Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19-01-2024 08:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
672feea11a362219307b071df8f2dfa3.dll
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
672feea11a362219307b071df8f2dfa3.dll
-
Size
2.2MB
-
MD5
672feea11a362219307b071df8f2dfa3
-
SHA1
580f8a932ac435b2b29011b922f9e75316e15398
-
SHA256
2ba43678d9bb9bc374a126ea5792659d1b09bcb9ecb21dcbc233889a27082eef
-
SHA512
36bb2bf5572df4cd8e33042a08e3bc7b2c22cce687ecb61feb254f04c6c486a0228cb8d747d7833bbbb6300fa51b0aed24b19f6a23bf7ba34a5ae03a7519147c
-
SSDEEP
12288:4VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1Yt:tfP7fWsK5z9A+WGAW+V5SB6Ct4bnbYt
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1292-5-0x0000000002A80000-0x0000000002A81000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Drops file in System32 directory 64 IoCs
Processes:
description ioc process File opened for modification C:\Windows\System32\RqQ File opened for modification C:\Windows\System32\D8 File opened for modification C:\Windows\System32\nfw File opened for modification C:\Windows\System32\GKGcJAHnbYS File opened for modification C:\Windows\System32\zdsn1yZXRcg File opened for modification C:\Windows\System32\voCCun4G File opened for modification C:\Windows\System32\e7j7qfEpn7z File opened for modification C:\Windows\System32\0crGwn File opened for modification C:\Windows\System32\fkOK3 File opened for modification C:\Windows\System32\qYxfpHk File opened for modification C:\Windows\System32\wxTiiAWjLDT File opened for modification C:\Windows\System32\irbZMK File opened for modification C:\Windows\System32\79 File opened for modification C:\Windows\System32\GGaOZat0V File opened for modification C:\Windows\System32\8tnGL File opened for modification C:\Windows\System32\saA1TzDAOB File opened for modification C:\Windows\System32\2MxXm File opened for modification C:\Windows\System32\3UE9h File opened for modification C:\Windows\System32\qh File opened for modification C:\Windows\System32\2nj4dRP9 File opened for modification C:\Windows\System32\gP File opened for modification C:\Windows\System32\TabJcaHyK File opened for modification C:\Windows\System32\8PsIEFp File opened for modification C:\Windows\System32\B2sV0206 File opened for modification C:\Windows\System32\pJlH4 File opened for modification C:\Windows\System32\JDHLwWEmg File opened for modification C:\Windows\System32\dIttYbYCEYO File opened for modification C:\Windows\System32\6O7xbuNO File opened for modification C:\Windows\System32\lr2GD File opened for modification C:\Windows\System32\ZCVcg3 File opened for modification C:\Windows\System32\0sSL File opened for modification C:\Windows\System32\hfvARfi1L File opened for modification C:\Windows\System32\dZcmfJ0c File opened for modification C:\Windows\System32\oO4Trrd5 File opened for modification C:\Windows\System32\6U0ovszxnL File opened for modification C:\Windows\System32\JtgxP1tuB File opened for modification C:\Windows\System32\JO1A File opened for modification C:\Windows\System32\TTBrF File opened for modification C:\Windows\System32\4CBE7k File opened for modification C:\Windows\System32\Tvv95f3 File opened for modification C:\Windows\System32\syTggeZcW8 File opened for modification C:\Windows\System32\Ar9rUmHVa5 File opened for modification C:\Windows\System32\ZGzYZEtLd8q File opened for modification C:\Windows\System32\g3taispl File opened for modification C:\Windows\System32\Lu File opened for modification C:\Windows\System32\Evj7TGVF File opened for modification C:\Windows\System32\aM49EUrHRSW File opened for modification C:\Windows\System32\EJHyLzj4 File opened for modification C:\Windows\System32\WBJYUloIcX File opened for modification C:\Windows\System32\iAr File opened for modification C:\Windows\System32\dQZHNKj1hs File opened for modification C:\Windows\System32\Sh File opened for modification C:\Windows\System32\YkFcamkA6ew File opened for modification C:\Windows\System32\i9hlrclUj4r File opened for modification C:\Windows\System32\IaewGNtBF File opened for modification C:\Windows\System32\MolS4sUhiQ File opened for modification C:\Windows\System32\71Op07k File opened for modification C:\Windows\System32\oz File opened for modification C:\Windows\System32\ZgdtYxiUGow File opened for modification C:\Windows\System32\Q2WUCZ32V File opened for modification C:\Windows\System32\69 File opened for modification C:\Windows\System32\Pc File opened for modification C:\Windows\System32\rY File opened for modification C:\Windows\System32\Y1pGee6ME -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
rundll32.exepid process 1984 rundll32.exe 1984 rundll32.exe 1984 rundll32.exe 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292 1292