Analysis
-
max time kernel
1s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
23-01-2024 19:52
Static task
static1
Behavioral task
behavioral1
Sample
706c428f1cdf3c4e2003ba9c1a54b608.dll
Resource
win7-20231215-en
General
-
Target
706c428f1cdf3c4e2003ba9c1a54b608.dll
-
Size
1.4MB
-
MD5
706c428f1cdf3c4e2003ba9c1a54b608
-
SHA1
3b476cac8210f67bbca4ba8a89216f169c977883
-
SHA256
22cfa40d7e29bf79dc313aa90b86ea3a7716d0a95e553cfe8d112098645a039b
-
SHA512
f2ae94b7dd481354bba7e05cc2af08e8e99f81ec960f70e128657476b28b6645dea26e02e5c702a7e8f3a75aec403767f5fe9e35796b03a354dbe1fde6b5cc26
-
SSDEEP
12288:7VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:afP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3556-4-0x0000000007650000-0x0000000007651000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 2640 rundll32.exe 2640 rundll32.exe 2640 rundll32.exe 2640 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\706c428f1cdf3c4e2003ba9c1a54b608.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2640
-
C:\Windows\system32\omadmclient.exeC:\Windows\system32\omadmclient.exe1⤵PID:916
-
C:\Windows\system32\EhStorAuthn.exeC:\Windows\system32\EhStorAuthn.exe1⤵PID:2720
-
C:\Windows\system32\SystemPropertiesPerformance.exeC:\Windows\system32\SystemPropertiesPerformance.exe1⤵PID:1080
-
C:\Users\Admin\AppData\Local\edlk\SystemPropertiesPerformance.exeC:\Users\Admin\AppData\Local\edlk\SystemPropertiesPerformance.exe1⤵PID:64
-
C:\Users\Admin\AppData\Local\vaJ8\EhStorAuthn.exeC:\Users\Admin\AppData\Local\vaJ8\EhStorAuthn.exe1⤵PID:1936
-
C:\Users\Admin\AppData\Local\bOjF4Jk\omadmclient.exeC:\Users\Admin\AppData\Local\bOjF4Jk\omadmclient.exe1⤵PID:1208
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD5701a71f2b74f5092847975606808ca4d
SHA189274d5e375a3c62007f2e894cbbeb4879d315c7
SHA25665c283350046436b646cdc292b860b9a2cfd608b8c507a7bcce9affecb8a503e
SHA512ea74780939280255210feb24392af2d16eef96fe4892bb3c6cffc9acfca8354831ae01c97fb79987ddd32c63ca88866afce1aa8250aff76b757c36f69f5ff8b8
-
Filesize
110KB
MD5a2fe86348bd66d0555a70d2ddc5bc8ec
SHA1a0c494062a629c2759285d67a4f3650b767d868a
SHA256bc3dea993c6c2ac149584374088881120456a33a63c1ff22de4e6608cb3e5e98
SHA5128e97c2c9fd102741d75e6a71a2e149c4356d74875be10e0820d4c461f0b5340cc4fb5650873ce46684f8f9e2af81c763933939747f395717804a72f9f1d5e0a9
-
Filesize
131KB
MD53839d0bf80748bf372ab51605802e633
SHA1a91366466ff5f3948a48d920779c33f464d7a5d1
SHA256a236a146ff2a84b2d7b4e9abb9a640576cc223bafccb22575817c351878fa424
SHA512ab4f570a848cabd985106e553cd05a96481fd4db6ff4deee675a2141a9e2e031d9cea7a9bae55da4a17a434357cc2a83bd122c1b06cbb79105272ba46f6e76bc
-
Filesize
29KB
MD5287c9cde6c9b41d941245a271ad72bad
SHA149f13e6cb1887a2055fade2ddb34d8358ac69073
SHA2563607509832b1ac80d6020d6a710db27a251105ba7943a75b33c77a6fbfa53c3f
SHA5129f1df7fcf686b72a7a977e7fe9054b0703b48cfd2eaa9efa989f61499a65854af974316d1d61898af2c9200535f5bd9348134dc1f8d973c5d7c75d94adc97acd
-
Filesize
85KB
MD5643b671742f0ce8f4d6fc96d00e71597
SHA179735cf624c98a932b75fbfcd860be807b7d8ee2
SHA2563a75a4cf5833ba5ecd1196d8d2b16cf040fc3d2daf0aebf4298014aa3e596976
SHA5129fe3df3a7de19934a07ce83d51e3275d6cbfc007c9d15cdfe71f576bda941ad1fc6e129c65a7aee93e4f0f81bca528cad746cebdcfa9b978fcf86c7e1ac33a49
-
Filesize
155KB
MD5616ae83739ea1f90abe55f89bf96fcc5
