Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
26-06-2022 05:19
Static task
static1
Behavioral task
behavioral1
Sample
agha25.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
agha25.dll
-
Size
538KB
-
MD5
04485fad82d561bffe7e83dd47d81d7f
-
SHA1
133e7eb3593afb3f05e1c1f72f525c10a237dcb6
-
SHA256
3f1ada78b282636a9edbac8f7fef7fe53e2ed62b2b732aed16e9ecfcb5cc04c7
-
SHA512
6d8fadc784c8d975dee3b87b1e8ba301ca2107b5452f772083d3f6845a274d79b5c773409180f89e51bea860e75df9886ae4a07b88480cd3fb6d14ebd57c97a6
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
77.220.64.146:443
85.25.134.43:8172
213.208.134.178:6516
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 4424 wrote to memory of 2420 4424 regsvr32.exe regsvr32.exe PID 4424 wrote to memory of 2420 4424 regsvr32.exe regsvr32.exe PID 4424 wrote to memory of 2420 4424 regsvr32.exe regsvr32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2420-130-0x0000000000000000-mapping.dmp
-
memory/2420-132-0x0000000075230000-0x00000000752C8000-memory.dmpFilesize
608KB
-
memory/2420-131-0x0000000075230000-0x000000007526D000-memory.dmpFilesize
244KB
-
memory/2420-134-0x0000000075230000-0x00000000752C8000-memory.dmpFilesize
608KB
-
memory/2420-135-0x0000000075230000-0x00000000752C8000-memory.dmpFilesize
608KB