Analysis
-
max time kernel
27s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
21-06-2021 20:28
Static task
static1
General
-
Target
eb384e23b320ca080a3992e694e755545a16a8609927596ac66fc319f342b959.dll
-
Size
158KB
-
MD5
2e8f0b45ef1133a99f7b3cd0de1f25a2
-
SHA1
9b3469e9dc4d95ae5116264d87b301cb8d67b9e8
-
SHA256
eb384e23b320ca080a3992e694e755545a16a8609927596ac66fc319f342b959
-
SHA512
5e158f8fcf81e80a4668095e9bbce4bb9a1f14db808178e6bc94aedc405c1ea5a6044ad607494710d9a62600d6e0821c2ae8dd38f4a55fa1fdec23bb573223b4
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
8.210.53.215:443
72.249.22.245:2303
188.40.137.206:8172
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/772-115-0x0000000074260000-0x000000007428D000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 996 wrote to memory of 772 996 rundll32.exe rundll32.exe PID 996 wrote to memory of 772 996 rundll32.exe rundll32.exe PID 996 wrote to memory of 772 996 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\eb384e23b320ca080a3992e694e755545a16a8609927596ac66fc319f342b959.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:996 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\eb384e23b320ca080a3992e694e755545a16a8609927596ac66fc319f342b959.dll,#12⤵
- Checks whether UAC is enabled
PID:772