Analysis
-
max time kernel
27s -
max time network
69s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
25-06-2021 11:05
Static task
static1
General
-
Target
6935bcada72f262cd4f1e6a49f177a3f6a6f5517743d23d0e219f88a3b609dcf.dll
-
Size
160KB
-
MD5
dfac561539241c68bd042d2fc9671069
-
SHA1
0a7fb74e8ff4a3cc78bc8de87aa5c87d47a3f796
-
SHA256
6935bcada72f262cd4f1e6a49f177a3f6a6f5517743d23d0e219f88a3b609dcf
-
SHA512
aaf22f4a6ac3b5fd7be4a0db2954ac8ddcf172af8dcf53af800bca5eb208dc72145af80085dc870e426e6769ac7c0df741904ece4be0c2a5e4dd71a01eb5dafb
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
94.247.168.64:443
159.203.93.122:8172
50.116.27.97:2303
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1028-115-0x00000000735F0000-0x000000007361E000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 528 wrote to memory of 1028 528 rundll32.exe rundll32.exe PID 528 wrote to memory of 1028 528 rundll32.exe rundll32.exe PID 528 wrote to memory of 1028 528 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6935bcada72f262cd4f1e6a49f177a3f6a6f5517743d23d0e219f88a3b609dcf.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:528 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6935bcada72f262cd4f1e6a49f177a3f6a6f5517743d23d0e219f88a3b609dcf.dll,#12⤵
- Checks whether UAC is enabled
PID:1028
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1028-114-0x0000000000000000-mapping.dmp
-
memory/1028-115-0x00000000735F0000-0x000000007361E000-memory.dmpFilesize
184KB
-
memory/1028-117-0x0000000002F80000-0x0000000002F86000-memory.dmpFilesize
24KB
-
memory/1028-119-0x0000000002FE0000-0x0000000002FE1000-memory.dmpFilesize
4KB