Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system -
submitted
20-03-2024 10:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d897190a3713e14ce47b2db39d044fd0.dll
Resource
win7-20240319-en
3 signatures
150 seconds
General
-
Target
d897190a3713e14ce47b2db39d044fd0.dll
-
Size
188KB
-
MD5
d897190a3713e14ce47b2db39d044fd0
-
SHA1
8de61bb2b3766e160cf29f965dc584915d6cc2a3
-
SHA256
471a7a83d1acb66092e5a6b207f79e149c67fdf420145e2715db8032381507ad
-
SHA512
4c75464d68f228014686e2ecfbcc54ce6b46ffa0caf2e7e8a83a40008ab56d6f81338da4c3ab99eeb452b77651206a0f4a19ccbccf5320a96585f2ef28b862f2
-
SSDEEP
3072:9A8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAoao:9zIqATVfQeV2FZalKq6jtGJWuTmd
Malware Config
Extracted
Family
dridex
Botnet
22201
C2
103.82.248.59:443
54.39.98.141:6602
103.109.247.8:10443
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2888-0-0x00000000755B0000-0x00000000755E0000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2180 wrote to memory of 2888 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2888 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2888 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2888 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2888 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2888 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2888 2180 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d897190a3713e14ce47b2db39d044fd0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d897190a3713e14ce47b2db39d044fd0.dll,#12⤵