Analysis
-
max time kernel
136s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
31-07-2022 05:08
Static task
static1
Behavioral task
behavioral1
Sample
dfbaq8x5.dll
Resource
win7-20220718-en
windows7-x64
5 signatures
150 seconds
General
-
Target
dfbaq8x5.dll
-
Size
525KB
-
MD5
eb477791471e3b4379f816cbf7bc7a56
-
SHA1
5ec761e52521bda659646ca1bb5cad605b3a98d3
-
SHA256
81a509915d240010326dae2581c7e584304c5a4f0f02d9ed4d9270e4193e83b1
-
SHA512
ed5d38339d0344b664e894fba4d0321b81f472556194f00287b684aa025bcaae210efbfecaa342e83a88d0729f8219950d45f4ebb9096f98f21142b025a6209c
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
169.255.216.36:443
138.201.138.91:3389
89.174.36.41:4643
87.106.89.36:3389
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3468 wrote to memory of 5024 3468 rundll32.exe rundll32.exe PID 3468 wrote to memory of 5024 3468 rundll32.exe rundll32.exe PID 3468 wrote to memory of 5024 3468 rundll32.exe rundll32.exe