Analysis
-
max time kernel
0s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 01:58
Static task
static1
Behavioral task
behavioral1
Sample
736f4c09867897af390e3e0bf50a0b23.dll
Resource
win7-20231215-en
General
-
Target
736f4c09867897af390e3e0bf50a0b23.dll
-
Size
3.5MB
-
MD5
736f4c09867897af390e3e0bf50a0b23
-
SHA1
3194159767a1ca1c25f18e33b5f790394c9f5cd9
-
SHA256
fee679a74d93c6adee409515fdf168e955e056dae2949cbf848a48e03a8ac97d
-
SHA512
3c33731da1c256f43480f8b6e9480209a9f65dcefd9ea45f3bfa754e8f21fa022dca160f227fd223da04027d692e7001ed19882e0c3ba60962d79c119b76d497
-
SSDEEP
12288:SVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:PfP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3560-5-0x00000000026E0000-0x00000000026E1000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 4752 rundll32.exe 4752 rundll32.exe 4752 rundll32.exe 4752 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\736f4c09867897af390e3e0bf50a0b23.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:4752
-
C:\Windows\system32\rdpinit.exeC:\Windows\system32\rdpinit.exe1⤵PID:2324
-
C:\Windows\system32\tabcal.exeC:\Windows\system32\tabcal.exe1⤵PID:2572
-
C:\Users\Admin\AppData\Local\I1dV\tabcal.exeC:\Users\Admin\AppData\Local\I1dV\tabcal.exe1⤵PID:3820
-
C:\Users\Admin\AppData\Local\4QvI\unregmp2.exeC:\Users\Admin\AppData\Local\4QvI\unregmp2.exe1⤵PID:776
-
C:\Windows\system32\unregmp2.exeC:\Windows\system32\unregmp2.exe1⤵PID:1164
-
C:\Users\Admin\AppData\Local\ouTw\rdpinit.exeC:\Users\Admin\AppData\Local\ouTw\rdpinit.exe1⤵PID:652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD50ab3ef9eb975e98a5a16da5284e6cbeb
SHA1232f41fb251f1afabae748d01b98af258bdd9d32
SHA2564613bf931ff2a64db868f799ed322faa1c91b2501a80b8a2c3794101aca7ead8
SHA512bcbf42d3b3b81c1cd15e76389437b7cd3fc66d2e4ce3c7afde552788cac651f18d8cdad732c9f6fba3038ed96304d2af8e55800db9e5d22d283f581db88f58c2
-
Filesize
37KB
MD5cc5ef8a99065f897429bfcbb4d006182
SHA12394913f7fc638a64a2e80a61d20e00fd18db933
SHA25694361032eb2f48f73c9dad85977445b7a6f309ca5b96ffd66895bcb89c2a06c4
SHA5128172b99525a871348d38636aedebe2a98306d7c4d7ff01aadb2d058732fd4c2e1543dfd7685ede32f3dc743e152391c71fb9c0d9cb0cd9852cc98c458a2228b5
-
Filesize
10KB
MD5dd816d990e088461d2effcc101016437
SHA1fd280d5678bb2457821bcae025a364f557b73ff2
SHA25653de8ba90bc45a2e781b110438dc54327225556e9340448bc79cf36bfa9946cd
SHA5123c453757be6e198305d53c6edb2a5b5dffd947bdc5e09d77a053e27119f9fe7283a34541dccd655c2c894261a6270c986a01a4a4af97e2fad20dfd2df9173fa5
-
Filesize
36KB
MD50114a6dde0ac90a0958e935f8d60d00a
SHA1ea0685a568f273d103b1f5f276939063f6926293
SHA256a7a1b91ef43934111c1900486d446157587a592d3a4bd25389c29674ba690e10
SHA51224f2c7cce2dd65ad5b816ba5a117b36a62bcb38166ca40953246bd5b8329f54fbefaf1dd766f8c7213e192a792d56560f0d50d02c5032b1b32440dbd6bcc1eb4
-
Filesize
37KB
MD5134a973f4be89dff7dda8569df5c90d4
SHA1e6141f063d896c13a43ba7961be87e085b73391d
SHA256e88491164066572aec8f0eba853d88baaa16c8cac62c5df5df179854ea5f524c
SHA512dd3d305b58877624a431202c6f58cab70817d72d6ead53238efa43735e43ebd09e7d01fa60389f68830ccbe38515d021f808d9d6f214dacec1039450417df426
-
Filesize
64KB
MD529e420e28b5c434713e2a26a3162c9e4
SHA1aa9db52988713e5c884b6b5d16073ccccbf5d889
