dridex | d1edb8387c2570a8d1979c748d466d5016454f7aaf4141895be6f6bdbf499bc7

Analysis

max time kernel
4s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 04:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

698d381098a0d8b9924e1e102051a85a.dll
Size

3.2MB
MD5

698d381098a0d8b9924e1e102051a85a
SHA1

2b74c2746df95710eaa40d3ba20ed754772228bb
SHA256

d1edb8387c2570a8d1979c748d466d5016454f7aaf4141895be6f6bdbf499bc7
SHA512

3d5173b9231e3f447a7eab5d326030cab4af2e81114e2ff7b026c333a88e0f708a21ad506a89b34856ee5f411485c215206d8e5524aef789998ef8b3fb63a751
SSDEEP

12288:xVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:AfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload trojan

Malware Config

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Shellcode 1 IoCs

Detects Dridex Payload shellcode injected in Explorer process.

botnet payload

resource	yara_rule
behavioral1/memory/1200-5-0x0000000002F20000-0x0000000002F21000-memory.dmp	dridex_stager_shellcode

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\698d381098a0d8b9924e1e102051a85a.dll,#1
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:2128

C:\Windows\system32\SystemPropertiesPerformance.exe
C:\Windows\system32\SystemPropertiesPerformance.exe
1⤵
PID:1536

C:\Users\Admin\AppData\Local\uc78TWJ8C\SystemPropertiesPerformance.exe
C:\Users\Admin\AppData\Local\uc78TWJ8C\SystemPropertiesPerformance.exe
1⤵
PID:2784

C:\Windows\system32\wermgr.exe
C:\Windows\system32\wermgr.exe
1⤵
PID:3028

C:\Users\Admin\AppData\Local\0HWja\wermgr.exe
C:\Users\Admin\AppData\Local\0HWja\wermgr.exe
1⤵
PID:2336

C:\Windows\system32\SndVol.exe
C:\Windows\system32\SndVol.exe
1⤵
PID:1944

C:\Users\Admin\AppData\Local\Otg\SndVol.exe
C:\Users\Admin\AppData\Local\Otg\SndVol.exe
1⤵
PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\0HWja\wer.dll

Filesize
9KB

MD5
5a317ef9e9ebb715ba791f9a08ac4480

SHA1
71880d34e3c2a7a26a8044ac4099a8e1d9254f36

SHA256
1b67bb5ff7439af40d7727abdafb4cdbbbf6a7f0fbba8043ce13f0269d28a61a

SHA512
40c79c2ac5eb556b2d78efaa1293a3e8b0fe9e0cdad93ddb0cee637517f52b3c11c4a67351858f2485e5f4a1c1aae66857c376379aa5700deadd3d150bcb3b04

Download Submit
C:\Users\Admin\AppData\Local\0HWja\wermgr.exe

Filesize
23KB

MD5
301fb7e28e404ae1fc5360beb313cacf

SHA1
085b4521fcdf893ed6e8df1e2af60fc752a9d449

SHA256
4f43e770d9b8178a7262ff342528cd7d8fe351cc1fbbd988d4a1552e64fcaa40

SHA512
a782deca829be07ab20b8f46f575d350ed481965d7983f9a51370d38005ddfa821d7056003597669f31a417463cbd8c7b1e42a02aed26090c1c61b9567e3e9ff

Download Submit
C:\Users\Admin\AppData\Local\Otg\SndVol.exe

Filesize
52KB

MD5
1eddf14c3d1f78b82c9b985c0c6f743e

SHA1
bcd198dffeac16ac219766a8c2170a40e4ad5b6d

SHA256
16e52d66645695a9dfc058b350e6b233d1fd4757f9ccf8cdda0856b21e1100ee

SHA512
594e28ac6b9d300335a674d2c3d7b1c9acefdb7b5f5c9d29aa15a1ca51aca1c914683bcdd03e156d3fd7134080c653311808a8e3029d73625e8dec602a85ca40

