Analysis
-
max time kernel
81s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
18-04-2022 13:17
Behavioral task
behavioral1
Sample
16a1cdadc7b848ef3f557291f69889de040d20ecd5c750cea1e8ad1561fcd10c.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
16a1cdadc7b848ef3f557291f69889de040d20ecd5c750cea1e8ad1561fcd10c.dll
-
Size
391KB
-
MD5
b685d1ae9a1038148e31396c43ab7498
-
SHA1
cba868c11941d356c6ad245efd2f3a6a0630cfc7
-
SHA256
16a1cdadc7b848ef3f557291f69889de040d20ecd5c750cea1e8ad1561fcd10c
-
SHA512
81ddd7fb4daa5bca490ec413fe07fa8b3349849d763aa21860b1b99de1ea1e71ae78f1f30c5f6e227ee81142211527d03d7ee5bdcb8968bb826ebeb00d0bb3ef
Malware Config
Extracted
Family
dridex
Botnet
10555
C2
194.150.118.7:443
45.77.154.161:1688
45.56.127.75:49160
62.171.142.179:4664
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4112 wrote to memory of 1792 4112 rundll32.exe rundll32.exe PID 4112 wrote to memory of 1792 4112 rundll32.exe rundll32.exe PID 4112 wrote to memory of 1792 4112 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16a1cdadc7b848ef3f557291f69889de040d20ecd5c750cea1e8ad1561fcd10c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16a1cdadc7b848ef3f557291f69889de040d20ecd5c750cea1e8ad1561fcd10c.dll,#12⤵