Analysis
-
max time kernel
55s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 23:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f065af55c510b2182792f5b3b60db6d8119d16115b64fc74fce7b1685178061b.dll
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
General
-
Target
f065af55c510b2182792f5b3b60db6d8119d16115b64fc74fce7b1685178061b.dll
-
Size
180KB
-
MD5
12288223f1aaf973f320d51e399affaf
-
SHA1
90148e1ed58dfa2043db612eecdcb99376cae56e
-
SHA256
f065af55c510b2182792f5b3b60db6d8119d16115b64fc74fce7b1685178061b
-
SHA512
0e950e382a8227ba0dc19a0a08539129ad4f7ca3e068f5614b3a447fa39747c260e48da7b7ccdfb776fe7e310994da8a2c2cb6316ef01d2507f9dc07316f4f25
-
SSDEEP
3072:x3U+o/fwAUfM8+NmXhjlAZ+SWlxT5H3zipQIoZeErkxUNBG0:ZUZYxfM8+YXfq+SOxTxjipQjzk3
Malware Config
Extracted
Family
dridex
Botnet
111
C2
94.126.8.2:443
81.2.235.131:1688
178.63.156.139:3388
rc4.plain
rc4.plain
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4960-0-0x0000000074FF0000-0x000000007501E000-memory.dmp dridex_ldr behavioral2/memory/4960-2-0x0000000074FF0000-0x000000007501E000-memory.dmp dridex_ldr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3740 wrote to memory of 4960 3740 rundll32.exe rundll32.exe PID 3740 wrote to memory of 4960 3740 rundll32.exe rundll32.exe PID 3740 wrote to memory of 4960 3740 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f065af55c510b2182792f5b3b60db6d8119d16115b64fc74fce7b1685178061b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f065af55c510b2182792f5b3b60db6d8119d16115b64fc74fce7b1685178061b.dll,#12⤵