Analysis
-
max time kernel
140s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26-03-2024 14:53
General
-
Target
df6e7a558c69958a0d09ff613d3794fc.dll
-
Size
184KB
-
MD5
df6e7a558c69958a0d09ff613d3794fc
-
SHA1
113bc55303d4a334cfe311e365487f1976c4ffd2
-
SHA256
7cdc32bdf8afff4b354a150f300549f3b2cbbc8bc6a8d142e94aa25de2677d0f
-
SHA512
d0ac8875593058b0278c7a2502e0ac05f560de185562034fcf735ecd7c5349975ec2085a0be4b3321738e95bf75ab625c9b429f47d5eef2bbbe5177bbed05ae4
-
SSDEEP
3072:Dhd6lp2ffOeP3gv+i4W63iFfKfXM9mQltYwgO226+f33J7VQcY:D3fOeIv54W6SFKfc9me9v9/J7V
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
22201
C2
51.79.50.122:443
222.124.142.67:10443
138.201.222.158:4664
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\df6e7a558c69958a0d09ff613d3794fc.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\df6e7a558c69958a0d09ff613d3794fc.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 2883⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2176-0-0x0000000075330000-0x0000000075360000-memory.dmpFilesize
192KB
-
memory/2176-1-0x0000000000160000-0x0000000000166000-memory.dmpFilesize
24KB