Analysis
-
max time kernel
70s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
23-04-2024 12:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll
Resource
win7-20231129-en
3 signatures
150 seconds
General
-
Target
43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll
-
Size
180KB
-
MD5
fa79a77a543c98f91750d3ef0e96e75b
-
SHA1
516c9817fe52108cc1594bf9700d9ca57e386433
-
SHA256
43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2
-
SHA512
a8e3d30fe47952d1e79dce48075324b7b6728d46a88e50873bde91a60d0152ed6bb9dff14f5c99f5e2d8e2f8f76a5eed193cbe4cef70902ac4deb8736b0a7bbe
-
SSDEEP
3072:13U+o/fwAUfM8+NmXhjlAZ+SWlxT5H3zipQIoZeErkxUNBG0:FUZYxfM8+YXfq+SOxTxjipQjzk3
Malware Config
Extracted
Family
dridex
Botnet
111
C2
94.126.8.2:443
81.2.235.131:1688
178.63.156.139:3388
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2316-0-0x0000000075450000-0x000000007547E000-memory.dmp dridex_ldr behavioral1/memory/2316-2-0x0000000075450000-0x000000007547E000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2284 wrote to memory of 2316 2284 rundll32.exe rundll32.exe PID 2284 wrote to memory of 2316 2284 rundll32.exe rundll32.exe PID 2284 wrote to memory of 2316 2284 rundll32.exe rundll32.exe PID 2284 wrote to memory of 2316 2284 rundll32.exe rundll32.exe PID 2284 wrote to memory of 2316 2284 rundll32.exe rundll32.exe PID 2284 wrote to memory of 2316 2284 rundll32.exe rundll32.exe PID 2284 wrote to memory of 2316 2284 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll,#12⤵