Analysis
-
max time kernel
141s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
24-03-2022 11:11
Static task
static1
Behavioral task
behavioral1
Sample
ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b.dll
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
General
-
Target
ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b.dll
-
Size
355KB
-
MD5
821e56271da5d7ab18c6eb49cb14abf5
-
SHA1
be56ac4b532620d9b3ec88c9b2530de0a6499d6a
-
SHA256
ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b
-
SHA512
79b2325efe8ad9e24e0f22ede0d824367986caf3133df86be86b89d39c8d4cd3811bc3ee0cca8746ceeea5c3c790b192be0cab7b2d9b005444f6756df97111f5
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
175.126.167.148:443
173.249.20.233:8043
162.241.204.233:4443
138.122.143.40:8043
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2212 wrote to memory of 1948 2212 rundll32.exe rundll32.exe PID 2212 wrote to memory of 1948 2212 rundll32.exe rundll32.exe PID 2212 wrote to memory of 1948 2212 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ceec2d7752b046d0e0119a794aae214e097ab074f728494bb6edab2fb5370b4b.dll,#12⤵