Analysis
-
max time kernel
13s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
26-11-2020 05:19
Static task
static1
Behavioral task
behavioral1
Sample
pzxrk4325.dll
Resource
win7v20201028
General
-
Target
pzxrk4325.dll
-
Size
355KB
-
MD5
457a2d0c13db31222c66c3e623d88063
-
SHA1
15bd1122fe1a910c3b8f255bbe74de5ffed57fd2
-
SHA256
a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
-
SHA512
5eeb2bfcfedd0703134196a3135bba5bbc59d67ab51bc847c837e4243c1c1a7fa1971a5602af5f6d946ef1a0f5c5f5f1f1807fa5e5d6dc723b6d5888336875c3
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
194.225.58.216:443
178.254.40.132:691
216.172.165.70:3889
198.57.200.100:3786
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1000-1-0x0000000003410000-0x000000000344D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 636 wrote to memory of 1000 636 rundll32.exe rundll32.exe PID 636 wrote to memory of 1000 636 rundll32.exe rundll32.exe PID 636 wrote to memory of 1000 636 rundll32.exe rundll32.exe