dridex | 972a7c7225ddd802c9c9cb9922b2093d96bba57e3138ef918e94884858976caf

Analysis

max time kernel
3s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d9ae0ed5c0c8c5ffd0c9a0e02fa8bad.dll
Size

1.4MB
MD5

1d9ae0ed5c0c8c5ffd0c9a0e02fa8bad
SHA1

242695be2fdd86026c48618af478f9686fcbad55
SHA256

972a7c7225ddd802c9c9cb9922b2093d96bba57e3138ef918e94884858976caf
SHA512

7a6244df30e43c56e99dc8f8917a4c9e8d614f012ad6d0366626d0a5fadffae149325ba9e3dc0d899042ff672f21fd72461ee16b61bea145927cdb4b55154415
SSDEEP

12288:6VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1N1:nfP7fWsK5z9A+WGAW+V5SB6Ct4bnbN1

Score

10^/10

dridex botnet evasion payload trojan

Malware Config

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Shellcode 1 IoCs

Detects Dridex Payload shellcode injected in Explorer process.

botnet payload

resource	yara_rule
behavioral2/memory/3460-4-0x0000000002410000-0x0000000002411000-memory.dmp	dridex_stager_shellcode

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d9ae0ed5c0c8c5ffd0c9a0e02fa8bad.dll,#1
1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:1856

C:\Windows\system32\SystemSettingsAdminFlows.exe
C:\Windows\system32\SystemSettingsAdminFlows.exe
1⤵
PID:2308

C:\Users\Admin\AppData\Local\gExl7Ja\SystemSettingsAdminFlows.exe
C:\Users\Admin\AppData\Local\gExl7Ja\SystemSettingsAdminFlows.exe
1⤵
PID:5040

C:\Windows\system32\Magnify.exe
C:\Windows\system32\Magnify.exe
1⤵
PID:1712

C:\Users\Admin\AppData\Local\sOG7650WR\Magnify.exe
C:\Users\Admin\AppData\Local\sOG7650WR\Magnify.exe
1⤵
PID:3628

C:\Users\Admin\AppData\Local\etDa\perfmon.exe
C:\Users\Admin\AppData\Local\etDa\perfmon.exe
1⤵
PID:1116

C:\Windows\system32\perfmon.exe
C:\Windows\system32\perfmon.exe
1⤵
PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\etDa\credui.dll

Filesize
96KB

MD5
4afa896de801bc3214954b06ec60f3b1

SHA1
12c9c2e6caf3062b533d40e5ef5d2cf495835b90

SHA256
dc309fc19b56e5ffd87900997876e752bb353973f31275154b805df5420d4189

SHA512
fd0204295424728973fb5e7276fc1a31c287668d3cc58f01fc4e9a1015847d8220dd337fe1382622d3ffe718b45b341d2f759946b25e91f21ab7a142751e02e5

Download Submit
C:\Users\Admin\AppData\Local\etDa\perfmon.exe

Filesize
5KB

MD5
a74d766de69a78d9645562adff435355

SHA1
f942806807c6b35bcfca7ca4050ca668f2f6ff23

SHA256
4fbe75b7eeea9770cacbb089dd353867184084dd47dde7cad6b5c2bf02b988b4

SHA512
8d01b27a8d162d4996f1de13ab8224cb0021358a36f3038ad2789bc4144ccc802d10bc55672fa0bf12fcc1b678b39b9c116defb0937c7f340fc694e171c1b8fb

Download Submit
C:\Users\Admin\AppData\Local\gExl7Ja\DUI70.dll

Filesize
28KB

MD5
2baff390f7a7720d703edaa33d5fe8df

SHA1
7c4fd22c1de6960984888d9ef4983fd97fdc5243

SHA256
29ccf0e8b8e7876d81388e12caa9f0bf724b084a0df0340aa52391a25adfaa67

SHA512
dd5b500ff696aa4f26521a3ed61e944c397ba4593c5085adf6fc5ffe33ec2e0ee3e7a853f298879765d2e04a168ab34e8ac9666f1ff1918b256aec0154e73ab5

Download Submit
C:\Users\Admin\AppData\Local\gExl7Ja\DUI70.dll

Filesize
31KB

MD5
e4761c85b94084abb1e9d58091a451b0

SHA1
b194c7b5466b6488beb23cf269c525ca9c94fe54

SHA256
01c894b377dae84c7ea8f9651d2710c29a17323790090820f95076d5f3de8fd0

SHA512
272db4d399a358077097120a2632d0bef26563123451bb8ad1bf4c1e9cadf9b83de51fdccf4041999e7cfb7469958a45e968bbf85df0489583fda012e1c50f6a

Download Submit
C:\Users\Admin\AppData\Local\gExl7Ja\SystemSettingsAdminFlows.exe

Filesize
16KB

MD5
9a1156e5517ddde78536a2310d0b23c8

SHA1
b4d8650f5a6fe218a6d4eeafbbc0ad2732bcf7fc

SHA256
6a962d0d78053b40b0ea0882a96c55c9b768eb8508b4488b6a1216481cfe8fa4

SHA512
9ff7fb7a6c52bc671541edee826b79166c3c42836c19e2c7f240a4822115a39b5022acb547d741d1934006589a921b54759e4721e84a71a8e42e39ffb4e13610

Download Submit
C:\Users\Admin\AppData\Local\gExl7Ja\SystemSettingsAdminFlows.exe

Filesize
13KB

MD5
13069d05bf5f17d8fcddb742ceded4c1

SHA1
3820c8fa44d93055bea0458e257ca4926693477d

SHA256
5129888e8e03b5af87c0791b79250437ce3b2d6b96b9a6883387b4e5fcda63d3

SHA512
8122d088e603f63a2548442055d1d3da60c73f5813bc51902a2deb0a181343c8d56355779e42421bc067c609e85dce3ed5ffcbe7ba50bcb20d480197eb87de22

Download Submit
C:\Users\Admin\AppData\Local\sOG7650WR\Magnify.exe

Filesize
74KB

MD5
ab0adff5372c79a832aa3340d1b2684f

SHA1
310547dfcd7751761e7fac6a20c72d62f872f95b

SHA256
aa52ac948692e096fc612fee3c573e3d81f2bce1f511df94c20ed8bc66ed5327

SHA512
5e62647dce1d44db978edff9ed8cb65d4235ecaf645568dd65275310eb39d12b059cf907d18c413c91502bcaa7863a7b61915c6afea554c1c700975d6039c3bf

Download Submit
C:\Users\Admin\AppData\Local\sOG7650WR\Magnify.exe

Filesize
32KB

MD5
1a9a6b3287bbd76ee2e75223e0eaf5c1

SHA1
113813c8decbae87a66de0c170c9f3bffdd36ffd

SHA256
aee8db359fa6238dc74f6eb05b0f736a3319f081bcf5904166b18816de5f443c

SHA512
bfc87a2e8c45ad2c09165adc72a17b18975a0efc1c0cd360bb1e7befa5969f3dcb25fade9a995b63e8eb545e2fce36b52893998137b754fa339bc970154415cb

Download Submit
C:\Users\Admin\AppData\Local\sOG7650WR\dwmapi.dll

Filesize
41KB

MD5
720586d7fb84b8f6e024faf414424743

SHA1
f14ca6f9d1a9eebf5fbdb1bd6073943126d1fbb3

SHA256
aae9cb68896bbc210f5ec738cdcab721bbaf4b456d19df9b28a0f044824f2513

SHA512
ea99ca3bbe4d8e89fd58451cf7432121bb2947be0d273a7f72bef6dfafbae8bc4ed17a9bc12632b6c79f516a0763719ef28e9f3b135fd2e3967fbfe4ca15310c

Download Submit
C:\Users\Admin\AppData\Local\sOG7650WR\dwmapi.dll

Filesize
66KB

MD5
235400972d853ee43a2131840ee21721

SHA1
43e85a3eb3b27cac6590fb602225e2e8bc666efa

SHA256
3270cad529973ef1abb284e18d176245f2597686d7651ad1464e34796410a2f6

SHA512
4153ccc4a9a8d4d0b85237e48f52300f891379c893c938b328c48311d452843157c1290fbb6c36b05fa618f3861c2164bb460d6cadd98238e45cb083b06c5519

Download Submit
C:\Users\Admin\AppData\Local\sOG7650WR\dwmapi.dll

Filesize
39KB

MD5
b462e0cc9410309aebf92a0be9514d36

SHA1
242a182dfccf4b14214bba5b8c1ad55ac235d5f1

SHA256
84d0156c2f6510aa9cbcb7d51320a77e784a7c1b0c71a13db12ca3d11640005a

SHA512
956e57664dc3f982cadec0d0a57dabbd8b29c5e5f45bbaea15532649697716a3e8c66dd1569e513549d90d3731f71f62d412220d26d6dc409d74c984fc2bbeb3

Download Submit
C:\Users\Admin\AppData\Local\sOG7650WR\dwmapi.dll

Filesize
11KB

MD5
3253ddd9eac23c1888853063d9a90ffe

SHA1
bd3a32a54528d7be5cbd91ec66a92b314f99a796

SHA256
0443e62d405c5e6e8f74c305f03c906732e3708b30cbb6aedf99630f89efeb1b

SHA512
b3c3b408b1af108356081f79850dc231637b6598e06aab22a2325e993b7788a266d12577bf836b3b84444a41568e6e7fc1685d08ccbd9618c2fc14c93a1aaac1

Download Submit
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Aqwbkkvq.lnk

Filesize
1KB

MD5
58fa42b92745ecee794de1da8044b25d

SHA1
75e20453d1f01fa7f24d143f40d4e2252579e1ca

SHA256
6c6caa6c55e4fb164ad32dd3f4eaa71aa79079b2d2b7afc832c16866f19f98c4

SHA512
88df33cd29bbdaac701311657b8e35fc01b5b234422c271209ab875fed11ea77648330a23d9c3f0d83d600a4078b8c5287680578d838bd36b5aa91f4bf014a20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\mAhdqzUnI\dwmapi.dll

Filesize
17KB

MD5
8fe74db30041f55b9249fdd69b6a8781

SHA1
cb1872d91abdb2bc774fd74061a87820ad9f28e2

SHA256
73d81acddaa621b1645ad505ec0bf71ff05902b72b16041e65d012b2a336e668

SHA512
9b8cc8309fa35853f3f86d5364730998e17e1ffc1b39d955ee4961a505e899e2bf8b11959750b74f55653fb90a5d22bee38410b8c4e825e89be6fc3d16445984

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\FgExmg6opNK\DUI70.dll

Filesize
1KB

MD5
8ae41eddaa0656bf878ce2d0298987cf

SHA1
f9046e9b5d348391e21b86c3e2821664ac4cefe9

SHA256
bacdf5c7e8623078353103cfbc90ba079ac671796a0e1c092061aa2a4194f5df

SHA512
4dc96c3ebb064abbd4d3fb122fcd40a4fb44447fb452b686dc7910474fec06b1de4608263d4ad78894b3554e678f10530ec4e7812ffc3d25636a498eb540a1f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\x7p2\credui.dll

Filesize
37KB

MD5
52ddff23b94e52717a64d7e4c9823f40

SHA1
3954557fb4d83da7308ec86a9a541a6df5d863a4

SHA256
1ddd98adc1291f1533b9df4eafeec509ba0bec7e54c254bd756b9d72906f1c19

SHA512
5991b0d6a86bfde4114da2a8af5a5c0f58fedb677fcb7579e3be72787d1500a792e1a9cb2fadf1c9891bd719bf5161037dea4dc0d9b5d04ee69e54daf1420246

Download Submit
memory/1116-82-0x0000000140000000-0x000000014016C000-memory.dmp

Filesize
1.4MB

Download
memory/1116-85-0x000001FE9A130000-0x000001FE9A137000-memory.dmp

Filesize
28KB

Download
memory/1116-88-0x0000000140000000-0x000000014016C000-memory.dmp

Filesize
1.4MB

Download
memory/1856-8-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/1856-0-0x0000022708940000-0x0000022708947000-memory.dmp

Filesize
28KB

Download
memory/1856-1-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-32-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-22-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-13-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-20-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-33-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-35-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-26-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-30-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-56-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-54-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-45-0x00007FFF17380000-0x00007FFF17390000-memory.dmp

Filesize
64KB

Download
memory/3460-44-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-37-0x0000000000550000-0x0000000000557000-memory.dmp

Filesize
28KB

Download
memory/3460-36-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-31-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-29-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-28-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-27-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-25-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-24-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-23-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-4-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/3460-21-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-19-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-17-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-18-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-16-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-15-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-14-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-12-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-11-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-10-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-9-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-34-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-7-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3460-6-0x00007FFF16E7A000-0x00007FFF16E7B000-memory.dmp

Filesize
4KB

Download
memory/3628-102-0x0000020D64840000-0x0000020D64847000-memory.dmp

Filesize
28KB

Download
memory/3628-107-0x0000000140000000-0x000000014016C000-memory.dmp

Filesize
1.4MB

Download
memory/5040-65-0x0000000140000000-0x00000001401B1000-memory.dmp

Filesize
1.7MB

Download
memory/5040-66-0x00000247C8810000-0x00000247C8817000-memory.dmp

Filesize
28KB

Download
memory/5040-71-0x0000000140000000-0x00000001401B1000-memory.dmp

Filesize
1.7MB

Download