Analysis
-
max time kernel
60s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
25-04-2024 18:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
27bbe7427232a77b70e1ca056f5d63da64a04d03b420c58c9cf0ac3b113e04d5.dll
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
General
-
Target
27bbe7427232a77b70e1ca056f5d63da64a04d03b420c58c9cf0ac3b113e04d5.dll
-
Size
180KB
-
MD5
89560f98fd5404f0dda37b026e33b6b4
-
SHA1
2b9d4dfd8f62d0e8679cd5a080500fbe799526e1
-
SHA256
27bbe7427232a77b70e1ca056f5d63da64a04d03b420c58c9cf0ac3b113e04d5
-
SHA512
2a85d8011b1ae1742de1c0507bf148ebd7e99216352e81f248609e6a0db20db15312bc429bad18eb25016bdd353dba66b789edaba43bccedb2d31f16273b3fa8
-
SSDEEP
3072:i3U+o/fwAUfM8+NmXhjlAZ+SWlxT5H3zipQIoZeErkxUNBG0:2UZYxfM8+YXfq+SOxTxjipQjzk3
Malware Config
Extracted
Family
dridex
Botnet
111
C2
94.126.8.2:443
81.2.235.131:1688
178.63.156.139:3388
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3208-0-0x0000000075760000-0x000000007578E000-memory.dmp dridex_ldr behavioral2/memory/3208-2-0x0000000075760000-0x000000007578E000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4428 wrote to memory of 3208 4428 rundll32.exe rundll32.exe PID 4428 wrote to memory of 3208 4428 rundll32.exe rundll32.exe PID 4428 wrote to memory of 3208 4428 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\27bbe7427232a77b70e1ca056f5d63da64a04d03b420c58c9cf0ac3b113e04d5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4428 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\27bbe7427232a77b70e1ca056f5d63da64a04d03b420c58c9cf0ac3b113e04d5.dll,#12⤵PID:3208
-