Analysis
-
max time kernel
14s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
26-11-2020 12:05
Static task
static1
Behavioral task
behavioral1
Sample
ucjk7st.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
ucjk7st.dll
-
Size
426KB
-
MD5
455e8c40a659762249a13b5ef6cfb2cb
-
SHA1
818423b1fc4f4149e2bda0feb359c1605de1eb6c
-
SHA256
8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33
-
SHA512
7ba2b6f6c452009e74a31a0da2bc3a27e565fe12997c33cb0e8cf9397cd61ec232e2870516aa94e4f2affd2291f6b728b77775a6f8732dd5133a4df28a341123
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
194.225.58.216:443
178.254.40.132:691
216.172.165.70:3889
198.57.200.100:3786
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/408-1-0x0000000004E50000-0x0000000004E8D000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 640 wrote to memory of 408 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 408 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 408 640 rundll32.exe rundll32.exe