Download Submit
C:\Users\Admin\AppData\Local\Otg\SndVol.exe

Filesize
92KB

MD5
7e6478deb1d1d7b40ae19156ab55a83a

SHA1
bcbb3cea73d608a615e3e17b67858da5bc091717

SHA256
c25d49f4881b5c303556f37197e7baeedba22548b2cad708f544cd8c9aa63a0f

SHA512
ef63ac78f70a00c9dbddd1c12dfcbd75deb707413a5b4b3de5c58b40ca1576e13d7013fff1604209968c5921ab56d1d710012fcacd5059451b37ba27903d06e1

Download Submit
C:\Users\Admin\AppData\Local\Otg\UxTheme.dll

Filesize
68KB

MD5
61f13ad31e222d559c20fca88187fad4

SHA1
5406d9934d63c5da61bfda720fdaf95ade27cccb

SHA256
31ac00e686916c48b9f5033351a85cf7ebd7939801c644c7664c6fac4adf5fa4

SHA512
35c797d0e3de0889b7df36e1ca8150a841948a8a3445fa7289b707551c23b0879c01a6bdce354c2ccb9d3ae521c7635924703b09a8daff83716c42e9e124b75e

Download Submit
C:\Users\Admin\AppData\Local\uc78TWJ8C\SYSDM.CPL

Filesize
3KB

MD5
1d7a84b61650ce824dc1f0fb68a0a3a0

SHA1
414e0d245a23c4a7f4c91a9d319c015bc1ba9e6f

SHA256
04d4a60b3f43d2cf69f364c0dd65ef3669172b676e1cc0466c133faf3fcdd929

SHA512
2fbc8fedda2a14f080bdf4dfaed4852c5041fb21b7e63dc02c8ca3da5daaa435f2dd5d127f6444242b190bd2bac552c67e15e3bbe276f6e94361961ec8a777f2

Download Submit
C:\Users\Admin\AppData\Local\uc78TWJ8C\SystemPropertiesPerformance.exe

Filesize
48KB

MD5
6c5a453bf3804d172be57b3568d6bab6

SHA1
238f6cad2e876877166ded9619fe79759e59e664

SHA256
d224cfc0ea3954774d2d53a5dd9661f904d6e01c92e36b8ca521baa97c02cb31

SHA512
be14680f39c44ec98efbcfe8f9c0331c84a9104d9023c960e4d7cee1b50dd158a4c03d76737e939cdd272ee8b29ef5177e59865d51ccb86deff32a353bbc8cc3

Download Submit
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Tiizeasb.lnk

Filesize
1KB

MD5
ffeafc6bbccd773695f772c46782b8f2

SHA1
132c3a638092fc9baba8550962fcfbaf59a1b0a8

SHA256
3eb72cc1e2eb979d04d1ac9a63a9a406187294d348b61652e39efdb4f27b84f5

SHA512
1f6bd0ac7f768abcca67611cddf850129b50767441064326b031c9bd69fa857f4c1c7507c34dfa09c3082c4fcaccc1ce9e1171b970a991d832ca794ee38d8530

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\NTN9XaL\SYSDM.CPL

Filesize
97KB

MD5
fd3d7a4ff01e8e60f9f05becdee70909

SHA1
e51ece52ee66f0e7164b5be6f59ee799c0ba2ae0

SHA256
f025875fd580b3505e6759520dc7f83be0d85ad5d02c66478fc1bd81b210c630

SHA512
f658fb61d804c055f59417c0ab7b8451ab6df49f0b294d17aa748fd73deb427f1a1203cd17600a8cac6cbb4f8b0e84e3a6593b0ec4b65b0cd544cf4312e9f8e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\NTN9XaL\SystemPropertiesPerformance.exe

