Analysis
-
max time kernel
25s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
25-06-2021 05:42
Static task
static1
General
-
Target
d682ff1fb542940720caa653f3b8768ad6337b6824eed66f644f1107cab8b09d.dll
-
Size
158KB
-
MD5
a856c8611b00360e8fe165d0b1ae10c0
-
SHA1
1616d02243c85b1a41d4ed54a4e09ce4c6ed0d1b
-
SHA256
d682ff1fb542940720caa653f3b8768ad6337b6824eed66f644f1107cab8b09d
-
SHA512
adbc14f1ee6b81741968ade8564572cd525e64168127984d491e6f451ac35809cf4da5dabc079167e0a990dcccfb982cab51dea1292599cca75eda386caf2928
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
8.210.53.215:443
72.249.22.245:2303
188.40.137.206:8172
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1140-115-0x0000000074160000-0x000000007418D000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 904 wrote to memory of 1140 904 rundll32.exe rundll32.exe PID 904 wrote to memory of 1140 904 rundll32.exe rundll32.exe PID 904 wrote to memory of 1140 904 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d682ff1fb542940720caa653f3b8768ad6337b6824eed66f644f1107cab8b09d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:904 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d682ff1fb542940720caa653f3b8768ad6337b6824eed66f644f1107cab8b09d.dll,#12⤵
- Checks whether UAC is enabled
PID:1140