Source: Dridex.exe |
Virustotal: Detection: 88% |
Perma Link |
Source: Dridex.exe |
Metadefender: Detection: 86% |
Perma Link |
Source: Dridex.exe |
ReversingLabs: Detection: 100% |
Source: 1.2.Dridex.exe.400000.1.unpack |
Avira: Label: TR/Taranis.403 |
Source: 1.0.Dridex.exe.400000.0.unpack |
Avira: Label: TR/Taranis.403 |
Source: 1.2.Dridex.exe.990000.4.unpack |
Avira: Label: TR/Taranis.403 |
Source: 3.0.Dridex.exe.400000.0.unpack |
Avira: Label: TR/Taranis.403 |
Source: 1.1.Dridex.exe.400000.0.unpack |
Avira: Label: TR/Taranis.403 |
Source: 1.2.Dridex.exe.26f0000.7.unpack |
Avira: Label: TR/Taranis.403 |
Source: Dridex.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_2_00401160 MapViewOfFile,GetLocaleInfoW,FindFirstFileA,MessageBoxIndirectA,RegDeleteKeyW,GetCharABCWidthsFloatA,FindNextFileW,EnableWindow,GetTimeZoneInformation,ExitProcess, |
1_2_00401160 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_1_00401160 MapViewOfFile,GetLocaleInfoW,FindFirstFileA,RegDeleteKeyW,GetCharABCWidthsFloatA,FindNextFileW,GetTimeZoneInformation,ExitProcess, |
1_1_00401160 |
Source: global traffic |
TCP traffic: 192.168.2.3:49713 -> 94.73.155.12:2448 |
Source: global traffic |
TCP traffic: 192.168.2.3:49723 -> 103.252.100.44:4493 |
Source: global traffic |
TCP traffic: 192.168.2.3:49726 -> 89.108.71.148:8843 |
Source: global traffic |
TCP traffic: 192.168.2.3:49729 -> 221.132.35.56:8843 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.73.155.12 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.252.100.44 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.108.71.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 221.132.35.56 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_2_00980018 LoadLibraryA,CreateProcessW,GetThreadContext,NtReadVirtualMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,CreateFileW,TerminateProcess,CreateFileW,CreateFileW,CreateFileW,CreateFileW,FindCloseChangeNotification,CreateToolhelp32Snapshot,Process32First,FindCloseChangeNotification,CreateFileA,CreateFileA,CreateFileW,CreateFileW,CreateFileW,VirtualAlloc,ReadFile,FindCloseChangeNotification,VirtualAlloc, |
1_2_00980018 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_0040AC50 |
3_2_0040AC50 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_00412888 |
3_2_00412888 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_0040BB48 |
3_2_0040BB48 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_0041434E |
3_2_0041434E |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_00407B1D |
3_2_00407B1D |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_00413F88 |
3_2_00413F88 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_0040AC50 |
3_1_0040AC50 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_00412888 |
3_1_00412888 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_0040BB48 |
3_1_0040BB48 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_0041434E |
3_1_0041434E |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_00407B1D |
3_1_00407B1D |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_00413F88 |
3_1_00413F88 |
Source: Dridex.exe, 00000001.00000002.210644885.0000000000930000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameMFC42.DLL.MUIR vs Dridex.exe |
Source: Dridex.exe, 00000001.00000002.213138111.00000000026F0000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenamemation.exe vs Dridex.exe |
Source: Dridex.exe, 00000001.00000002.210674389.0000000000960000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameuser32j% vs Dridex.exe |
Source: Dridex.exe, 00000003.00000002.603461689.0000000003E10000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemswsock.dll.muij% vs Dridex.exe |
Source: Dridex.exe |
Binary or memory string: OriginalFilenamemation.exe vs Dridex.exe |
Source: Dridex.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine |
Classification label: mal84.evad.winEXE@3/0@0/4 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_2_00980018 LoadLibraryA,CreateProcessW,GetThreadContext,NtReadVirtualMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,CreateFileW,TerminateProcess,CreateFileW,CreateFileW,CreateFileW,CreateFileW,FindCloseChangeNotification,CreateToolhelp32Snapshot,Process32First,FindCloseChangeNotification,CreateFileA,CreateFileA,CreateFileW,CreateFileW,CreateFileW,VirtualAlloc,ReadFile,FindCloseChangeNotification,VirtualAlloc, |
1_2_00980018 |
Source: C:\Users\user\Desktop\Dridex.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: Dridex.exe |
