Analysis
-
max time kernel
157s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 08:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
139885b1aba103f5ef1ad3f202dd4939.dll
Resource
win7-20231215-en
windows7-x64
4 signatures
150 seconds
General
-
Target
139885b1aba103f5ef1ad3f202dd4939.dll
-
Size
188KB
-
MD5
139885b1aba103f5ef1ad3f202dd4939
-
SHA1
83309811304635ea2f1158faba8d555e155143d6
-
SHA256
e3286caa8b6c0ece597f2b087a6a9809d85c5534ac4c7d2ff6aa8146d5b5e12b
-
SHA512
8bb9de9e4c5ba34ac35a4a8b7f3c8e5587f00a348860b450b9bb3b3829054d0a4612a3c13ca8112002f40131d8cb8eb1a80da3fd30376044d77e74a9c9e5ed08
-
SSDEEP
3072:zA8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAoEo:zzIqATVfQeV2FZalKq6jtGJWuTmd
Malware Config
Extracted
Family
dridex
Botnet
22201
C2
103.82.248.59:443
54.39.98.141:6602
103.109.247.8:10443
rc4.plain
rc4.plain
Signatures
-
resource yara_rule behavioral2/memory/2224-1-0x0000000075390000-0x00000000753C0000-memory.dmp dridex_ldr behavioral2/memory/2224-3-0x0000000075390000-0x00000000753C0000-memory.dmp dridex_ldr -
Program crash 1 IoCs
pid pid_target Process procid_target 592 2224 WerFault.exe 88 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4720 wrote to memory of 2224 4720 rundll32.exe 88 PID 4720 wrote to memory of 2224 4720 rundll32.exe 88 PID 4720 wrote to memory of 2224 4720 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\139885b1aba103f5ef1ad3f202dd4939.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\139885b1aba103f5ef1ad3f202dd4939.dll,#12⤵PID:2224
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 6883⤵
- Program crash
PID:592
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2224 -ip 22241⤵PID:1372