Analysis
-
max time kernel
26s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
24-06-2021 18:28
Static task
static1
General
-
Target
777bf6a6c093caaa279b3612af56e4ae7ff221e4070920d2aa3d16476a9f3724.dll
-
Size
160KB
-
MD5
6edffe16fbde9873c2b81ea9b5afdbb5
-
SHA1
f61d15d9753376791db767fdf7f01d89405b0665
-
SHA256
777bf6a6c093caaa279b3612af56e4ae7ff221e4070920d2aa3d16476a9f3724
-
SHA512
95b153bf1689e45613e11bb5bac0e786eecc4d623bf64aed39813b20c79aa63a8793fba406514002b0282e981bbe33de4b48bd6c67b08a397bda287fdd399999
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
94.247.168.64:443
159.203.93.122:8172
50.116.27.97:2303
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1012-115-0x0000000074450000-0x000000007447E000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 656 wrote to memory of 1012 656 rundll32.exe rundll32.exe PID 656 wrote to memory of 1012 656 rundll32.exe rundll32.exe PID 656 wrote to memory of 1012 656 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\777bf6a6c093caaa279b3612af56e4ae7ff221e4070920d2aa3d16476a9f3724.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:656 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\777bf6a6c093caaa279b3612af56e4ae7ff221e4070920d2aa3d16476a9f3724.dll,#12⤵
- Checks whether UAC is enabled
PID:1012