Analysis
-
max time kernel
141s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2023 12:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
fjokw7.dll
Resource
win7-20230621-en
2 signatures
150 seconds
General
-
Target
fjokw7.dll
-
Size
538KB
-
MD5
8f83a5eaed1994d1a87fa16d77ad7833
-
SHA1
0f3da89a227960d1a87065f02428857c32a39b89
-
SHA256
67c1e48e17bc9e35b50e642ac99e475e1a6faee03ca671cea409bed644287580
-
SHA512
25d0a2c0f3d2885ce3f21a26f7a8b9e1e75aec5cc69f42dc4f9314805e900dd5f0f9149cee750489bb6aeac06dfdf2b7dd15d6fbfeab08c25d183d64257188ad
-
SSDEEP
6144:m6bDGn5U0EV3GbQM/UOq+ZbFN5LFv1ZW7F37RWCFACc3Np/BhII3ZqrKV1aNGH8B:72C06YQCpZlB8sCwEr5N9
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
77.220.64.146:443
85.25.134.43:8172
213.208.134.178:6516
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 4308 wrote to memory of 4588 4308 regsvr32.exe regsvr32.exe PID 4308 wrote to memory of 4588 4308 regsvr32.exe regsvr32.exe PID 4308 wrote to memory of 4588 4308 regsvr32.exe regsvr32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4588-133-0x0000000075090000-0x0000000075128000-memory.dmpFilesize
608KB
-
memory/4588-135-0x0000000075090000-0x0000000075128000-memory.dmpFilesize
608KB
-
memory/4588-136-0x0000000001280000-0x0000000001281000-memory.dmpFilesize
4KB
-
memory/4588-137-0x0000000075090000-0x0000000075128000-memory.dmpFilesize
608KB