SHA1997aef54da588559bfe642b8605bcd1546d28489
SHA2560bb5de5f2177663061d5d52146f8138a71e734c950cd436a5f695b423ed17f70
SHA512deafd997cb8669158b7578bc044fdc6bf52499a507b3b737ec536fab68795029b2661093b12edef745ecec6a4862bdf35f46cafe87aec23cd321acd3c02b20b8
-
Filesize
201KB
MD5a19228387e84b10ead3513cbf29d768a
SHA16f2beb8e878a2dd88230d65b4fb48b2588f5a240
SHA256e99c2dfb1ca37677e8f835ffee92b7e56ed2fbe4601b5f7e0919263f5f0924ab
SHA5126056ccbb9be2d25f135981a6b2fd38710add3d93420a8eca5079524d270b829e4d430fab091fb80c55bbc3d6eab5c20e97358fe4780abad857a2e4276c87d1ea
-
Filesize
287KB
MD5d1fd78be8f1d9e8bf3762965356b1fbc
SHA167396f71236dea6868997ea2e05ff784e761cda6
SHA2565bb77831ec8687e9849eecc000b7cd5766d205efe018d811129c4b64d33f901c
SHA5121232a5c73fae3548f06198f3726d457f50dba68f1aaa1cbe022a7a3b877556aecf446eb79a64495d56d2a17ba2690ecbd2d6e2133182cdfd976b345d7a738f9a
-
Filesize
82KB
MD5e4fbf7cab8669c7c9cef92205d2f2ffc
SHA1adbfa782b7998720fa85678cc85863b961975e28
SHA256b266318d45a4245556a2e39b763f2f11eca780969105f6f103e53dd0a492bb30
SHA512c5c62578d04133352d6cb7b018df96a7b55c18d6111ab8bf2bfe232a3315a63b07047fa5b0b88551d152085776c66169b47566242c8c4c5e0333c55adc64e1b6
-
Filesize
128KB
MD5d45618e58303edb4268a6cca5ec99ecc
SHA11f8049fc5ea8b57bb68e19fb55cb9dc1e18e9513
SHA256d527323643be9df4d174c3169c6f2c7854a59b781654bcaebd154cb51fb4219c
SHA5125d7ae663dcfedfaf00836dc018131851e5a40778bd582b417b9f0bbd4bb6d1b2eb8f37f7f5a01cd2beed78b6037ef6eb2a3290248d5e901173b1407990a202bd
-
Filesize
203KB
MD56cf801a60387ea807170680e796d55da
SHA105df3f71b273da19268137cf882444ec7cefe2ca
SHA256294398b842356ddb9a4c8a1565429752768936974e5076677edb1cb599996cd5
SHA51281074b61209cfcd6155d5bea46ef95360dd4d8b4870fe6dfb1cebc23c92247910433ac52910f8fc6416e006e610114de52c4161930f661d4fd12f2bb34c3bcaa
-
Filesize
283KB
MD58211d674831d4c6b4c94c22de4ee5aef
SHA1e35f1276f1f65111d1791f30ae5542a6ca140053
SHA256b60c8a916116f3afb93d101ebc9e63bb3c4a637f5f6c46e4ccd7cdd9394a2b62
SHA51232b764a15e0bfdf7d40bfea8f84d898aa33269d7471a3b00a7329f89b956cd0362be1914ba6bc41bfc9bb67d1de1c6169e855cf7329604c0a6fa13d2f3e47b7c
-
Filesize
1KB
MD5d919b6d93ec53dbe68e19e2e7b6a1ff9
SHA10ebbf3bedcc35b57557aaf7e65ac404f5c1dcdc2
SHA25679c3324f6c65bc68b4e7bb4a5cf00e8bbab687aa019d1df538c1415ab382eeed
SHA512b0fadaf41f76613da72503d38ed4ce96eba0a7f65425c0e508d5da517214fd75245fc9369e0c045bf025da30eaffb9b5b58f184b565d776448caa698e7d91b3c
-
Filesize
116KB
MD5371dba2f4e4568c391788ea271d6275b
SHA173354a0bdfa49eb2e02696c83ca3049d2b954348
SHA256ddbf2d2f5f720f756f4180c1fb8eff0ea83ddca514ab01ff6bdf7dfbfc35c2b7
SHA51253917b9a16d84ac66d02ab0bb5563e58387b7986d9388faa0a5a5db933956bbbd305554da99edacbc65cdc37098fc5da5e5ec563bab3c5b87a4d0b026349d76f
-
Filesize
62KB
MD5d78b7c50e9a19001281da02040a0b6d2
SHA1ce9fcd4b6df0418528143e011bb42a4f969914b5
SHA2562d667f18803916a2e619cb89785fcd7070c960b66a8510523980920ac269c330
SHA512a22f7a87e380fb902e4c3ba57c0ea10e6bd465e23812f96b1833ba37a2b6e23b925092cad44eef2531a558a3d51f0986b150f51824a527ba9ca5b0a82ea908e2
-
Filesize
80KB
MD5cb45f96921418a42eb64cd2efde7c8a4
SHA176f965faf6cfd37b6e3cec01626c9f953b1cc7b3
SHA25606851a71f213e55d80b637c3e29e10f68c9d59d2cad18ff887d1787712a6f701
SHA512a3b2a5e58eef50b227381928d54bd33e4a5bed9df3408a77c0d5c00dd464996e7767280ae48be1350b802ab3fd4d67ae16be02c190b6fd66d1bc335737d21a94