Analysis
-
max time kernel
18s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
29-06-2021 08:59
Static task
static1
General
-
Target
2dd458e0f6ea3b3db2037f62c5d7d44cc3d1500d8d1e5787565f4a762c093edf.dll
-
Size
162KB
-
MD5
ca5fc02044520cdd8b99322cd699c2d3
-
SHA1
c4dfd273aa80840d1f1459d6606803b5c0e2c2fa
-
SHA256
2dd458e0f6ea3b3db2037f62c5d7d44cc3d1500d8d1e5787565f4a762c093edf
-
SHA512
74388d0fc73bd567569ca20a380c0bc9921bc8fef50f567efe859cd5066c294e27b749360af56abe7eb0ecee33a469569572dab56a1b71295e4386ce21800caf
Malware Config
Extracted
Family
dridex
Botnet
40112
C2
107.172.227.10:443
172.93.133.123:2303
108.168.61.147:8172
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2220-116-0x00000000736B0000-0x00000000736DE000-memory.dmp dridex_ldr -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2256 wrote to memory of 2220 2256 rundll32.exe rundll32.exe PID 2256 wrote to memory of 2220 2256 rundll32.exe rundll32.exe PID 2256 wrote to memory of 2220 2256 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2dd458e0f6ea3b3db2037f62c5d7d44cc3d1500d8d1e5787565f4a762c093edf.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2dd458e0f6ea3b3db2037f62c5d7d44cc3d1500d8d1e5787565f4a762c093edf.dll,#12⤵
- Checks whether UAC is enabled
PID:2220