Analysis
-
max time kernel
38s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
16-04-2022 05:40
Static task
static1
Behavioral task
behavioral1
Sample
gy2fyh8.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
gy2fyh8.dll
-
Size
425KB
-
MD5
7d99e955a5f92c1f7809bb6a6609af70
-
SHA1
a9eae703e5b501bd0ab767782ee4cfad467b736e
-
SHA256
e63419700590e021c61e68cfaccfbe5be4f31aba7fdf703d323c8b14365658e5
-
SHA512
e935fad23dc862daf1c55677d255b142f112ac1a6102614c672dd1e75f9c64a54e7266a8a1d45cc5de9b31e85db2281200d5cdb551d0dd544e8d08dddf2641b6
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
77.220.64.132:443
212.227.53.240:5037
192.241.174.45:8172
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 532 wrote to memory of 916 532 regsvr32.exe regsvr32.exe PID 532 wrote to memory of 916 532 regsvr32.exe regsvr32.exe PID 532 wrote to memory of 916 532 regsvr32.exe regsvr32.exe PID 532 wrote to memory of 916 532 regsvr32.exe regsvr32.exe PID 532 wrote to memory of 916 532 regsvr32.exe regsvr32.exe PID 532 wrote to memory of 916 532 regsvr32.exe regsvr32.exe PID 532 wrote to memory of 916 532 regsvr32.exe regsvr32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/532-54-0x000007FEFB6E1000-0x000007FEFB6E3000-memory.dmpFilesize
8KB
-
memory/916-55-0x0000000000000000-mapping.dmp
-
memory/916-56-0x0000000075711000-0x0000000075713000-memory.dmpFilesize
8KB
-
memory/916-57-0x0000000000AD0000-0x0000000000BBE000-memory.dmpFilesize
952KB
-
memory/916-58-0x0000000000AD0000-0x0000000000BBE000-memory.dmpFilesize
952KB