Analysis
-
max time kernel
48s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23-04-2024 12:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
General
-
Target
43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll
-
Size
180KB
-
MD5
fa79a77a543c98f91750d3ef0e96e75b
-
SHA1
516c9817fe52108cc1594bf9700d9ca57e386433
-
SHA256
43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2
-
SHA512
a8e3d30fe47952d1e79dce48075324b7b6728d46a88e50873bde91a60d0152ed6bb9dff14f5c99f5e2d8e2f8f76a5eed193cbe4cef70902ac4deb8736b0a7bbe
-
SSDEEP
3072:13U+o/fwAUfM8+NmXhjlAZ+SWlxT5H3zipQIoZeErkxUNBG0:FUZYxfM8+YXfq+SOxTxjipQjzk3
Malware Config
Extracted
Family
dridex
Botnet
111
C2
94.126.8.2:443
81.2.235.131:1688
178.63.156.139:3388
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/5112-0-0x0000000075530000-0x000000007555E000-memory.dmp dridex_ldr behavioral2/memory/5112-2-0x0000000075530000-0x000000007555E000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1440 wrote to memory of 5112 1440 rundll32.exe rundll32.exe PID 1440 wrote to memory of 5112 1440 rundll32.exe rundll32.exe PID 1440 wrote to memory of 5112 1440 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\43cef6768af422a8581134dd9f912c3dbfa566d30cad58d270e151f4c877dbf2.dll,#12⤵