Filesize
1KB

MD5
531c9ce95bd42ec1fd100723eaa210f7

SHA1
71c72028a744e9628fecd70a188ac2632151aa09

SHA256
a60166b01ca1dbee3c5370d9140562ee72d7da880a1cda442ed30dc0f5223f9b

SHA512
f3cf55810aeb065f85ca84894715bb302bc054b1247aefe28c0e80dd6e00bb6d3cfb1430a7646298d2f9bb9b518efd602ba03c166ab62ef8cd551a9062426d4f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\LZ\wer.dll

Filesize
7KB

MD5
8df7dcd52769b9c6a7d7613d6a83c787

SHA1
8ee8bfb90e7ed6421bed0b28bea3b5be0f4e7bf0

SHA256
338e450c2de8b63e3e3e89f9e4fa941847b8383568077b3918fa3ed6bec91198

SHA512
f9153d21e4438ac6cdfc6178883f0092d6e99742345dc7207ced589e7f3632ab4448c6497e0a1f36e11499435d50154d1b93d00afa31c8f787d442c8adf95dc6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\LZ\wermgr.exe

Filesize
49KB

MD5
41df7355a5a907e2c1d7804ec028965d

SHA1
453263d230c6317eb4a2eb3aceeec1bbcf5e153d

SHA256
207bfec939e7c017c4704ba76172ee2c954f485ba593bc1bc8c7666e78251861

SHA512
59c9d69d3942543af4f387137226516adec1a4304bd5696c6c1d338f9e5f40d136450907351cce018563df1358e06a792005167f5c08c689df32d809c4cebdcf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\7vkg\UxTheme.dll

Filesize
144KB

MD5
6403782395d31a464f53e8d7ff67e5fe

SHA1
bd95b0db3fee538c09dad60364387be641ab0f41

SHA256
d1dba10986026c2363813c95ab0a2c12dd2b9014ea0216b34e3132049df98afd

SHA512
99c4b1483256994d1b712a7abbe4659c215289272638d1132914643492d177862dfd8e5c8f851f2ba5fb2728a66e9b9f1666508d53b8922375b93882cbda64be

Download Submit
\Users\Admin\AppData\Local\0HWja\wer.dll

Filesize
1KB

MD5
eef43eec8e47f87897e6f45dd5cf95aa

SHA1
b3992af0bd4b5f786f9523aeb229840bdffe71cc

SHA256
5f4d003865b96adfea30c7ce8521c640204d857900829fe1f043d286a6bca9c3

SHA512
4d6fe7b3f086fd1536b457d961a83e42b28dabd56287f5bafb084b65cad94df2d422f190dfbf0e20b5968d0c9589ad7bfd4e06fdff99ded0a7aab9ad324f3728

Download Submit
\Users\Admin\AppData\Local\0HWja\wermgr.exe

Filesize
1KB

MD5
140ff3d842e07138ff07a4a6cb949419

SHA1
84dcaafe8a33b40e7550bd405de5be978b859c60

SHA256
e52f166f84f822fa2a798f6d682a7327338d4ed1f90f6a45ac960d47ed9511ae

SHA512
df3af260b32c3391e0642be8c22397d0cebb5d42718b5938d5a69492431fbcc7d0d6a9eaf4424efa0844d8472d84fe5be941cbef50f931d7d05cd197f9f5e322

Download Submit
\Users\Admin\AppData\Local\Otg\SndVol.exe

Filesize
65KB

MD5
941dc30f2b00e04c9f37f8be547bb7b4

SHA1
1596c61735a469107926b550647cc2df038235c7

SHA256
66568800211f14708f2772d6922a528880d6a3097bc612dadde6285776ea6e19

SHA512
ef2f9333da7611bca803fb9fe44a74a39ca79cac92f90e499da8ca22f448ec2a3d639fe969fd5b8c5128285680bb231b5b1837f734acfc7503dcc7b1c8a62c32