Virustotal: Detection: 88% |
Source: Dridex.exe |
Metadefender: Detection: 86% |
Source: Dridex.exe |
ReversingLabs: Detection: 100% |
Source: C:\Users\user\Desktop\Dridex.exe |
File read: C:\Users\user\Desktop\Dridex.exe |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\Dridex.exe 'C:\Users\user\Desktop\Dridex.exe' |
|
Source: C:\Users\user\Desktop\Dridex.exe |
Process created: C:\Users\user\Desktop\Dridex.exe C:\Users\user\Desktop\Dridex.exe |
|
Source: C:\Users\user\Desktop\Dridex.exe |
Process created: C:\Users\user\Desktop\Dridex.exe C:\Users\user\Desktop\Dridex.exe |
Jump to behavior |
Source: Dridex.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: C:\Users\user\Desktop\Dridex.exe |
Unpacked PE file: 3.2.Dridex.exe.400000.0.unpack .text:R;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.data1:W;.reloc:R; |
Source: Dridex.exe |
Static PE information: real checksum: 0x22e32 should be: 0x2b73e |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_2_004025C0 push eax; ret |
1_2_004025EE |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_2_009840C0 push eax; ret |
1_2_009840EE |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_1_004025C0 push eax; ret |
1_1_004025EE |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_00410075 push 4D8A84E3h; retf |
3_2_0041007A |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_0041009D push 4D8A84E3h; retf |
3_2_004100A2 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_0041017B push cs; iretd |
3_2_0041017E |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_004105D4 pushfd ; ret |
3_2_004105E5 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_004105AF pushfd ; ret |
3_2_004105BD |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_004101B6 push cs; retf |
3_2_004101BE |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_00414EDC push edi; ret |
3_2_00414EE2 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_00410075 push 4D8A84E3h; retf |
3_1_0041007A |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_0041009D push 4D8A84E3h; retf |
3_1_004100A2 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_0041017B push cs; iretd |
3_1_0041017E |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_004105D4 pushfd ; ret |
3_1_004105E5 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_004105AF pushfd ; ret |
3_1_004105BD |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_004101B6 push cs; retf |
3_1_004101BE |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_00414EDC push edi; ret |
3_1_00414EE2 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_2_00401C40 IsIconic,#470,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#755,#2379, |
1_2_00401C40 |
Source: C:\Users\user\Desktop\Dridex.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: VBoxService.exe VBoxService.exe VBoxService.exe VBoxService.exe vmtoolsd.exe vmtoolsd.exe |
1_2_00980018 |
Source: C:\Users\user\Desktop\Dridex.exe |
File opened: C:\myapp.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 344000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 290000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 278000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -128000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -131000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -163000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -344000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -148000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -124000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -147000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -290000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -358000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -159000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -174000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -278000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -169000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe TID: 1736 |
Thread sleep time: -156000s >= -30000s |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Dridex.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_2_00401160 MapViewOfFile,GetLocaleInfoW,FindFirstFileA,MessageBoxIndirectA,RegDeleteKeyW,GetCharABCWidthsFloatA,FindNextFileW,EnableWindow,GetTimeZoneInformation,ExitProcess, |
1_2_00401160 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_1_00401160 MapViewOfFile,GetLocaleInfoW,FindFirstFileA,RegDeleteKeyW,GetCharABCWidthsFloatA,FindNextFileW,GetTimeZoneInformation,ExitProcess, |
