Analysis
-
max time kernel
103s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
26-06-2022 05:40
Static task
static1
Behavioral task
behavioral1
Sample
jdfggo.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
jdfggo.dll
-
Size
328KB
-
MD5
6e6533fa01c0c32dac8c1cab8dc73dbc
-
SHA1
44c67e51fbeb6b0c8bc26cf7d21223403cac4215
-
SHA256
14cf7f5e94dba384b0e31ad0917b6825b9f9791625059cc8b3c0db43931c9cc9
-
SHA512
270bdf93dbd36c946fbc45020619c3ed31d46e659c7ff9d8cb28d9d713a30bb78e7d3d2fed4069a5420ecbea61d4cbeff44bd7d0b6afb6caeb43fb5ff12c8a24
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
45.79.8.25:443
185.201.9.197:9443
217.160.78.166:4664
108.175.9.22:33443
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/868-131-0x0000000074CF0000-0x0000000074D42000-memory.dmp dridex_ldr_dmod -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1736 wrote to memory of 868 1736 rundll32.exe rundll32.exe PID 1736 wrote to memory of 868 1736 rundll32.exe rundll32.exe PID 1736 wrote to memory of 868 1736 rundll32.exe rundll32.exe