Analysis
-
max time kernel
86s -
max time network
46s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
14-01-2021 09:56
Static task
static1
Behavioral task
behavioral1
Sample
V701kINZ491h.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
V701kINZ491h.dll
-
Size
236KB
-
MD5
852c9134444062073128dc5a6effa7f7
-
SHA1
c09150e35f0d71c59e41fff786cb40c3524e2134
-
SHA256
24d6327c85aaba6e15d4815c3de9b5503ecd727da8105525afd859548190b3eb
-
SHA512
9f0c85ff710943d8dfaa88b7d58b76530ca498782894a754a51a6738cb9dcbf4ac19b2e3f7ca029da93601dda06fe6dbea1eb1ee28aa8806f4506c0eda736a33
Malware Config
Extracted
Family
dridex
Botnet
111
C2
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1864-3-0x00000000749B0000-0x00000000749CF000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1008 wrote to memory of 1864 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1864 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1864 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1864 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1864 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1864 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1864 1008 rundll32.exe rundll32.exe