Overview

overview

10

Static

static

3

d9122be3fb...33.dll

windows7-x64

10

d9122be3fb...33.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-03-2024 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d9122be3fba93abdc717731f7a026633.dll

  • Size

    188KB

  • MD5

    d9122be3fba93abdc717731f7a026633

  • SHA1

    d77f1139f9aa27292a4df4dbe595c2c3d7be80c3

  • SHA256

    cb93f16f451948c5a30e97143a22af35547380b74ec33ab9b5c9c74df4778b75

  • SHA512

    32285d7ae512d574d0c7c4f5cdceeab2f58a19072cccd9ca58b5c72a893c494bfaa3b30fe02fe69ab11244a9e650b45ba4c66d1402f6152a00f68cda860c722e

  • SSDEEP

    3072:DA8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAojo:DzIqATVfQeV2FZalKq6jtGJWuTmd

Score
10/10
dridex22201botnetloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.82.248.59:443

54.39.98.141:6602

103.109.247.8:10443
rc4.plain
rc4.plain

Signatures

  • Dridex

    Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    botnetdridex
  • Dridex Loader 1 IoCs

    Detects Dridex both x86 and x64 loader in memory.

    botnetloader
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9122be3fba93abdc717731f7a026633.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4496
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9122be3fba93abdc717731f7a026633.dll,#1
      2⤵
        PID:1664
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 692
          3⤵
          • Program crash
          PID:5004
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1664 -ip 1664
      1⤵
        PID:3264
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3344 --field-trial-handle=3536,i,10914981530159316853,12381340356750224673,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4876

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1664-0-0x0000000075040000-0x0000000075070000-memory.dmp
          Filesize

          192KB

          Download
        • memory/1664-1-0x00000000028A0000-0x00000000028A6000-memory.dmp
          Filesize

          24KB

          Download