Analysis
-
max time kernel
4294179s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
20-03-2022 05:09
Static task
static1
Behavioral task
behavioral1
Sample
dffddd9a48265faf0bef7876cf73f930e70af36317239757c0466d4772a52ffa.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
General
-
Target
dffddd9a48265faf0bef7876cf73f930e70af36317239757c0466d4772a52ffa.exe
-
Size
747KB
-
MD5
6c491a39d2aaa238c43fb4a7058ce158
-
SHA1
83e57fdd6014f6b8ee1915aa61d58b17ce542f52
-
SHA256
dffddd9a48265faf0bef7876cf73f930e70af36317239757c0466d4772a52ffa
-
SHA512
a7bddbd2b87bb7df00b02a79344c469632e8603dab12235b63c61397d6e0807c560b9176b3f5b9c79ed7d7d993fe46a828cc6ec6605f50551e376d5f78823c61
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
51.254.163.104:1688
142.4.6.57:14043
195.159.28.230:4443
64.225.35.35:3098
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
dffddd9a48265faf0bef7876cf73f930e70af36317239757c0466d4772a52ffa.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA dffddd9a48265faf0bef7876cf73f930e70af36317239757c0466d4772a52ffa.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
dffddd9a48265faf0bef7876cf73f930e70af36317239757c0466d4772a52ffa.exepid process 1776 dffddd9a48265faf0bef7876cf73f930e70af36317239757c0466d4772a52ffa.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dffddd9a48265faf0bef7876cf73f930e70af36317239757c0466d4772a52ffa.exe"C:\Users\Admin\AppData\Local\Temp\dffddd9a48265faf0bef7876cf73f930e70af36317239757c0466d4772a52ffa.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: GetForegroundWindowSpam