Analysis
-
max time kernel
141s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
26-03-2024 10:09
General
-
Target
dee8104c7a5df9170ba883a5da08ebda.dll
-
Size
188KB
-
MD5
dee8104c7a5df9170ba883a5da08ebda
-
SHA1
3d932e5616c7a1861ef53ba74fe7d5c093a75580
-
SHA256
d972ba69e48e949a06ef7b329837297d0a0dcf44c27653b20a980a4cb6c974a1
-
SHA512
ed8ac67ad5511615328e8d7ac843223721c023210179f12bb1dbaed6080a5fdb47aa33a7a54abcfb00628e9d0aa5bfbe50626b354b8e47a09f7544ae4bb05323
-
SSDEEP
3072:FH0uyjZqEpAK+Gf78TBdrXkTM5vhRg9Esf0DwvtyMpVnpA+z6tX8sxKViWt7dU:FUua/Pv7YNhRIEZDeXVpAxtMsxK
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
22201
C2
103.82.248.59:443
54.39.98.141:6602
103.109.247.8:10443
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dee8104c7a5df9170ba883a5da08ebda.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dee8104c7a5df9170ba883a5da08ebda.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 3003⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1104-0-0x00000000748E0000-0x0000000074910000-memory.dmpFilesize
192KB
-
memory/1104-1-0x0000000000120000-0x0000000000126000-memory.dmpFilesize
24KB