Analysis
-
max time kernel
44s -
max time network
60s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-06-2022 16:36
Static task
static1
Behavioral task
behavioral1
Sample
h0pr8ad8y.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
h0pr8ad8y.dll
-
Size
1.0MB
-
MD5
e89d3eb135ec079aeede207b2f096014
-
SHA1
9278bb8b1d6e5fc2e509d3efacb2efe77a4ec93f
-
SHA256
a6165037e61807f6eb845bf9fae546bb9290685335c0ed50e6102ca9857e5fe9
-
SHA512
666a13c7eadb52d43410791fb46ea92fe017d416f8347ed3c749a95ca257b43dd251bf12705b45287e8fc52979d8e54569d97d98a670ae46ca9201eb5e29c239
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
192.46.210.220:443
143.244.140.214:808
45.77.0.96:6891
185.56.219.47:8116
rc4.plain
rc4.plain
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 2 1636 rundll32.exe 5 1636 rundll32.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 276 wrote to memory of 1636 276 rundll32.exe rundll32.exe PID 276 wrote to memory of 1636 276 rundll32.exe rundll32.exe PID 276 wrote to memory of 1636 276 rundll32.exe rundll32.exe PID 276 wrote to memory of 1636 276 rundll32.exe rundll32.exe PID 276 wrote to memory of 1636 276 rundll32.exe rundll32.exe PID 276 wrote to memory of 1636 276 rundll32.exe rundll32.exe PID 276 wrote to memory of 1636 276 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\h0pr8ad8y.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\h0pr8ad8y.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1636-54-0x0000000000000000-mapping.dmp
-
memory/1636-55-0x0000000075721000-0x0000000075723000-memory.dmpFilesize
8KB
-
memory/1636-56-0x0000000074770000-0x000000007488B000-memory.dmpFilesize
1.1MB
-
memory/1636-57-0x0000000074770000-0x00000000747AD000-memory.dmpFilesize
244KB
-
memory/1636-58-0x0000000074770000-0x000000007488B000-memory.dmpFilesize
1.1MB
-
memory/1636-60-0x0000000074770000-0x000000007488B000-memory.dmpFilesize
1.1MB
-
memory/1636-61-0x0000000074770000-0x000000007488B000-memory.dmpFilesize
1.1MB