Analysis
-
max time kernel
91s -
max time network
91s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
04-05-2021 15:20
Static task
static1
General
-
Target
c916448e0e655e1c5bccf452efb7604772ee816c9b5f9c11b0a89c17e2942e35.dll
-
Size
161KB
-
MD5
27bfb49d003b0285b1077e8dc57c8323
-
SHA1
45caa2793e1bcf1d1fa63e6f74e03d6d6ce22829
-
SHA256
c916448e0e655e1c5bccf452efb7604772ee816c9b5f9c11b0a89c17e2942e35
-
SHA512
37e6b51c28fc3ea76a50e4f4fa18525b43faf26348d6b9ba2336a64df11745e664693a88ee0c4a56b02390305239d43a9973ae0ec2fa24802cf412778fc568ac
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
107.172.227.10:443
172.93.133.123:2303
108.168.61.147:8172
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/3212-115-0x0000000073860000-0x000000007388E000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2208 wrote to memory of 3212 2208 rundll32.exe rundll32.exe PID 2208 wrote to memory of 3212 2208 rundll32.exe rundll32.exe PID 2208 wrote to memory of 3212 2208 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c916448e0e655e1c5bccf452efb7604772ee816c9b5f9c11b0a89c17e2942e35.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c916448e0e655e1c5bccf452efb7604772ee816c9b5f9c11b0a89c17e2942e35.dll,#12⤵
- Checks whether UAC is enabled