dridex | 5d2e121c650aea3012ab7891236953dd3b09672788a7be2e4a74716c59e94d98

Analysis

max time kernel
91s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 19:00

Target

818eb40d9ae3bda113194f718f70db08_JaffaCakes118.dll
Size

324KB
MD5

818eb40d9ae3bda113194f718f70db08
SHA1

2346825b6b6dea431231a15941ce61058855b197
SHA256

5d2e121c650aea3012ab7891236953dd3b09672788a7be2e4a74716c59e94d98
SHA512

f49b847f3776e8b25c9e684f38c9559d2398975c6ee0b5c74e6401e203f500e4fee025999fb5b1915caeb27ca84ad082711f3e111e2708989163faa50aa29643
SSDEEP

6144:dudJKJ4hF7popQTRq3va4jl6u31Ut+Ji370HnBs4NeuVCC:w7yUReva4jlNoQnBXek1

Score

10^/10

dridex 10444 botnet

Family

dridex

Botnet

10444

51.75.24.85:443

46.22.116.163:3074

173.249.46.113:3889

192.241.174.45:4443

rc4.plain

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4116 wrote to memory of 3880	4116	rundll32.exe	rundll32.exe
PID 4116 wrote to memory of 3880	4116	rundll32.exe	rundll32.exe
PID 4116 wrote to memory of 3880	4116	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\818eb40d9ae3bda113194f718f70db08_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4116

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\818eb40d9ae3bda113194f718f70db08_JaffaCakes118.dll,#1
2⤵
PID:3880

memory/3880-2-0x0000000002C00000-0x0000000002C06000-memory.dmp

Filesize
24KB

Download
memory/3880-0-0x00000000752A0000-0x00000000752F1000-memory.dmp

Filesize
324KB

Download
memory/3880-3-0x00000000752A0000-0x00000000752F1000-memory.dmp

Filesize
324KB

Download