Analysis
-
max time kernel
143s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-05-2022 01:06
Static task
static1
Behavioral task
behavioral1
Sample
9ca141ae51959b85bb47633c2660ee587745ab720f74cba8973ce06f14963064.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
9ca141ae51959b85bb47633c2660ee587745ab720f74cba8973ce06f14963064.exe
-
Size
747KB
-
MD5
e3f384c593482912298b6d63db17ae52
-
SHA1
85baae83db7f4ae7ef36abed2da0959bb14049a2
-
SHA256
9ca141ae51959b85bb47633c2660ee587745ab720f74cba8973ce06f14963064
-
SHA512
9192d3651bb51ef7e397dea5193dbe317825f2d6e0f57c0d0a224a2139d54d5c2856311e978d97ac4f8a12f909d798f5d220c25876ffa96ef75d38e3d04e99f3
Malware Config
Extracted
Family
dridex
Botnet
10111
C2
51.254.163.104:1688
142.4.6.57:14043
195.159.28.230:4443
64.225.35.35:3098
rc4.plain
rc4.plain
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
9ca141ae51959b85bb47633c2660ee587745ab720f74cba8973ce06f14963064.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 9ca141ae51959b85bb47633c2660ee587745ab720f74cba8973ce06f14963064.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
9ca141ae51959b85bb47633c2660ee587745ab720f74cba8973ce06f14963064.exepid process 4892 9ca141ae51959b85bb47633c2660ee587745ab720f74cba8973ce06f14963064.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ca141ae51959b85bb47633c2660ee587745ab720f74cba8973ce06f14963064.exe"C:\Users\Admin\AppData\Local\Temp\9ca141ae51959b85bb47633c2660ee587745ab720f74cba8973ce06f14963064.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: GetForegroundWindowSpam