Analysis
-
max time kernel
141s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-04-2024 13:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ce6b05e2593182af90dc4e8fd315240bec81cf0734a2590ee864a05bbffb014c.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
General
-
Target
ce6b05e2593182af90dc4e8fd315240bec81cf0734a2590ee864a05bbffb014c.dll
-
Size
518KB
-
MD5
153bc84ce38485a27ee114e9bcd4eef9
-
SHA1
821ced6f8b1083a085f224210f82c0f301887f7a
-
SHA256
ce6b05e2593182af90dc4e8fd315240bec81cf0734a2590ee864a05bbffb014c
-
SHA512
d9b0851d74424c348f530152332eed376b9231e0e9832588143d5dc39c5151d2e654c7931c1ba2a1098f0a3d077ec13aeaab9b174f8a2d4f870d87e43c536fcf
-
SSDEEP
12288:B+8mHYABWaGPleAupQFpa7M5YXsXx5pgKB/Z:RmHBXGPlcQF87M5fBHBZ
Malware Config
Extracted
Family
dridex
Botnet
10444
C2
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
rc4.plain
rc4.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2796 wrote to memory of 1804 2796 regsvr32.exe regsvr32.exe PID 2796 wrote to memory of 1804 2796 regsvr32.exe regsvr32.exe PID 2796 wrote to memory of 1804 2796 regsvr32.exe regsvr32.exe PID 2796 wrote to memory of 1804 2796 regsvr32.exe regsvr32.exe PID 2796 wrote to memory of 1804 2796 regsvr32.exe regsvr32.exe PID 2796 wrote to memory of 1804 2796 regsvr32.exe regsvr32.exe PID 2796 wrote to memory of 1804 2796 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\ce6b05e2593182af90dc4e8fd315240bec81cf0734a2590ee864a05bbffb014c.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\ce6b05e2593182af90dc4e8fd315240bec81cf0734a2590ee864a05bbffb014c.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1804-0-0x0000000001E30000-0x0000000001F28000-memory.dmpFilesize
992KB
-
memory/1804-1-0x0000000001E30000-0x0000000001F28000-memory.dmpFilesize
992KB
-
memory/1804-2-0x0000000001E30000-0x0000000001F28000-memory.dmpFilesize
992KB
-
memory/1804-3-0x0000000001E30000-0x0000000001F28000-memory.dmpFilesize
992KB
-
memory/1804-7-0x0000000001E30000-0x0000000001F28000-memory.dmpFilesize
992KB