Analysis
-
max time kernel
21s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-06-2022 17:10
Static task
static1
Behavioral task
behavioral1
Sample
wisr1qas.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
wisr1qas.dll
-
Size
476KB
-
MD5
f7703084b13482c646f3851e18d8951a
-
SHA1
939ff0c3db869fa5656b6905f824fdb69050e43c
-
SHA256
b98be8d2e7d160dacbd6cf682aa3fa9f0a0a68ae2d0f89b25376519f0883e495
-
SHA512
1c9e8a129bf0a634582343f14283d5bf152adc58f51230bf288482f49c5605c62b320ae1577571faf039a2b6c070985c251fa0f4a804e1dc98e287f087273498
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
23.246.204.126:443
151.106.39.36:8116
103.124.144.123:6891
172.105.78.60:4664
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1072-57-0x0000000074E30000-0x0000000074EA9000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2040 wrote to memory of 1072 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 1072 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 1072 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 1072 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 1072 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 1072 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 1072 2040 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1072-54-0x0000000000000000-mapping.dmp
-
memory/1072-55-0x0000000075841000-0x0000000075843000-memory.dmpFilesize
8KB
-
memory/1072-56-0x0000000000170000-0x0000000000176000-memory.dmpFilesize
24KB
-
memory/1072-57-0x0000000074E30000-0x0000000074EA9000-memory.dmpFilesize
484KB
-
memory/1072-59-0x0000000000170000-0x0000000000176000-memory.dmpFilesize
24KB