Analysis
-
max time kernel
60s -
max time network
132s -
submitted
01-01-1970 00:00
Static task
static1
Behavioral task
behavioral1
Sample
8ba232fa928c7e69201f47f0cf216001.dll
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
8ba232fa928c7e69201f47f0cf216001.dll
-
Size
750KB
-
MD5
8ba232fa928c7e69201f47f0cf216001
-
SHA1
cb1e795ba0578f99cc7172034c52daa77cf8684e
-
SHA256
e07ae56f0cb20f2bc6a9a5dab953bd97e4a4c2047d784dab106d3fd3eb535b3c
-
SHA512
f7ce37d1b7bdab7deeab730107dfa0e05e132648cd51c415c9baecf52af35d78316f1a0a35550f9b0cc7d5dbc70b97028201665771d12592e6b8593b817b9dd8
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
192.46.210.220:443
143.244.140.214:808
45.77.0.96:6891
185.56.219.47:8116
rc4.plain
rc4.plain
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 3 672 rundll32.exe 6 672 rundll32.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 520 wrote to memory of 672 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 672 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 672 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 672 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 672 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 672 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 672 520 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8ba232fa928c7e69201f47f0cf216001.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8ba232fa928c7e69201f47f0cf216001.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/672-54-0x0000000000000000-mapping.dmp
-
memory/672-55-0x0000000075FC1000-0x0000000075FC3000-memory.dmpFilesize
8KB
-
memory/672-56-0x0000000074E30000-0x0000000074EF9000-memory.dmpFilesize
804KB
-
memory/672-57-0x0000000074E30000-0x0000000074E6D000-memory.dmpFilesize
244KB
-
memory/672-58-0x0000000074E30000-0x0000000074EF9000-memory.dmpFilesize
804KB
-
memory/672-60-0x00000000000B0000-0x00000000000B1000-memory.dmpFilesize
4KB