Analysis
-
max time kernel
91s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20-01-2024 15:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6ac4d91bc412bcaa719b91ee5a63c33b.dll
Resource
win7-20231215-en
windows7-x64
4 signatures
150 seconds
General
-
Target
6ac4d91bc412bcaa719b91ee5a63c33b.dll
-
Size
184KB
-
MD5
6ac4d91bc412bcaa719b91ee5a63c33b
-
SHA1
ea6810f38b109606d1661296118f7f68fa6432ac
-
SHA256
af8cc3de3c7c149a1f8e0d5d7530762cf75754547866f2da550f2d350ec315c7
-
SHA512
125778d3d38c1f0ac65e3eb26ffffc9f68d0402892ac0a3a93d81ef2489c7bdcf0ff8b42259ef1a505fbc21de995a6d1c05645abdb66690b75ad6f13d8721ff6
-
SSDEEP
3072:QcYhzpn9z75jWpmrL3gA99hXkKsorn+AOr4RFjvaT:QcIntom33RDvn+RrOr
Malware Config
Extracted
Family
dridex
Botnet
22203
C2
137.74.112.43:443
216.108.227.55:6225
94.177.176.51:5723
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/2312-1-0x0000000074B90000-0x0000000074BC0000-memory.dmp dridex_ldr -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2408 2312 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2488 wrote to memory of 2312 2488 rundll32.exe rundll32.exe PID 2488 wrote to memory of 2312 2488 rundll32.exe rundll32.exe PID 2488 wrote to memory of 2312 2488 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ac4d91bc412bcaa719b91ee5a63c33b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ac4d91bc412bcaa719b91ee5a63c33b.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 6123⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2312 -ip 23121⤵