Analysis
-
max time kernel
18s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
24-06-2021 08:25
Static task
static1
General
-
Target
3bc3f8c95efccb895acb303a4078bf2d711ed521d08a520715a979be81d805a7.dll
-
Size
158KB
-
MD5
4eac57694be64747f8a24bbfd058b2ea
-
SHA1
2f3827a4db2d11ea5ac4b5b4a4d05c7799c32c39
-
SHA256
3bc3f8c95efccb895acb303a4078bf2d711ed521d08a520715a979be81d805a7
-
SHA512
44bb62ca07320eb7638e05325455e944347ecdf9a58aa507b9699532b38a2d4af5ad1e36ae5d541d21a7539da1e2354de10dde747bc336b627d459b3f8314a64
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
8.210.53.215:443
72.249.22.245:2303
188.40.137.206:8172
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/3696-115-0x0000000073E80000-0x0000000073EAD000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2576 wrote to memory of 3696 2576 rundll32.exe rundll32.exe PID 2576 wrote to memory of 3696 2576 rundll32.exe rundll32.exe PID 2576 wrote to memory of 3696 2576 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3bc3f8c95efccb895acb303a4078bf2d711ed521d08a520715a979be81d805a7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3bc3f8c95efccb895acb303a4078bf2d711ed521d08a520715a979be81d805a7.dll,#12⤵
- Checks whether UAC is enabled