Analysis
-
max time kernel
103s -
max time network
103s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
21-04-2021 18:09
Static task
static1
General
-
Target
233674eddceda4e111bb693601de729a020533e81eb67c57f2ff3966b36d91ec.dll
-
Size
154KB
-
MD5
73e05aee0522a3031337613972078dad
-
SHA1
102996bd4671b1cedf9febcc23ea3b4c712bd3ec
-
SHA256
233674eddceda4e111bb693601de729a020533e81eb67c57f2ff3966b36d91ec
-
SHA512
b848891e6c1ce0687285ce3971c5a66d60c65cfad94e8ee8a566750609d7ab77e0bc012531141f4cafc0b91f377854ef500c78a885505f69b62d5b885243fe65
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
159.8.59.82:443
51.91.156.39:2303
67.196.50.240:8172
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/3952-115-0x0000000073A10000-0x0000000073A3D000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3896 wrote to memory of 3952 3896 rundll32.exe rundll32.exe PID 3896 wrote to memory of 3952 3896 rundll32.exe rundll32.exe PID 3896 wrote to memory of 3952 3896 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\233674eddceda4e111bb693601de729a020533e81eb67c57f2ff3966b36d91ec.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\233674eddceda4e111bb693601de729a020533e81eb67c57f2ff3966b36d91ec.dll,#12⤵
- Checks whether UAC is enabled