Analysis
-
max time kernel
88s -
max time network
123s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
14-01-2021 09:57
Static task
static1
Behavioral task
behavioral1
Sample
SlyOzj2S7kfU8q.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
SlyOzj2S7kfU8q.dll
-
Size
236KB
-
MD5
99cf857dc9bf366da1cc363b0890f442
-
SHA1
038be0efc724a12be21a96c8a8b8a60fb8079a70
-
SHA256
e16fe86e0744baffec12cff0c66d3aed58b2c97c39578afee41572f503e20c4c
-
SHA512
54fd7dd8aadf96f342a9945ef9b7e597fe7ccb58170243a2687484a0c7a1e7994a117c76609a51a98a57f20748ebe59d145c600555bc93d10004aada2ec6caf4
Malware Config
Extracted
Family
dridex
Botnet
111
C2
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1320-3-0x00000000749D0000-0x00000000749EF000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1864 wrote to memory of 1320 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1320 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1320 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1320 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1320 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1320 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1320 1864 rundll32.exe rundll32.exe