Analysis
-
max time kernel
28s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
23-06-2021 11:02
Static task
static1
General
-
Target
07312c07ed4872a7872aef277da869a028d87a07c541fb98de8f915af67f42f6.dll
-
Size
160KB
-
MD5
43d1d1a60a64d02277f842c01e9716bc
-
SHA1
0640e03ed59bc13ae091a4e46058089e35013be0
-
SHA256
07312c07ed4872a7872aef277da869a028d87a07c541fb98de8f915af67f42f6
-
SHA512
f43ad3cad7cb2a1931c76b12da2ccf74903457dfe6d9915593237e89496bca4c3abfa2af0008b382fae8ce78494aec28bce88cebff8ac885a81a2e1b1b811c61
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
94.247.168.64:443
159.203.93.122:8172
50.116.27.97:2303
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1416-115-0x0000000074450000-0x000000007447E000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 640 wrote to memory of 1416 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 1416 640 rundll32.exe rundll32.exe PID 640 wrote to memory of 1416 640 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07312c07ed4872a7872aef277da869a028d87a07c541fb98de8f915af67f42f6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07312c07ed4872a7872aef277da869a028d87a07c541fb98de8f915af67f42f6.dll,#12⤵
- Checks whether UAC is enabled