SHA2568c431afad454a6eef73df50bfbc95d056909e1dea35fc0b2126dbd6f44ca24e7
SHA5127620265e0f3606618dc83640b91e7b5e2b0fe14c8b2db5ad5920b9d3e890924bf2c64f55a954211cd52d5cda0923d424e5c61fb407c8bf7454814382dde72dcd
-
Filesize
58KB
MD506e9b28a3b363ca0e48f18838f2a83a5
SHA19b4a30a7ec7dfff854cec32aa80026bcf97dddd9
SHA25649dc58405aaaf780343ba83308d073b017e5857af73ce26e3a947a79b66ebd61
SHA51225b0f2e458e3b35850dc7a65a7ee45fe12c238dbb2d0ad55538d9cf858712cc2c8de4da6f9394b645dbfdf112a51fd295c6d75377df16debd96c6c3d35b8be24
-
Filesize
12KB
MD580fa3f2ef26e9907a4a563ab895270f6
SHA16866489f96f66dcf3b299eb0af690987a8eccd5b
SHA256d16c9df8f5be3249379537a03f787d8a10ed5545285d7a150006c2534374c8d1
SHA512c9cae8bc9b070bb56860597688c4426fb30009e6bf5caa13c1abd98d242344b505227c4476f5e575f740830ab2862f17fdfcbc850cae84b8cf477cde7d0de11f
-
Filesize
27KB
MD5c5eb6e49fca25b6fe96bcef681b2d834
SHA13564b4a46b51505ba014ec3e56c957be8bd8c2f2
SHA2562e822b974cf59d7c5cb35ae6268ac5dd4ac1b6ef66aa64ba405f5d68ca27517d
SHA5125ad8d6356ed4bec81a8b78793ee9381d575958cf215e99f929cbfdebd9e9bc49310edf607c207776759dcf8f69573ada5a357ec4e7c0462341fc3e2a4492e6c4
-
Filesize
12KB
MD52b8f1bba13981c24e973a5200953697d
SHA19beb70b38b464c3a84a8c6a7484de7fbd9091e36
SHA256579096f8d85d13b16a86eebd75bcbf051702d3b945bce47789ced46471031adf
SHA512490a1df25fb6b7ade00c1a48947b827aeed183075e75fca6aa8b4b92ed88adae5bb4041173583f7c40675cf23d117a77aa7dbd661b4b5baaa5e6c619e26e25f7
-
Filesize
19KB
MD5d1aa2f6b121ee1720bc96c43586d53e4
SHA1fb9a4add8819166517ef41ea6e339a159d78a678
SHA256f16051cc00f9a09b4edbd36c90db27ff473c0a30a98e4d140b7fa542aa5d7a2a
SHA512a8037698f8708616c2502dc14f62afa5e0d755d41ee526881fc48b5c0c6c92a4cc86861f300f210722384e4258dd4a55e2b6494b77c841dea4450f357240746d
-
Filesize
64KB
MD58a6bd96793482deb5ba0b4480507ef68
SHA1beacb9719b6dba6475779a78d7566408552a5e7b
SHA256275a8bd3c97affabccc37e50e431ae473b7f5a7dab735420bc75875dc00750ed
SHA5122034634c3c1a781fbf90f76255141ff6d4d101fedccfae165a1b56dafbfcde4dc345f2804d03addf48613f5866619a2de1c99d92c749e35d58f03eee9399e3d6
-
Filesize
1KB
MD54a77fd1cb398a293be6fbeaa1a9fa43c
SHA18e9f6a2e970860f263df18914bacb182285dee86
SHA256a7afd238100140185208f1bcde06643f9804ac002b88d634265a10bde9b96cd3
SHA51267a235fb2166f78bfaab0227dead3d9a5a8ea4003c59c7f10242d449205fe7f7e9e37da36f3ba954cf37328623c89bbb832ee45b065c6c4d29154a2094d32603
-
Filesize
83KB
MD59ece18e459dcc1d0244185a118600d25
SHA11f519661af4f4cf8e31d76b46cf973659fcefa3f
SHA256f95677f22210a378df2a30626dae7653091a1dfbca6894573876d1d8932a6f4b
SHA5129e31a58ac620683f223875d441e89b6be382acb8351526da62d37a1708751774956dd0820f2625525b7146bf26029a72f070251838da4d609e1d521d4f27f5a7
-
Filesize
156KB
MD5374b1a87db7a944d44f90b8ea6ba0e2a
SHA1d7670aeb3878be26113f8735239937df99e4520d
SHA256e23c4e81843af1a169980dc56bf99c3decbaf07a2214695039b99c0ce8a912d7
SHA5123d7adad8406cdd17d3608735d500fa57822eb49d5d4d1444e8cfaa49ead730d0784de3a04e4c0cf49b70daf07a52267b85d68b8ce8c3f7dec872fde7ab2d7dbe
-
Filesize
9KB
MD5d243039eba4df7ffc30ddea5c6c67294
SHA107c66e1669705ac708452e715f5f5fee013b4740
SHA256a1e15f2a9d6a38eecb215b09cf8a2ba7da89f6fb943f303117526f938f656393
SHA512defe15e24d3431ceb6c5b026830378637b121398c7e70e142eb39d4a1a64907fe4600897d922ebaef98a1e68f7285c958d6d123a7102b6e80ec860ce8a00e434