Overview

overview

10

Static

static

9964db6717...04.dll

windows7_x64

10

9964db6717...04.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    91s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    25-06-2022 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9964db67176dea39fae2922636a42d8b246d6f5f8b900ec8811589baec74ff04.dll

  • Size

    364KB

  • MD5

    971599aea536c511a27cc5b34216cc47

  • SHA1

    14fadefb9927148a490dbc4782f45471e4e80f78

  • SHA256

    9964db67176dea39fae2922636a42d8b246d6f5f8b900ec8811589baec74ff04

  • SHA512

    4430b3acb90b5e540930c18a799f46282f1f5dafbda7a0cb909bfd9aaa332cfd7e1609c00e22e3c080e762ce923de7beb54fd3433a49ae5fd2c289515571d719

Score
10/10
dridexbotnetloader

Malware Config

Extracted

Family

dridex

C2

176.126.243.82:443

167.114.122.37:691

66.34.201.20:8443

46.105.111.191:691

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 4 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9964db67176dea39fae2922636a42d8b246d6f5f8b900ec8811589baec74ff04.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3608
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9964db67176dea39fae2922636a42d8b246d6f5f8b900ec8811589baec74ff04.dll,#1
      2⤵
        PID:4568

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4568-130-0x0000000000000000-mapping.dmp

      Download

    • memory/4568-131-0x0000000002960000-0x00000000032C3000-memory.dmp

      Filesize

      9.4MB

      Download

    • memory/4568-132-0x0000000002960000-0x00000000032C3000-memory.dmp

      Filesize

      9.4MB

      Download

    • memory/4568-133-0x0000000002960000-0x0000000002981000-memory.dmp

      Filesize

      132KB

      Download

    • memory/4568-134-0x0000000002960000-0x00000000032C3000-memory.dmp

      Filesize

      9.4MB

      Download

    • memory/4568-136-0x0000000002961000-0x000000000298E000-memory.dmp

      Filesize

      180KB

      Download

    • memory/4568-139-0x0000000002960000-0x00000000032C3000-memory.dmp

      Filesize

      9.4MB

      Download