Analysis
-
max time kernel
26s -
max time network
114s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
15/06/2021, 11:07
Static task
static1
General
-
Target
62b976ebd52e6cd914090ce21efcf6d0de79d52e5bf87eacf9e83da205e78d1b.dll
-
Size
162KB
-
MD5
ce6a6e11aac9c1f3a09a098cf0dec66b
-
SHA1
b859b31b2719a91057d6e29f800d950563b1d400
-
SHA256
62b976ebd52e6cd914090ce21efcf6d0de79d52e5bf87eacf9e83da205e78d1b
-
SHA512
e0dfe134d9767b9a58335c81c8112c75b1c6a93f4fb745eb3f992efbcc4f0c5e8ac21211ca44fadac358e2f3ba19bd0205f2c87f7a3b65e8335c86ad630654c7
Malware Config
Extracted
Family
dridex
Botnet
40112
C2
107.172.227.10:443
172.93.133.123:2303
108.168.61.147:8172
rc4.plain
rc4.plain
Signatures
-
resource yara_rule behavioral1/memory/904-115-0x00000000735F0000-0x000000007361E000-memory.dmp dridex_ldr -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 660 wrote to memory of 904 660 rundll32.exe 68 PID 660 wrote to memory of 904 660 rundll32.exe 68 PID 660 wrote to memory of 904 660 rundll32.exe 68
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\62b976ebd52e6cd914090ce21efcf6d0de79d52e5bf87eacf9e83da205e78d1b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:660 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\62b976ebd52e6cd914090ce21efcf6d0de79d52e5bf87eacf9e83da205e78d1b.dll,#12⤵
- Checks whether UAC is enabled
PID:904
-