dridex | 02ba693d75dee6a99d3a2414f6a426940696a5ec5d2d7c8f368f929697e55e54

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 12:27

Target

1a1d1c363b8fa960fa01c5aa2e3a125e_JaffaCakes118.dll
Size

728KB
MD5

1a1d1c363b8fa960fa01c5aa2e3a125e
SHA1

c566fecef139324aa50038848d2faaf76d7b92db
SHA256

02ba693d75dee6a99d3a2414f6a426940696a5ec5d2d7c8f368f929697e55e54
SHA512

f9103433f7de855790009b22cacf6e36d076fb77e053482654485f3ae5bc955f4969d71432eebac2122fc70534d63a6bee712e26ed5fd336581c8876ded45ae3
SSDEEP

12288:cfoMVRvBQHTfV9QVWYjikJM6TpHjSQS/a/CzDMqT7YML8FEczX5eCX9:cfoMP5Q7VFYjif61jSQAQK7Y4QoC

Score

10^/10

dridex 10444 botnet

Family

dridex

Botnet

10444

194.225.58.214:443

211.110.44.63:5353

69.164.207.140:3388

198.57.200.100:3786

rc4.plain

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 4588	1436	regsvr32.exe	80
PID 1436 wrote to memory of 4588	1436	regsvr32.exe	80
PID 1436 wrote to memory of 4588	1436	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1a1d1c363b8fa960fa01c5aa2e3a125e_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1a1d1c363b8fa960fa01c5aa2e3a125e_JaffaCakes118.dll
  2⤵
  PID:4588

memory/4588-0-0x0000000074B80000-0x0000000074C44000-memory.dmp

Filesize
784KB

Download
memory/4588-3-0x0000000074C36000-0x0000000074C3A000-memory.dmp

Filesize
16KB

Download
memory/4588-4-0x0000000074B80000-0x0000000074C44000-memory.dmp

Filesize
784KB

Download
memory/4588-5-0x0000000074B80000-0x0000000074C44000-memory.dmp

Filesize
784KB

Download
memory/4588-7-0x0000000074B80000-0x0000000074C44000-memory.dmp

Filesize
784KB

Download