Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27-01-2024 16:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7ab57693dbdaf787706d0da8c151df4e.dll
Resource
win7-20231215-en
6 signatures
150 seconds
General
-
Target
7ab57693dbdaf787706d0da8c151df4e.dll
-
Size
2.9MB
-
MD5
7ab57693dbdaf787706d0da8c151df4e
-
SHA1
5b10dab0b2ce302bfb48a8e2f039479231102c48
-
SHA256
d7de92fab29dd63724f0ecac51deaa9b343500a61f164029de7d1c8e19457914
-
SHA512
8b5995d735812a3707faee91854a183c52de45145024eb6064d181185b188adafd21b2b574c1b7f80c8da8424792b8cd26e625900a6514d3f31e5dfccf122bca
-
SSDEEP
12288:rVI0W/Ttl/LPJCm3WIYxJ9yK5oQNPElOlidGgmilgm5Qq0nB6wtt4AenZ1:qf/LfWsK5TNA+WGgm+V5SB6Ct4bnb
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1240-5-0x0000000002550000-0x0000000002551000-memory.dmp dridex_stager_shellcode -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
rundll32.exepid process 2224 rundll32.exe 2224 rundll32.exe 2224 rundll32.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
pid process 1240 -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
description pid process target process PID 1240 wrote to memory of 3068 1240 WerFault.exe PID 1240 wrote to memory of 3068 1240 WerFault.exe PID 1240 wrote to memory of 3068 1240 WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ab57693dbdaf787706d0da8c151df4e.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2224
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1240 -s 16041⤵PID:3068