Analysis
-
max time kernel
118s -
max time network
150s -
submitted
01-01-1970 00:00
Static task
static1
Behavioral task
behavioral1
Sample
2980030803fd28c4b6853ac409913169.dll
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
General
-
Target
2980030803fd28c4b6853ac409913169.dll
-
Size
750KB
-
MD5
2980030803fd28c4b6853ac409913169
-
SHA1
bdf5d8880fac10050953d2cac23192bf51ef2b1c
-
SHA256
ee7fb2c80d221dff02db8416bcd2b09c4ec50eb15fa626afe02c7a311243ae05
-
SHA512
a3619ca66ecb89e02ed23d982dc46df72fae4fdbbde33beb5b58eee5b6f8124e190d5b1a2460d29e37d72049de62b3d0f04ea95181414f02bcdc3060dd8ce87f
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
192.46.210.220:443
143.244.140.214:808
45.77.0.96:6891
185.56.219.47:8116
rc4.plain
rc4.plain
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 23 2256 rundll32.exe 25 2256 rundll32.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 8 wrote to memory of 2256 8 rundll32.exe rundll32.exe PID 8 wrote to memory of 2256 8 rundll32.exe rundll32.exe PID 8 wrote to memory of 2256 8 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2980030803fd28c4b6853ac409913169.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2980030803fd28c4b6853ac409913169.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2256-115-0x0000000000000000-mapping.dmp
-
memory/2256-116-0x00000000740C0000-0x0000000074189000-memory.dmpFilesize
804KB
-
memory/2256-118-0x00000000740C0000-0x0000000074189000-memory.dmpFilesize
804KB
-
memory/2256-117-0x00000000740C0000-0x00000000740FD000-memory.dmpFilesize
244KB
-
memory/2256-121-0x0000000002CD0000-0x0000000002CD1000-memory.dmpFilesize
4KB
-
memory/2256-120-0x0000000002CD0000-0x0000000002CD1000-memory.dmpFilesize
4KB
-
memory/2256-123-0x0000000002CD0000-0x0000000002CD1000-memory.dmpFilesize
4KB
-
memory/2256-122-0x0000000000B40000-0x0000000000B41000-memory.dmpFilesize
4KB