Analysis
-
max time kernel
77s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
24-07-2022 16:52
Static task
static1
Behavioral task
behavioral1
Sample
92bdad4e9b6c4077ed84b4cb2d278650002660aa387a677bde64c4d4f6d8e01d.dll
Resource
win7-20220715-en
windows7-x64
2 signatures
150 seconds
General
-
Target
92bdad4e9b6c4077ed84b4cb2d278650002660aa387a677bde64c4d4f6d8e01d.dll
-
Size
368KB
-
MD5
291cc6e829519b5a980e5338621dcedb
-
SHA1
101098e15d6528da2f2be5b65b38c9a49608c22c
-
SHA256
92bdad4e9b6c4077ed84b4cb2d278650002660aa387a677bde64c4d4f6d8e01d
-
SHA512
22e23bba678ba7a7730a59b0be2e4d86faa0fe1810fea4f7e91fc48bf8cb12090bbbd4abb18afe9b2111ac71bd666470f6cdb9bd94f81163b8341c5804d5d933
Malware Config
Extracted
Family
dridex
C2
37.247.54.134:443
192.232.207.243:8443
82.165.38.218:691
188.166.73.181:1443
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 788 wrote to memory of 1204 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 1204 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 1204 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 1204 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 1204 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 1204 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 1204 788 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\92bdad4e9b6c4077ed84b4cb2d278650002660aa387a677bde64c4d4f6d8e01d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\92bdad4e9b6c4077ed84b4cb2d278650002660aa387a677bde64c4d4f6d8e01d.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1204-54-0x0000000000000000-mapping.dmp
-
memory/1204-55-0x0000000076601000-0x0000000076603000-memory.dmpFilesize
8KB
-
memory/1204-57-0x0000000074F40000-0x0000000074FAD000-memory.dmpFilesize
436KB
-
memory/1204-56-0x0000000074F40000-0x0000000074F5D000-memory.dmpFilesize
116KB
-
memory/1204-59-0x0000000074F40000-0x0000000074FAD000-memory.dmpFilesize
436KB