Analysis
-
max time kernel
41s -
max time network
148s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
04-01-2021 15:29
Static task
static1
Behavioral task
behavioral1
Sample
e5gwe.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
e5gwe.dll
-
Size
164KB
-
MD5
97235c5153c1e1a988df36a8db83ef87
-
SHA1
5768261af0eb9c293d29b5a9106762b1b4859aad
-
SHA256
2e8384b979521ab1a3ac17745f81d9a18fa084294d242d4a6918db4413e313c6
-
SHA512
ad6f66e63ca693b0d3644eafb68b9969d7b4f70d885781b98ae2391bab5425770d5172f95e818a8c771f201b7548035c7d77d81c96abf28a0ae388a5dc706dde
Malware Config
Extracted
Family
dridex
Botnet
111
C2
172.86.186.22:3889
46.105.131.78:14431
103.244.206.74:33443
139.162.53.147:4443
rc4.plain
rc4.plain
Signatures
-
resource yara_rule behavioral2/memory/828-3-0x0000000073770000-0x000000007378F000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1812 wrote to memory of 828 1812 rundll32.exe 71 PID 1812 wrote to memory of 828 1812 rundll32.exe 71 PID 1812 wrote to memory of 828 1812 rundll32.exe 71