Analysis
-
max time kernel
23s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
21-04-2021 20:03
Static task
static1
Behavioral task
behavioral1
Sample
b8056652f3c5947555611141bb27c211301e74e407c40b5b6e6d3a060e42d931.dll
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
b8056652f3c5947555611141bb27c211301e74e407c40b5b6e6d3a060e42d931.dll
-
Size
154KB
-
MD5
388470f995842e284c1ab3351a6b9ec5
-
SHA1
4768369da22eb91eaeccf22079ad6d3b67e863e6
-
SHA256
b8056652f3c5947555611141bb27c211301e74e407c40b5b6e6d3a060e42d931
-
SHA512
0ebeefeebcd3242681bc8c12dbe76e3e4f9c475c9a4d92a7ed58c265d02485438eb880d8d2e8fc1e6bbba1fca141325bdbf9c8f2864b1b334101d3c8d17f688d
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
159.8.59.82:443
51.91.156.39:2303
67.196.50.240:8172
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/740-115-0x0000000073860000-0x000000007388D000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2204 wrote to memory of 740 2204 rundll32.exe rundll32.exe PID 2204 wrote to memory of 740 2204 rundll32.exe rundll32.exe PID 2204 wrote to memory of 740 2204 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b8056652f3c5947555611141bb27c211301e74e407c40b5b6e6d3a060e42d931.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b8056652f3c5947555611141bb27c211301e74e407c40b5b6e6d3a060e42d931.dll,#12⤵
- Checks whether UAC is enabled