Analysis
-
max time kernel
187s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
26-06-2022 06:00
Static task
static1
Behavioral task
behavioral1
Sample
se12y5vm.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
se12y5vm.dll
-
Size
311KB
-
MD5
7750ba949e4b090260827a4d8be63efc
-
SHA1
ee0e268bfa0e49591dcf77f32d7da94515d03c82
-
SHA256
8521e047f78ccf64777d40e44fb86a95f900e0ed594bb4f01cc6802ff412c536
-
SHA512
464c3ac243bb8b3bad6419d10d5c9112dbb658e13256b722325bb42bcb11c464192683cb814568ecb431bf28aa3b58cbd7061f8c273b5ee3ac700948876eb315
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
77.220.64.37:443
80.86.91.27:3308
5.100.228.233:3389
46.105.131.65:1512
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2420 wrote to memory of 5048 2420 rundll32.exe rundll32.exe PID 2420 wrote to memory of 5048 2420 rundll32.exe rundll32.exe PID 2420 wrote to memory of 5048 2420 rundll32.exe rundll32.exe