Analysis
-
max time kernel
118s -
max time network
121s -
submitted
01-01-1970 00:00
General
-
Target
7912f4bdf9b0f73f39462fd29536a3be.dll
-
Size
750KB
-
MD5
7912f4bdf9b0f73f39462fd29536a3be
-
SHA1
c50a63b068c3d16b81c66ad6ebc36f9b50b67916
-
SHA256
0bbf8dcb9ab6e8e50f127aa485186f8e75cc7428b9f2d5aa0a98ab35690988f5
-
SHA512
7c887db4f835fd1445a599f0e790a625b504dfaa417fb0f40bc064d93fec1ac96289c86503821ce66f8f666582e8d52af5b329d89242a4b9cf12a6886299738b
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
192.46.210.220:443
143.244.140.214:808
45.77.0.96:6891
185.56.219.47:8116
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7912f4bdf9b0f73f39462fd29536a3be.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7912f4bdf9b0f73f39462fd29536a3be.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/532-55-0x0000000000000000-mapping.dmp
-
memory/532-56-0x0000000076431000-0x0000000076433000-memory.dmpFilesize
8KB
-
memory/532-57-0x00000000748F0000-0x00000000749B9000-memory.dmpFilesize
804KB
-
memory/532-58-0x00000000748F0000-0x000000007492D000-memory.dmpFilesize
244KB
-
memory/532-59-0x00000000748F0000-0x00000000749B9000-memory.dmpFilesize
804KB
-
memory/532-61-0x00000000000B0000-0x00000000000B1000-memory.dmpFilesize
4KB