Download Submit
\Users\Admin\AppData\Local\Otg\UxTheme.dll

Filesize
127KB

MD5
ffbe25095da627821ee6fbd791a206c0

SHA1
bf0d297b2934427d8993007f5384c4e003fe641e

SHA256
8033f26980168281336531ae132d5d4de40fe40e3b73cf01e301b531b2ee8140

SHA512
70c3957c216c455cf3da2d4881370496f99b83ec309776d6703192c28da6f7b148416a28cf22048c482bdc38d9824cfd66b0a689317bd6c4fbe4c65f292f6d3f

Download Submit
\Users\Admin\AppData\Local\uc78TWJ8C\SYSDM.CPL

Filesize
56KB

MD5
a4fede14d4722ea6ded5140a4687f5f5

SHA1
5d0a12d71184999a0300cd482b579cc14d4a0d81

SHA256
b80b0867486ba96f60bc6dea0ca76b2c1448f220fbd4609902cd6f15512dff56

SHA512
5be96a198d58cdbe201e2a8436589bcb1854983d475370bb380944b5c8bf7b37cd83e038f730f2c48f6b1fcee1177c7a75c90ec27bc52d4c5b7862a085100940

Download Submit
\Users\Admin\AppData\Local\uc78TWJ8C\SystemPropertiesPerformance.exe

Filesize
28KB

MD5
6b3d97bb0d88ac5767e26e425c2d2b48

SHA1
d83618593ca38449e30d380362165041897d8873

SHA256
358c32d9d23da9381bb14896f6559b2efed291d7e4e241fdf009124cfef16efe

SHA512
c75846b337a28542039906d750ccd058cfcb471876f25421978113743399e071de3cf3ebc77693fa92ed7044ab8a64def46756f32873193f466f1232ea6bb2d1

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\7vkg\SndVol.exe

Filesize
49KB

MD5
57892d91c893a4df28a0007aed93857d

SHA1
2260e30bf1c4db981fa08d8389c18b99d1b883c2

SHA256
0838792112e568061f82dfd10ef300f030bfc346dfcc763c7d04c56975fb1a79

SHA512
4c21baedb6bfc25f499348f26b77953522b0de514021c3e3d63c160218f4aecc235d1074a413f961d91f5d8655438b4d9f56c746310f320c5d36e5f952890a25

Download Submit
memory/1200-59-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-25-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-4-0x0000000077646000-0x0000000077647000-memory.dmp

Filesize
4KB

Download
memory/1200-57-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-56-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-55-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-54-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-53-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-51-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-50-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-49-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-48-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-78-0x00000000779B0000-0x00000000779B2000-memory.dmp

Filesize
8KB

Download
memory/1200-5-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/1200-77-0x0000000077851000-0x0000000077852000-memory.dmp

Filesize
4KB

Download
memory/1200-61-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-63-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-46-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-45-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-44-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-43-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-42-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-40-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-39-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-38-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-37-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-36-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-34-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-33-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-32-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-31-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-30-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-28-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-27-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-26-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-60-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-24-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-22-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-21-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-20-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-19-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-18-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-17-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-16-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-71-0x0000000002F00000-0x0000000002F07000-memory.dmp

Filesize
28KB

Download
memory/1200-14-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-64-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-65-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-62-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-58-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-13-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-12-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-11-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-10-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-9-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-7-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-52-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-47-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-166-0x0000000077646000-0x0000000077647000-memory.dmp

Filesize
4KB

Download
memory/1200-41-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-35-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-29-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-23-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1200-15-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/1816-138-0x0000000000100000-0x0000000000107000-memory.dmp

Filesize
28KB

Download
memory/2128-8-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/2128-0-0x0000000140000000-0x000000014033A000-memory.dmp

Filesize
3.2MB

Download
memory/2128-1-0x0000000000290000-0x0000000000297000-memory.dmp

Filesize
28KB

Download
memory/2784-105-0x0000000000180000-0x0000000000187000-memory.dmp

Filesize
28KB

Download