Analysis
-
max time kernel
101s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
15-08-2024 09:40
General
-
Target
17f5e539c0275c14794fa25a2b099f00N.dll
-
Size
184KB
-
MD5
17f5e539c0275c14794fa25a2b099f00
-
SHA1
9542726cc5fe94fd8de942e64d38a969f25c973f
-
SHA256
753cc3433e057b0dec4de788d4db68986ad02b6ae2e0b2fc12a3735a34db349f
-
SHA512
6261dc91a5a57816f54754a65b8cd1a01e217902a726a78da869a7d68424b9c09477490007a34a68ab42f5d8421aa02953eb9b2e0defe6555a96d984905fd66b
-
SSDEEP
3072:QJQ6H3ykY88YOSs+k1TwEuTcMIznNuOzlr1Xznku9Luk0eJww8JEa//2uFrSc:tfYOX+wTScR/Xzku9LVw/uG
Malware Config
Extracted
dridex
22201
80.241.218.90:443
103.161.172.109:13786
87.98.128.76:5723
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 2 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\17f5e539c0275c14794fa25a2b099f00N.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\17f5e539c0275c14794fa25a2b099f00N.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 6163⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4512 -ip 45121⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
24KB