Analysis
-
max time kernel
138s -
max time network
138s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 20:21
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Dridex.704.22500.31078.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.Dridex.704.22500.31078.dll
-
Size
647KB
-
MD5
cd63f0981882dc0eae43d92879b23b90
-
SHA1
71eb9e3940d1353930f9c006c5757f588a6d0d28
-
SHA256
bb0063629c3a51ea01a188e9f89e0a8b2ca68030d0cdaac6bd84cd100007cfc3
-
SHA512
a3c14d37081861be863f99d044c18bf3aede33c9265e845b55eb5c870d8b368f7eb39a499e699165c3e57661475430d9a38b299b8a063f79314b85038a260748
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 4720 set thread context of 4208 4720 rundll32.exe msiexec.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
msiexec.exedescription pid process Token: SeSecurityPrivilege 4208 msiexec.exe Token: SeSecurityPrivilege 4208 msiexec.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 4696 wrote to memory of 4720 4696 rundll32.exe rundll32.exe PID 4696 wrote to memory of 4720 4696 rundll32.exe rundll32.exe PID 4696 wrote to memory of 4720 4696 rundll32.exe rundll32.exe PID 4720 wrote to memory of 4208 4720 rundll32.exe msiexec.exe PID 4720 wrote to memory of 4208 4720 rundll32.exe msiexec.exe PID 4720 wrote to memory of 4208 4720 rundll32.exe msiexec.exe PID 4720 wrote to memory of 4208 4720 rundll32.exe msiexec.exe PID 4720 wrote to memory of 4208 4720 rundll32.exe msiexec.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dridex.704.22500.31078.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dridex.704.22500.31078.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Suspicious use of AdjustPrivilegeToken