Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
26-03-2024 18:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
dfca69fe1e634e92696b13032383eac6.dll
Resource
win7-20240220-en
windows7-x64
4 signatures
150 seconds
General
-
Target
dfca69fe1e634e92696b13032383eac6.dll
-
Size
188KB
-
MD5
dfca69fe1e634e92696b13032383eac6
-
SHA1
389b1dfdd56714d4e23145775e424f085e9b8b33
-
SHA256
e84da0c917c8406ad24610577a6b1884aa71aa090062f68b0ef5f28b2ee7a01b
-
SHA512
c4cc132ce3bca4c99d231847109a1c81b72d9f2000d2b7b6cb60676a19ab505d8cfc126d5414441ae52968835d8487329d2bacf587fb1d2a0a7969fdc9c4a84b
-
SSDEEP
3072:9A8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAoto:9zIqATVfQeV2FZalKq6jtGJWuTmd
Malware Config
Extracted
Family
dridex
Botnet
22201
C2
103.82.248.59:443
54.39.98.141:6602
103.109.247.8:10443
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/8-0-0x0000000074BA0000-0x0000000074BD0000-memory.dmp dridex_ldr -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 400 8 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1476 wrote to memory of 8 1476 rundll32.exe rundll32.exe PID 1476 wrote to memory of 8 1476 rundll32.exe rundll32.exe PID 1476 wrote to memory of 8 1476 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dfca69fe1e634e92696b13032383eac6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dfca69fe1e634e92696b13032383eac6.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8 -s 6923⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 8 -ip 81⤵