Analysis
-
max time kernel
73s -
max time network
66s -
platform
windows7_x64 -
resource
win7-en-20210916 -
submitted
17-09-2021 17:57
Static task
static1
Behavioral task
behavioral1
Sample
a7e6831062eefae7a8e8f3546b62b052.exe
Resource
win7-en-20210916
windows7_x64
0 signatures
0 seconds
General
-
Target
a7e6831062eefae7a8e8f3546b62b052.exe
-
Size
1.1MB
-
MD5
a7e6831062eefae7a8e8f3546b62b052
-
SHA1
cf2c886b040f33e1eda84d9cdab147c8b859b037
-
SHA256
437275776c30ea1da5305f31a1d9a07567b2df3c6f41229782afdcf46343cbed
-
SHA512
653e39eedc4ce52f9abae553519f0078539813f5e2f254969bcf1d3570828aa8ae6996d8960c7ac920fe981b6d2e93cd3baaba4a17481024535df148369352c2
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
159.65.3.147:6225
194.141.47.9:7443
5.199.174.90:9043
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
a7e6831062eefae7a8e8f3546b62b052.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA a7e6831062eefae7a8e8f3546b62b052.exe