Analysis
-
max time kernel
132s -
max time network
132s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 20:21
General
-
Target
SecuriteInfo.com.Trojan.Dridex.704.28108.28988.dll
-
Size
647KB
-
MD5
979310d723bfe499e26f9d1c773eb567
-
SHA1
4bbac2dc71b965de292f96cb1b711d7ae979f534
-
SHA256
1b4e008beb2b395e53648c9a246ecafcb3df0543c5236a40cdb976a2007bbf97
-
SHA512
864484d606a1332606ba33130099f5eaa26dc03979fe6857b588094295bbce3bf83905e6cc57221155d8fecafa63600ec4dd633af956e83272dc873ca55e02db
Score
10/10
Malware Config
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dridex.704.28108.28988.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dridex.704.28108.28988.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
Filesize
220KB
-