Analysis
-
max time kernel
92s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
26-06-2022 05:41
Static task
static1
Behavioral task
behavioral1
Sample
judpotp.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
judpotp.dll
-
Size
311KB
-
MD5
8e5596083fd4c3134204e905f7f66325
-
SHA1
6902210f93d3a940571cc860c4563cd4be14edb9
-
SHA256
8110e38afd33797465ab43841b1c54abff7a25acc30fa27c2623966750d34737
-
SHA512
e7084948b9f9bcb28f7c85a2812825d8012327bcfb5310f5759aebd585504624682187f9a6af86206295bfb4f1a9a178dc9322218b2e0a72e2cb3b8fcfb370e5
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
77.220.64.37:443
80.86.91.27:3308
5.100.228.233:3389
46.105.131.65:1512
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3148 wrote to memory of 1804 3148 rundll32.exe rundll32.exe PID 3148 wrote to memory of 1804 3148 rundll32.exe rundll32.exe PID 3148 wrote to memory of 1804 3148 rundll32.exe rundll32.exe