dridex | ce6b05e2593182af90dc4e8fd315240bec81cf0734a2590ee864a05bbffb014c

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2022 05:15

Target

jpfnnl2g.dll
Size

518KB
MD5

153bc84ce38485a27ee114e9bcd4eef9
SHA1

821ced6f8b1083a085f224210f82c0f301887f7a
SHA256

ce6b05e2593182af90dc4e8fd315240bec81cf0734a2590ee864a05bbffb014c
SHA512

d9b0851d74424c348f530152332eed376b9231e0e9832588143d5dc39c5151d2e654c7931c1ba2a1098f0a3d077ec13aeaab9b174f8a2d4f870d87e43c536fcf

Score

10^/10

dridex 10444 botnet

Family

dridex

Botnet

10444

194.225.58.214:443

211.110.44.63:5353

69.164.207.140:3388

198.57.200.100:3786

rc4.plain

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 908 wrote to memory of 1476	908	regsvr32.exe	regsvr32.exe
PID 908 wrote to memory of 1476	908	regsvr32.exe	regsvr32.exe
PID 908 wrote to memory of 1476	908	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\jpfnnl2g.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:908

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\jpfnnl2g.dll
2⤵
PID:1476

memory/1476-130-0x0000000000000000-mapping.dmp

Download
memory/1476-131-0x0000000002200000-0x00000000022F8000-memory.dmp

Filesize
992KB

Download
memory/1476-132-0x0000000002200000-0x00000000022F8000-memory.dmp

Filesize
992KB

Download
memory/1476-133-0x0000000002200000-0x00000000022F8000-memory.dmp

Filesize
992KB

Download
memory/1476-134-0x0000000002200000-0x00000000022F8000-memory.dmp

Filesize
992KB

Download
memory/1476-135-0x0000000002200000-0x00000000022F8000-memory.dmp

Filesize
992KB

Download