1_1_00401160 |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 128000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 131000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 163000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 344000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 148000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 124000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 147000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 290000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 179000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 159000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 174000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 278000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 169000 |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Thread delayed: delay time: 156000 |
Jump to behavior |
Source: Dridex.exe |
Binary or memory string: VBoxService.exe |
Source: Dridex.exe |
Binary or memory string: vmtoolsd.exe |
Source: C:\Users\user\Desktop\Dridex.exe |
Process information queried: ProcessInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_2_00983BD4 push dword ptr fs:[00000030h] |
1_2_00983BD4 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_2_0040E874 mov eax, dword ptr fs:[00000030h] |
3_2_0040E874 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 3_1_0040E874 mov eax, dword ptr fs:[00000030h] |
3_1_0040E874 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_2_00980018 LoadLibraryA,CreateProcessW,GetThreadContext,NtReadVirtualMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,CreateFileW,TerminateProcess,CreateFileW,CreateFileW,CreateFileW,CreateFileW,FindCloseChangeNotification,CreateToolhelp32Snapshot,Process32First,FindCloseChangeNotification,CreateFileA,CreateFileA,CreateFileW,CreateFileW,CreateFileW,VirtualAlloc,ReadFile,FindCloseChangeNotification,VirtualAlloc, |
1_2_00980018 |
Source: C:\Users\user\Desktop\Dridex.exe |
Memory written: C:\Users\user\Desktop\Dridex.exe base: 400000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: LoadLibraryA,CreateProcessW,GetThreadContext,NtReadVirtualMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,CreateFileW,TerminateProcess,CreateFileW,CreateFileW,CreateFileW,CreateFileW,FindCloseChangeNotification,CreateToolhelp32Snapshot,Process32First,FindCloseChangeNotification,CreateFileA,CreateFileA,CreateFileW,CreateFileW,CreateFileW,VirtualAlloc,ReadFile,FindCloseChangeNotification,VirtualAlloc, explorer.exe.\ |
1_2_00980018 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: LoadLibraryA,CreateProcessW,GetThreadContext,NtReadVirtualMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,CreateFileW,TerminateProcess,CreateFileW,CreateFileW,CreateFileW,CreateFileW,FindCloseChangeNotification,CreateToolhelp32Snapshot,Process32First,FindCloseChangeNotification,CreateFileA,CreateFileA,CreateFileW,CreateFileW,CreateFileW,VirtualAlloc,ReadFile,FindCloseChangeNotification,VirtualAlloc, explorer.exe.\ |
1_2_00980018 |
Source: C:\Users\user\Desktop\Dridex.exe |
Process created: C:\Users\user\Desktop\Dridex.exe C:\Users\user\Desktop\Dridex.exe |
Jump to behavior |
Source: Dridex.exe, 00000003.00000002.601260180.00000000022A0000.00000002.00000001.sdmp |
Binary or memory string: Program Manager |
Source: Dridex.exe, 00000003.00000002.601260180.00000000022A0000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: Dridex.exe, 00000003.00000002.601260180.00000000022A0000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: Dridex.exe, 00000003.00000002.601260180.00000000022A0000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: MapViewOfFile,GetLocaleInfoW,FindFirstFileA,MessageBoxIndirectA,RegDeleteKeyW,GetCharABCWidthsFloatA,FindNextFileW,EnableWindow,GetTimeZoneInformation,ExitProcess, |
1_2_00401160 |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: MapViewOfFile,GetLocaleInfoW,FindFirstFileA,RegDeleteKeyW,GetCharABCWidthsFloatA,FindNextFileW,GetTimeZoneInformation,ExitProcess, |
1_1_00401160 |
Source: C:\Users\user\Desktop\Dridex.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate |
Jump to behavior |
Source: C:\Users\user\Desktop\Dridex.exe |
Code function: 1_2_00401160 MapViewOfFile,GetLocaleInfoW,FindFirstFileA,MessageBoxIndirectA,RegDeleteKeyW,GetCharABCWidthsFloatA,FindNextFileW,EnableWindow,GetTimeZoneInformation,ExitProcess, |
1_2_00401160 |
Source: C:\Users\user\Desktop\Dridex.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |