dridex | 7c5e216954042551a62e65b75b021e27d4d86a814dd36003caef2925e7bfc4a3

Analysis

max time kernel
17s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 17:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fd3c39a72d024833abfc4ffa2c7b6200.dll
Size

1.7MB
MD5

fd3c39a72d024833abfc4ffa2c7b6200
SHA1

1667b1adb7b2ec5bddbe58321a67200b5335249b
SHA256

7c5e216954042551a62e65b75b021e27d4d86a814dd36003caef2925e7bfc4a3
SHA512

0ee543473cee8f69397174cf32191e696d9e6050996459ee7782ca94e135a7ce263d36cc284fe49b9eac8b5ea57e3ba7fa8317cdc01fcacdc568871543430986
SSDEEP

12288:7VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:afP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score

10^/10

dridex botnet evasion payload trojan

Malware Config

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Shellcode 1 IoCs

Detects Dridex Payload shellcode injected in Explorer process.

botnet payload

resource	yara_rule
behavioral2/memory/3136-5-0x00000000023B0000-0x00000000023B1000-memory.dmp	dridex_stager_shellcode

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1304	rundll32.exe
1304	rundll32.exe
1304	rundll32.exe
1304	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd3c39a72d024833abfc4ffa2c7b6200.dll,#1
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:1304

C:\Windows\system32\dialer.exe
C:\Windows\system32\dialer.exe
1⤵
PID:436

C:\Users\Admin\AppData\Local\Sm7b\dialer.exe
C:\Users\Admin\AppData\Local\Sm7b\dialer.exe
1⤵
PID:1208

C:\Windows\system32\mspaint.exe
C:\Windows\system32\mspaint.exe
1⤵
PID:2896

C:\Users\Admin\AppData\Local\sjahLv5b\mspaint.exe
C:\Users\Admin\AppData\Local\sjahLv5b\mspaint.exe
1⤵
PID:2788

C:\Windows\system32\sessionmsg.exe
C:\Windows\system32\sessionmsg.exe
1⤵
PID:4648

C:\Users\Admin\AppData\Local\73e\sessionmsg.exe
C:\Users\Admin\AppData\Local\73e\sessionmsg.exe
1⤵
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\73e\DUI70.dll

Filesize
57KB

MD5
7af9e15cbedff0121872771e10a2ece6

SHA1
41529f7a225191fcda0186c58272735e8b9bfefe

SHA256
9a30c5a8f723bbc56100ee0b71edb70ccdcab435bad960aef9f6647f41a8a492

SHA512
0a982fcba1e7033f38fe73a45383ea1d955c61cb1c5241195f1409bbe62ec8b2f6958fa825c5ba74b946de5f44e10e468e75776615d20c960583e937871ff9c7

Download Submit
C:\Users\Admin\AppData\Local\73e\DUI70.dll

Filesize
39KB

MD5
ee8a747f1b72dca7992487ada5a55b23

SHA1
c391864886d1c4ed539a125764a56d6f22bc4a4c

SHA256
21a7f95e7822a35d41174aab93920f141354259e275d26f9e31b809db052122f

SHA512
df708204aa4c9dfd058e623c7afd0c6cc9f70e717f23bc72aacf296befd2e702fba2295907157499083268cad957df9c3bc4005d8133eff3bc0e6980ca3d344d

Download Submit
C:\Users\Admin\AppData\Local\73e\sessionmsg.exe

Filesize
25KB

MD5
3812de7acd91d277e77d8f569a6c80ce

SHA1
fc91bfc96274f564339d08d70ec5378383d53ad7

SHA256
cada89dd141916f5f1e6e8ab5fa79431b504857c045ce4b4ee757e9f4fe3a8c2

SHA512
23e10d5ab88736e261d6a1c00e7b05ab8c3a2f28180f9766323129ffa6651fdaa86bce93698c73e60cc1625c225f2ed9cfdfb05d6465aaacc8355a974f8d42ed

Download Submit
C:\Users\Admin\AppData\Local\73e\sessionmsg.exe

Filesize
38KB

MD5
1c8a5a1f7cd7828e9e4676640e01c12e

SHA1
72fd5c2e7222f455cb6be2cb3f38ddd86aaa3d76

SHA256
26c9e2005dc62665e3c24ffd642179c43019dc7dcaefe2f48d000f5b34cf5601

SHA512
46fc4bfc7742203c9cc43f2c52da9f468b165c8c5a6a89050239710bac2fad91fb382fc1ea3b2b828f064b659b534398970fa9b2de280930a34a9498bf0f179f

Download Submit
C:\Users\Admin\AppData\Local\Sm7b\TAPI32.dll

Filesize
36KB

MD5
29629743b38632c594468ca8f473db4a

SHA1
a3f8f5ffbcf1466b753a258c873d43ff2c7fa0a6

SHA256
f1edc329583fbf1b62612632e82d547ea5b5abb2f92632bf7ea33a74676a1d42

SHA512
7b292e628c577689555871920a91c72e0121316de0edbf8245b79bec4d7f74a89ca91bb499efbc5a182915d41b6e34c35a7d9ba69536bf50063162a5c25adcab

Download Submit
C:\Users\Admin\AppData\Local\Sm7b\TAPI32.dll

Filesize
83KB

MD5
1e7f700651167dda74ea8ff4a7581e90

SHA1
99a6301f769b6a980e6023b78a0b14fb3fc5f9f9

SHA256
c8f389d608c1f50b77aadcbe85607117d3d05964de496554d47076e30d259bcb

SHA512
c4121d7240317509d0a63992c73f0e631a2744511eef58abfdbf01c1305c573a4e73fd559d22461d0467d3f6fcc09b9b3dc1e2e85647c9fc33a43f9ef3a2432c

Download Submit
C:\Users\Admin\AppData\Local\Sm7b\dialer.exe

Filesize
39KB

MD5
b2626bdcf079c6516fc016ac5646df93

SHA1
838268205bd97d62a31094d53643c356ea7848a6

SHA256
e3ac5e6196f3a98c1946d85c653866c318bb2a86dd865deffa7b52f665d699bb

SHA512
615cfe1f91b895513c687906bf3439ca352afcadd3b73f950af0a3b5fb1b358168a7a25a6796407b212fde5f803dd880bcdc350d8bac7e7594090d37ce259971

Download Submit
C:\Users\Admin\AppData\Local\sjahLv5b\WINMM.dll

Filesize
5KB

MD5
19cf645c784332e8c774077dfcfa5f4a

SHA1
9cb30376990b688e93a88ac7d70bd7c963105fe3

SHA256
45934c4ce36a786f55c886cc22f0d9e8fd891d292439fa050fa09c89814bd3ef

SHA512
3ecb30ad63c9c09d448544f58fee5a7f2d7986722276758930a081df23e4c912b74f2598f98cd64beaa4983a3718770e2c19d7b37d7b6133f13dd3e3394fba05

Download Submit
C:\Users\Admin\AppData\Local\sjahLv5b\WINMM.dll

Filesize
57KB

MD5
7fea509987b245ecc5686b7e5d42549a

SHA1
9fe96d73feaca22a720241859be85a45bfc7b917

SHA256
608f638fd4daf7dc8ed99a5b5066c1ad03ed2f45c97a1970f2213694570d35ef

SHA512
8daf98735fff18264344e0aeb631ec8d16ef393f325a1a85487ed31894ece9b5ccfa97e9734262a84207529709a96d5e804adc364a3c8ac9121f8c49c33bcdc8

Download Submit
C:\Users\Admin\AppData\Local\sjahLv5b\mspaint.exe

Filesize
69KB

MD5
9e8a880dbba53ac8e1eb6e3ab6db4b9a

SHA1
4b16983a1a94445d9538f7f317ba43fd3d6f9f39

SHA256
21ad7c119c7f1bf1b5f9cbab5dcbe7e58e85d4311f8d31ee25213d9784753591

SHA512
eebc65b28ba2997b0788febab0c50ec0a7f1def025153168049d8e8e80566fb4e8bb8fb914bec231b74aa118b2cbc9ff4be3a579c81d0e1d4ce9ca32a5e95dcc

Download Submit
C:\Users\Admin\AppData\Local\sjahLv5b\mspaint.exe

Filesize
53KB

MD5
6d51e7490ce15c86a5b8a51f6e20065a

SHA1
6a21fdd4196d9a6a92ca521e48dd1c36e660d9ef

SHA256
aed9cae8a2f4ed9aa92dc189fa7f825e3d32042b428914683b80f4f8bb65f002

SHA512
3e8c3acc9a3a10bd11c086c39705c518015762fa3ec67d6bcb04f373868881ef0c1ebabf49f2a59ab976e62ef51f9f75c6f95f097d5bd6cfa725a88bb2a1bc45

Download Submit
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Gvhynkxuzozqjys.lnk

Filesize
1KB

MD5
3729858afb3686baf10cccd8e2843d90

SHA1
929a8d204ffe6e85bcbfa5a9beade516fd2c7d19

SHA256
03a13b9fd12326dca6dd3d076e1687c7390b7a96025b40454a04442aa35b9771

SHA512
02e64f42186dcb37af513cb45a4c3499d04777b11dc5d70746b1d7dcb5cbd15a61976e71249d316e0b4871feadc8820f88caee5e6d16daedd9452fedeb306ab6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\xVjKvZ\TAPI32.dll

Filesize
57KB

MD5
bc604a275a2897f3e4ff65c32a93f520

SHA1
e3df3e216e01ffcb2ebd0f719389cc8e4706c857

SHA256
bcae55351b7d9b57b242aea50fcc0a69b2f8a76ec701d3bf6966f58523dcf703

SHA512
c2ec34fb5dbd0d1a3c4f0f536ffd908881d511293c38600773e87dd53402101f5f4798ff02fc825b2ebe0ab5b775cd10500c92bb5b774bace0886a7217eb91f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\UIboxyv1vD\DUI70.dll

Filesize
9KB

MD5
e5ec27c9beaab876092e9f3d7e8e50f2

SHA1
ebff4143b8bbdde055a9f5d927db067ed7e0a50e

SHA256
957d7b9404eb57324ba5bd9144394f4663d0b0b1fa45e54a106b101dd4d9dec9

SHA512
a4ae4b7dc5707c7717b7cb98cc4cee2b80c9fc8c615db9d1a685650232e7a73b86cfb808cb2d2c3e49d559539e2b51194fcfa75818bc39f2c2af397c5a383378

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\WA68j\WINMM.dll

Filesize
1KB

MD5
28c5d81cf065b6e1e81a9c81004cff4f

SHA1
fea5b9a192ff78f40b1e9d8f30ff6772f5509c0c

SHA256
296fcc85cb5aa7ee47a0f836ee7d728200a011b383957253fa3a06f32e165fa7

SHA512
5ddb467b8c968b5e6aaf09d0677cc185b04d6ee04cd6652ace2b24a2ab88fc2eed21e50c79304995a04287ef199bdae5e5f08879d1de60582d9b1865f4883f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\WA68j\mspaint.exe

Filesize
1KB

MD5
1056e333ad38d7c3b434e57a2c1553aa

SHA1
68905685e95b7734710e2ac00e15b14a5686d0d2

SHA256
5b05d82965368da82401136b2ab50850c2ff751385000996c2c4bb3ed52b0260

SHA512
21cb051c47dfad604a2103fc931a30ca3c23d04f5e328fb222918691e773318dcdd5a3bb542bf4adb35ac0888749ff5a96ad584424f86b07cc01e0305c0d0d80

Download Submit
memory/1208-79-0x000001E1E81C0000-0x000001E1E81C7000-memory.dmp

Filesize
28KB

Download
memory/1208-77-0x0000000140000000-0x00000001401BC000-memory.dmp

Filesize
1.7MB

Download
memory/1208-83-0x0000000140000000-0x00000001401BC000-memory.dmp

Filesize
1.7MB

Download
memory/1208-76-0x0000000140000000-0x00000001401BC000-memory.dmp

Filesize
1.7MB

Download
memory/1304-0-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/1304-3-0x000001A6A21F0000-0x000001A6A21F7000-memory.dmp

Filesize
28KB

Download
memory/1304-1-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/1304-8-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/2788-95-0x0000000140000000-0x00000001401BC000-memory.dmp

Filesize
1.7MB

Download
memory/2788-101-0x0000000140000000-0x00000001401BC000-memory.dmp

Filesize
1.7MB

Download
memory/2788-97-0x000001FBCECE0000-0x000001FBCECE7000-memory.dmp

Filesize
28KB

Download
memory/3136-39-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-47-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-33-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-31-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-29-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-28-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-27-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-25-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-24-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-23-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-22-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-19-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-18-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-17-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-16-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-55-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-14-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-13-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-56-0x00007FFDF1A40000-0x00007FFDF1A50000-memory.dmp

Filesize
64KB

Download
memory/3136-7-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-5-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/3136-65-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-67-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-48-0x0000000000600000-0x0000000000607000-memory.dmp

Filesize
28KB

Download
memory/3136-42-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-34-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-44-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-46-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-45-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-43-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-36-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-40-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-41-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-38-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-37-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-35-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-32-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-30-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-26-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-10-0x00007FFDF143A000-0x00007FFDF143B000-memory.dmp

Filesize
4KB

Download
memory/3136-11-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-21-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-12-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-20-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-15-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/3136-9-0x0000000140000000-0x00000001401BA000-memory.dmp

Filesize
1.7MB

Download
memory/5028-118-0x0000000140000000-0x0000000140200000-memory.dmp

Filesize
2.0MB

Download
memory/5028-110-0x0000000140000000-0x0000000140200000-memory.dmp

Filesize
2.0MB

Download
memory/5028-113-0x00000132FB410000-0x00000132FB417000-memory.dmp

Filesize
28KB

Download