Analysis
-
max time kernel
26s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
21-06-2021 09:19
Static task
static1
General
-
Target
06ccccaae19a863c46377bd745410884ae219bb0c5ed6902b1ba70a85fe10f77.dll
-
Size
158KB
-
MD5
80bbd344948cc1a6e4e3ff624ae75049
-
SHA1
c147bae622b5418c675010d9531beffe88aa3489
-
SHA256
06ccccaae19a863c46377bd745410884ae219bb0c5ed6902b1ba70a85fe10f77
-
SHA512
6a9c3080042f8a387ec0f7f30d99b5c78b26430c43066a8232370f6954c54575a73416ef75665b93ef0a675abfead3dff76bbb9f306057f4ba3aa38110997928
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
8.210.53.215:443
72.249.22.245:2303
188.40.137.206:8172
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/4896-115-0x0000000073880000-0x00000000738AD000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4796 wrote to memory of 4896 4796 rundll32.exe rundll32.exe PID 4796 wrote to memory of 4896 4796 rundll32.exe rundll32.exe PID 4796 wrote to memory of 4896 4796 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06ccccaae19a863c46377bd745410884ae219bb0c5ed6902b1ba70a85fe10f77.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06ccccaae19a863c46377bd745410884ae219bb0c5ed6902b1ba70a85fe10f77.dll,#12⤵
- Checks whether UAC is enabled