dridex | de71238112f239dc2aadbad129db8beb45a64a5e3da042929a7b85480fdd11a1

Analysis

max time kernel
57s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01-05-2024 20:32

Target

0cc7af63e6b7bb5786a883cc88d84c0f_JaffaCakes118.dll
Size

296KB
MD5

0cc7af63e6b7bb5786a883cc88d84c0f
SHA1

62081e06d03f6332db9d6fb69fc920c887d1fb45
SHA256

de71238112f239dc2aadbad129db8beb45a64a5e3da042929a7b85480fdd11a1
SHA512

f6add26b1ed9d6aebff04731153ae75cf408742dbf8a706f8b87b1ed6d8bc4f4bfdd8df83bc003548c7b6ebfafaa1cdf3233f9aeaf1e83fab4a11e66a71e98c5
SSDEEP

6144:gX0++0XgkCbjM69qzmyEuoUvcEfjQ026I8ZCovc5tffn:0P6JqOnScOjQ/ICovcb3n

Score

10^/10

Family

dridex

Botnet

10444

199.66.90.63:443

85.214.26.7:3389

51.68.224.245:4646

107.175.87.150:3889

rc4.plain

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Dridex Loader 'dmod' strings 2 IoCs

Detects 'dmod' strings in Dridex loader.

Processes:

resource	yara_rule
behavioral1/memory/1760-0-0x0000000075450000-0x000000007549B000-memory.dmp	dridex_ldr_dmod
behavioral1/memory/1760-3-0x0000000075450000-0x000000007549B000-memory.dmp	dridex_ldr_dmod

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2440 wrote to memory of 1760	2440	rundll32.exe	rundll32.exe
PID 2440 wrote to memory of 1760	2440	rundll32.exe	rundll32.exe
PID 2440 wrote to memory of 1760	2440	rundll32.exe	rundll32.exe
PID 2440 wrote to memory of 1760	2440	rundll32.exe	rundll32.exe
PID 2440 wrote to memory of 1760	2440	rundll32.exe	rundll32.exe
PID 2440 wrote to memory of 1760	2440	rundll32.exe	rundll32.exe
PID 2440 wrote to memory of 1760	2440	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cc7af63e6b7bb5786a883cc88d84c0f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cc7af63e6b7bb5786a883cc88d84c0f_JaffaCakes118.dll,#1
  2⤵
  PID:1760

memory/1760-2-0x0000000000100000-0x0000000000106000-memory.dmp

Filesize
24KB

Download
memory/1760-0-0x0000000075450000-0x000000007549B000-memory.dmp

Filesize
300KB

Download
memory/1760-3-0x0000000075450000-0x000000007549B000-memory.dmp

Filesize
300KB

Download