Analysis
-
max time kernel
64s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
25-06-2022 05:18
Static task
static1
Behavioral task
behavioral1
Sample
9964db67176dea39fae2922636a42d8b246d6f5f8b900ec8811589baec74ff04.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
9964db67176dea39fae2922636a42d8b246d6f5f8b900ec8811589baec74ff04.dll
-
Size
364KB
-
MD5
971599aea536c511a27cc5b34216cc47
-
SHA1
14fadefb9927148a490dbc4782f45471e4e80f78
-
SHA256
9964db67176dea39fae2922636a42d8b246d6f5f8b900ec8811589baec74ff04
-
SHA512
4430b3acb90b5e540930c18a799f46282f1f5dafbda7a0cb909bfd9aaa332cfd7e1609c00e22e3c080e762ce923de7beb54fd3433a49ae5fd2c289515571d719
Malware Config
Extracted
Family
dridex
C2
176.126.243.82:443
167.114.122.37:691
66.34.201.20:8443
46.105.111.191:691
Signatures
-
Processes:
resource yara_rule behavioral1/memory/840-58-0x0000000002010000-0x0000000002031000-memory.dmp dridex_ldr behavioral1/memory/840-59-0x0000000002010000-0x0000000002973000-memory.dmp dridex_ldr behavioral1/memory/840-61-0x0000000002010000-0x0000000002973000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1804 wrote to memory of 840 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 840 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 840 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 840 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 840 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 840 1804 rundll32.exe rundll32.exe PID 1804 wrote to memory of 840 1804 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9964db67176dea39fae2922636a42d8b246d6f5f8b900ec8811589baec74ff04.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9964db67176dea39fae2922636a42d8b246d6f5f8b900ec8811589baec74ff04.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/840-54-0x0000000000000000-mapping.dmp
-
memory/840-55-0x0000000075951000-0x0000000075953000-memory.dmpFilesize
8KB
-
memory/840-56-0x0000000002010000-0x0000000002973000-memory.dmpFilesize
9.4MB
-
memory/840-57-0x0000000002010000-0x0000000002973000-memory.dmpFilesize
9.4MB
-
memory/840-58-0x0000000002010000-0x0000000002031000-memory.dmpFilesize
132KB
-
memory/840-59-0x0000000002010000-0x0000000002973000-memory.dmpFilesize
9.4MB
-
memory/840-61-0x0000000002010000-0x0000000002973000-memory.dmpFilesize
9.4MB