Analysis Overview
SHA256
c0cda8d360a4cdea7bb10b9846172f0d42de37c735f34ce5ca1ace713ad52650
Threat Level: Known bad
The file 42edeab8523a99674ca91e8a333e600d was found to be: Known bad.
Malicious Activity Summary
Dridex
Dridex Shellcode
Checks whether UAC is enabled
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-05 05:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-05 05:58
Reported
2024-01-05 06:47
Platform
win10v2004-20231215-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-05 05:58
Reported
2024-01-05 06:45
Platform
win7-20231129-en
Max time kernel
3s
Max time network
122s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42edeab8523a99674ca91e8a333e600d.dll,#1
C:\Windows\system32\SystemPropertiesComputerName.exe
C:\Windows\system32\SystemPropertiesComputerName.exe
C:\Users\Admin\AppData\Local\1fIRs\SystemPropertiesComputerName.exe
C:\Users\Admin\AppData\Local\1fIRs\SystemPropertiesComputerName.exe
C:\Users\Admin\AppData\Local\ccCrE2\shrpubw.exe
C:\Users\Admin\AppData\Local\ccCrE2\shrpubw.exe
C:\Windows\system32\shrpubw.exe
C:\Windows\system32\shrpubw.exe
C:\Users\Admin\AppData\Local\Q41zB\sethc.exe
C:\Users\Admin\AppData\Local\Q41zB\sethc.exe
C:\Windows\system32\sethc.exe
C:\Windows\system32\sethc.exe
Network
Files
memory/2356-0-0x0000000000120000-0x0000000000127000-memory.dmp
memory/2356-1-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-4-0x0000000077476000-0x0000000077477000-memory.dmp
memory/1348-10-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-18-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-29-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-33-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-39-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-42-0x0000000002E20000-0x0000000002E27000-memory.dmp
memory/1348-48-0x0000000077581000-0x0000000077582000-memory.dmp
memory/1348-47-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-49-0x00000000776E0000-0x00000000776E2000-memory.dmp
memory/1348-38-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-58-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-37-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-36-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-64-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-35-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-34-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-32-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-31-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-30-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-28-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-27-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-26-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-25-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-24-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-23-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-22-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-21-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-20-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-19-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-17-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-16-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-15-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-14-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-13-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-12-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-11-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-9-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/2356-8-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-7-0x0000000140000000-0x00000001401F7000-memory.dmp
memory/1348-5-0x0000000002E40000-0x0000000002E41000-memory.dmp
memory/2472-76-0x0000000140000000-0x00000001401F8000-memory.dmp
memory/2472-81-0x0000000140000000-0x00000001401F8000-memory.dmp
memory/2472-79-0x0000000000220000-0x0000000000227000-memory.dmp
\Users\Admin\AppData\Local\1fIRs\SYSDM.CPL
| MD5 | fde734a1878967dedc3b67a72347cb90 |
| SHA1 | 433e3b243dc08d63e8a0c4b09253ff0a9bc4db87 |
| SHA256 | 87c71d10cf137fd2e719e91edc64dcbead427cb680da61d6d5c509620b14ab47 |
| SHA512 | b5886cc905c882e98595e2e739b21e90ab954f1e9dd924accf48d461077774d7217379b78e2c9f446c8be3a9c3ae759660e20b65c7cfede8d13e93fef7e68dfe |
C:\Users\Admin\AppData\Local\1fIRs\SystemPropertiesComputerName.exe
| MD5 | bd889683916aa93e84e1a75802918acf |
| SHA1 | 5ee66571359178613a4256a7470c2c3e6dd93cfa |
| SHA256 | 0e22894595891a9ff9706e03b3db31a751541c4a773f82420fce57237d6c47cf |
| SHA512 | 9d76de848b319f44657fb7fbe5a3b927774ae999362ff811a199002ffa77ad9e1638a65a271388e605ab5e5a7cb6ce5aa7fcabc3ed583ade00eaa4c265552026 |
\Users\Admin\AppData\Local\ccCrE2\ACLUI.dll
| MD5 | 958243567ff18a5b5aefbdd5255a85e7 |
| SHA1 | 281cb9a921d5cae462f230a34ade4f02daa6f5f8 |
| SHA256 | f7d7934c9ba8f5ef61242b8ffb873188393cd172a4b7b9d70498c942e500c113 |
| SHA512 | 1656a6a698cf08a24a2cb5978553bcf2909f91fcf1912a79d6ce8075876cab4a7fc130513b0168ecde0f2d06f49e2a1f59c91588544da48d887d9182b504dfe4 |
memory/1900-98-0x0000000140000000-0x00000001401F8000-memory.dmp
memory/1900-96-0x00000000001B0000-0x00000000001B7000-memory.dmp
C:\Users\Admin\AppData\Local\ccCrE2\shrpubw.exe
| MD5 | 29e6d0016611c8f948db5ea71372f76c |
| SHA1 | 01d007a01020370709cd6580717f9ace049647e8 |
| SHA256 | 53c868882ebc9e0d4f703afeccb172043069ccc0b5b6f7cac1d2aad9c4640930 |
| SHA512 | 300216ab47ee44b8f68d4835bf26641f949039522b680af00fb602f57d31c38812428dc624461bc2cc7d6384cad396bc033718e41e11a65f7dd0eeb36ed924e4 |
C:\Users\Admin\AppData\Local\Q41zB\sethc.exe
| MD5 | 3bcb70da9b5a2011e01e35ed29a3f3f3 |
| SHA1 | 9daecb1ee5d7cbcf46ee154dd642fcd993723a9b |
| SHA256 | dd94bf73f0e3652b76cfb774b419ceaa2082bc7f30cc34e28dfa51952fa9ccb5 |
| SHA512 | 69d231132f488fd7033349f232db1207f88f1d5cb84f5422adf0dd5fb7b373dada8fdfac7760b8845e5aab00a7ae56f24d66bbb8aa70c3c8de6ec5c31982b4df |
\Users\Admin\AppData\Local\Q41zB\UxTheme.dll
| MD5 | 4c780d3df44a1c0cad13c332b292f245 |
| SHA1 | 89a4447db9f8442a4cab1bda59719d00c27b1306 |
| SHA256 | 41f0d8c27456a085f187cb2f182a9ec535efaf9ec6640cef50ec25b71c7a5d30 |
| SHA512 | 947c358d62a7e085615a213fb5d501e73371824e022522020b712eb8d04c6cb2e9c2af4d4ad931fbc77487487c477cd30bf8c583f97ecc8e7d04fe08d905bb58 |
memory/2716-120-0x00000000003A0000-0x00000000003A7000-memory.dmp
memory/1348-139-0x0000000077476000-0x0000000077477000-memory.dmp
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dbyxyty.lnk
| MD5 | 6a1642f7f1fe8d45253f00a631a355fd |
| SHA1 | 9448e5564ab25efde97e3bc530c8e3effd50815f |
| SHA256 | 972729451bc8eb95f13b82b76fd2d63693529dc57af0b67e6e117b03df96392b |
| SHA512 | 797b285b6b9a8eba7744d3a5e48464963e9f514226c6a90f9376748f01fc262fc9b64f97353091ddf3049be826d769fe892faef08e3ea079921e24d5df117686 |