Analysis
-
max time kernel
115s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
20-03-2024 14:49
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d9122be3fba93abdc717731f7a026633.dll
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
d9122be3fba93abdc717731f7a026633.dll
-
Size
188KB
-
MD5
d9122be3fba93abdc717731f7a026633
-
SHA1
d77f1139f9aa27292a4df4dbe595c2c3d7be80c3
-
SHA256
cb93f16f451948c5a30e97143a22af35547380b74ec33ab9b5c9c74df4778b75
-
SHA512
32285d7ae512d574d0c7c4f5cdceeab2f58a19072cccd9ca58b5c72a893c494bfaa3b30fe02fe69ab11244a9e650b45ba4c66d1402f6152a00f68cda860c722e
-
SSDEEP
3072:DA8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAojo:DzIqATVfQeV2FZalKq6jtGJWuTmd
Malware Config
Extracted
Family
dridex
Botnet
22201
C2
103.82.248.59:443
54.39.98.141:6602
103.109.247.8:10443
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1664-0-0x0000000075040000-0x0000000075070000-memory.dmp dridex_ldr -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 5004 1664 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4496 wrote to memory of 1664 4496 rundll32.exe rundll32.exe PID 4496 wrote to memory of 1664 4496 rundll32.exe rundll32.exe PID 4496 wrote to memory of 1664 4496 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9122be3fba93abdc717731f7a026633.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9122be3fba93abdc717731f7a026633.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 6923⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1664 -ip 16641⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3344 --field-trial-handle=3536,i,10914981530159316853,12381340356750224673,262144 --variations-seed-version /prefetch:81⤵