Analysis
-
max time kernel
19s -
max time network
123s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
26-06-2021 01:27
Static task
static1
General
-
Target
ed125a2a50642af44a5315b89825de9377448ed26e09ac391c769ff88d54bbb6.dll
-
Size
160KB
-
MD5
0f979e1fcc5d2e02ca038f3f41aa1bcd
-
SHA1
7c2fe157b7215304fd31bf4d9f1eed89b04b379d
-
SHA256
ed125a2a50642af44a5315b89825de9377448ed26e09ac391c769ff88d54bbb6
-
SHA512
252d5ac98d066ed080ca4cb0f93244938881b073afb50ae2157602e84109780070f9ce40ee7d77f167883adfc0bc34beec7ff388707ec122aa7e189e058768e8
Malware Config
Extracted
Family
dridex
Botnet
40111
C2
94.247.168.64:443
159.203.93.122:8172
50.116.27.97:2303
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1636-115-0x0000000073E80000-0x0000000073EAE000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3356 wrote to memory of 1636 3356 rundll32.exe rundll32.exe PID 3356 wrote to memory of 1636 3356 rundll32.exe rundll32.exe PID 3356 wrote to memory of 1636 3356 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed125a2a50642af44a5315b89825de9377448ed26e09ac391c769ff88d54bbb6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed125a2a50642af44a5315b89825de9377448ed26e09ac391c769ff88d54bbb6.dll,#12⤵
- Checks whether UAC is enabled