Overview

overview

10

Static

static

1

d66304251f...77.dll

windows7-x64

10

d66304251f...77.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-03-2023 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d66304251f3407d1840065b40662280acc909c3972fb93f99fa07a47c3221b77.dll

  • Size

    492KB

  • MD5

    b07b51f2aaec02e2b4200e028a726442

  • SHA1

    fb3d5e9fc43aea2f11748a7ea214b0f95e61a7bd

  • SHA256

    d66304251f3407d1840065b40662280acc909c3972fb93f99fa07a47c3221b77

  • SHA512

    d9295f4550b8a71f2e7cd66e983620e2c4974c27fc60bfa49bda76de31ae74a05a889c8c6f5c2d93a1faeb4c2f0318ff0e778a6291bbc9bbf283e5106f50a51e

  • SSDEEP

    12288:zlJId4XKBKjWgm1dLnROcuDgxrPwTPwf5w3Nw9PAv:z/uMGtnRzx0sK2iv

Score
10/10
dridex22202botnetloader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

51.83.47.27:443

82.98.180.154:6602

159.65.88.10:4664

91.121.146.47:10443
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d66304251f3407d1840065b40662280acc909c3972fb93f99fa07a47c3221b77.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d66304251f3407d1840065b40662280acc909c3972fb93f99fa07a47c3221b77.dll,#1
      2⤵
        PID:4688
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 664
          3⤵
          • Program crash
          PID:2116
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4688 -ip 4688
      1⤵
        PID:3856

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4688-133-0x00000000749A0000-0x0000000074A1D000-memory.dmp
        Filesize

        500KB

        Download
      • memory/4688-134-0x0000000000FE0000-0x0000000000FE6000-memory.dmp
        Filesize

        24KB

        Download