Analysis
-
max time kernel
171s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
31-07-2022 05:11
Static task
static1
Behavioral task
behavioral1
Sample
fpkq9d.dll
Resource
win7-20220715-en
windows7-x64
2 signatures
150 seconds
General
-
Target
fpkq9d.dll
-
Size
848KB
-
MD5
c172dffca245d2a779b6231ee0746134
-
SHA1
c1534cfccfc431b817cd16600cee32d3b52e980d
-
SHA256
1a38b43a61cad2fba9077942ee0abd2fa55cba21cf52a90603bbfed39147a22a
-
SHA512
cc128c989beef8d8de3de7537296c46e42ecc17fd22c2811734ae382ebc024ac0fdb369df72f1bc6e784aba8b18808743c6a35cac9295863831670e4add13ee2
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 4572 wrote to memory of 4640 4572 regsvr32.exe regsvr32.exe PID 4572 wrote to memory of 4640 4572 regsvr32.exe regsvr32.exe PID 4572 wrote to memory of 4640 4572 regsvr32.exe regsvr32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4640-130-0x0000000000000000-mapping.dmp
-
memory/4640-131-0x00000000757B0000-0x0000000075892000-memory.dmpFilesize
904KB
-
memory/4640-133-0x00000000757B0000-0x0000000075892000-memory.dmpFilesize
904KB
-
memory/4640-132-0x00000000757B0000-0x00000000757ED000-memory.dmpFilesize
244KB
-
memory/4640-135-0x00000000757B0000-0x0000000075892000-memory.dmpFilesize
904KB