Analysis
-
max time kernel
96s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
19-06-2022 21:47
Static task
static1
Behavioral task
behavioral1
Sample
3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe
-
Size
167KB
-
MD5
0b2c355e45dc8fc2dff5a2b46aa81e5b
-
SHA1
e485b5133a03328bd7642f138c67ebe9befe2706
-
SHA256
3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0
-
SHA512
262dec8537c42e037117da4a93741afb5531e45e5df0586eb92af21066159bd3d946e6756a3fd16b362b5841ca02ce8aa0715dd4c583cf64f1d5b4f1ada4d619
Malware Config
Extracted
Family
dridex
C2
46.105.131.86:443
5.39.91.110:691
5.133.242.156:170
64.22.124.239:691
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4696-130-0x0000000000400000-0x0000000000429000-memory.dmp dridex_ldr -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exedescription pid process Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeShutdownPrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe Token: SeCreatePagefilePrivilege 4696 3456415723656eef7b0a8b0f655bf5ad0da411df02839dcfb148ea3b7fdffdf0.exe