Analysis
-
max time kernel
44s -
max time network
63s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-06-2022 16:51
General
-
Target
og27ksp6.dll
-
Size
1.0MB
-
MD5
f6513fd9bb92c2eecb2bee88d7a221a3
-
SHA1
f2358c1c65a3d76fdd29018c76915971fe91ee5b
-
SHA256
4850bb885ea9c2266d592c33de4e326555cee54156978afbc846f75836b991ae
-
SHA512
204948b212553665e4b31169f5bafe500cc5735af1da05fa722d26b4ea76cf2c004b7a36488936b873c83bfd34c59e8acd623922306a4c851b5a306c8ef3766e
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
192.46.210.220:443
143.244.140.214:808
45.77.0.96:6891
185.56.219.47:8116
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\og27ksp6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\og27ksp6.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1688-54-0x0000000000000000-mapping.dmp
-
memory/1688-55-0x00000000751C1000-0x00000000751C3000-memory.dmpFilesize
8KB
-
memory/1688-56-0x0000000074640000-0x000000007475B000-memory.dmpFilesize
1.1MB
-
memory/1688-58-0x0000000074640000-0x000000007475B000-memory.dmpFilesize
1.1MB
-
memory/1688-57-0x0000000074640000-0x000000007467D000-memory.dmpFilesize
244KB
-
memory/1688-60-0x0000000074640000-0x000000007475B000-memory.dmpFilesize
1.1MB
-
memory/1688-61-0x0000000074640000-0x000000007475B000-memory.dmpFilesize
1.1MB