Analysis
-
max time kernel
33s -
max time network
40s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
26-06-2022 05:41
Static task
static1
Behavioral task
behavioral1
Sample
judpotp.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
judpotp.dll
-
Size
311KB
-
MD5
8e5596083fd4c3134204e905f7f66325
-
SHA1
6902210f93d3a940571cc860c4563cd4be14edb9
-
SHA256
8110e38afd33797465ab43841b1c54abff7a25acc30fa27c2623966750d34737
-
SHA512
e7084948b9f9bcb28f7c85a2812825d8012327bcfb5310f5759aebd585504624682187f9a6af86206295bfb4f1a9a178dc9322218b2e0a72e2cb3b8fcfb370e5
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
77.220.64.37:443
80.86.91.27:3308
5.100.228.233:3389
46.105.131.65:1512
rc4.plain
rc4.plain
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 2 1904 rundll32.exe 4 1904 rundll32.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1796 wrote to memory of 1904 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1904 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1904 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1904 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1904 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1904 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1904 1796 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\judpotp.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\judpotp.dll,#12⤵
- Blocklisted process makes network request
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1904-54-0x0000000000000000-mapping.dmp
-
memory/1904-55-0x0000000075951000-0x0000000075953000-memory.dmpFilesize
8KB
-
memory/1904-56-0x00000000001D0000-0x000000000020D000-memory.dmpFilesize
244KB
-
memory/1904-57-0x00000000003C0000-0x00000000003FD000-memory.dmpFilesize
244KB