858899a92f07a51da31ee213e47bc3a59c867b56742ec68320cbc |
| SHA512 | 2c6df87bde04e20e656f5a89202daa60f390396503c94cd5e3080f8426857e90a905d5ea5da7346e522a7dc668fd01d18afccf47c8bbeea54f0b94d710a24053 |
memory/1196-166-0x0000000076FE6000-0x0000000076FE7000-memory.dmp
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Maepd1rNLU\UxTheme.dll
| MD5 | 695271622e344c38cd58a34ef04db3ff |
| SHA1 | 116b132f9b11ffe112e97b63fea35533977f99f1 |
| SHA256 | 43162af7a92cba63ee60673d0876a464e110792d7f2d72982c4f2569e19a0c43 |
| SHA512 | 164c596ba6bacb693e96f6e97bc49aa72c93d2b000d2e1758ab23c3901164fed8cf14c690158dd8d5e92065b9e733e27ef9952aa36a88dc9f3ca390566bb7fd0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\1AHQ\VERSION.dll
| MD5 | 8391a3638eb09bd434afc9ac9309fb3c |
| SHA1 | 3cf210bc384455b5ba7a666e94d61c93ae0ae82c |
| SHA256 | ec4a02981975e7e3828e714f14fc46c660c2abff49c68fa4914c14051e6436fd |
| SHA512 | 8541b36ad9bef3021de91a5430e906366d40700b44c9184d29b4cb4881f68957975873e69b9dedd3555579f1af2242570da6a7b295d0ef15129f807fea2382fd |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-31 02:37
Reported
2024-01-05 05:23
Platform
win10v2004-20231222-en