Overview

overview

8

Static

static

dridex

windows10_x64

8

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-09-2021 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11337bf0694d4d5440ac33b274db7af4141913f4a0cfe37beb2a3a06eb930c38.exe

  • Size

    15.0MB

  • MD5

    54bc3564845e02383e918099be7595fa

  • SHA1

    6414544b7e8a4e960c870a9a92b1700f227a5f03

  • SHA256

    11337bf0694d4d5440ac33b274db7af4141913f4a0cfe37beb2a3a06eb930c38

  • SHA512

    0125c20be6be24de8156aa879d2aa0f4a9d657dd2a729a3e1026818d5141618c56dbe5142fbb0ac68cf89f76568099cc2adf9f39a0c4e2ff0fd1fe83eedcac48

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11337bf0694d4d5440ac33b274db7af4141913f4a0cfe37beb2a3a06eb930c38.exe
    "C:\Users\Admin\AppData\Local\Temp\11337bf0694d4d5440ac33b274db7af4141913f4a0cfe37beb2a3a06eb930c38.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\is-L9Q2B.tmp\11337bf0694d4d5440ac33b274db7af4141913f4a0cfe37beb2a3a06eb930c38.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-L9Q2B.tmp\11337bf0694d4d5440ac33b274db7af4141913f4a0cfe37beb2a3a06eb930c38.tmp" /SL5="$401C8,15170975,270336,C:\Users\Admin\AppData\Local\Temp\11337bf0694d4d5440ac33b274db7af4141913f4a0cfe37beb2a3a06eb930c38.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:2500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-L9Q2B.tmp\11337bf0694d4d5440ac33b274db7af4141913f4a0cfe37beb2a3a06eb930c38.tmp
    MD5

    a667daac0e266c65f93dd5a93afb36d8

    SHA1

    64d8b21c34dde58db2a01d65b7b971279b956226

    SHA256

    a0fc70cddaed684779daafa857ae97e4b97792c036091af094a306521e8e68b3

    SHA512

    c45077e9d5a3318e4dd83c88585f820c28e209cc974e5f640f6499ee40ed43f6980b659d059b43e77ac97cf9d2a938282ae3755be3ea477a4b9543f5ae0b8c4e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-KJ71R.tmp\InnoCallback.dll
    MD5

    1c55ae5ef9980e3b1028447da6105c75

    SHA1

    f85218e10e6aa23b2f5a3ed512895b437e41b45c

    SHA256

    6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

    SHA512

    1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-KJ71R.tmp\InnoCallback.dll
    MD5

    1c55ae5ef9980e3b1028447da6105c75

    SHA1

    f85218e10e6aa23b2f5a3ed512895b437e41b45c

    SHA256

    6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

    SHA512

    1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-KJ71R.tmp\botva2.dll
    MD5

    ef899fa243c07b7b82b3a45f6ec36771

    SHA1

    4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

    SHA256

    da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

    SHA512

    3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-KJ71R.tmp\botva2.dll
    MD5

    ef899fa243c07b7b82b3a45f6ec36771

    SHA1

    4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

    SHA256

    da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

    SHA512

    3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-KJ71R.tmp\libMaskVPN.dll
    MD5

    3d88c579199498b224033b6b66638fb8

    SHA1

    6f6303288e2206efbf18e4716095059fada96fc4

    SHA256

    5bccb86319fc90210d065648937725b14b43fa0c96f9da56d9984e027adebbc3

    SHA512

    9740c521ed38643201ed4c2574628454723b9213f12e193c11477e64a2c03daa58d2a48e70df1a7e9654c50a80049f3cf213fd01f2b74e585c3a86027db19ec9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-KJ71R.tmp\libMaskVPN.dll
    MD5

    3d88c579199498b224033b6b66638fb8

    SHA1

    6f6303288e2206efbf18e4716095059fada96fc4

    SHA256

    5bccb86319fc90210d065648937725b14b43fa0c96f9da56d9984e027adebbc3

    SHA512

    9740c521ed38643201ed4c2574628454723b9213f12e193c11477e64a2c03daa58d2a48e70df1a7e9654c50a80049f3cf213fd01f2b74e585c3a86027db19ec9

    Download Submit

  • memory/2164-118-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2500-123-0x00000000038E0000-0x00000000038E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2500-116-0x0000000000000000-mapping.dmp

    Download

  • memory/2500-122-0x00000000033D0000-0x00000000036B0000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2500-126-0x0000000004E70000-0x0000000004E7F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2500-119-0x00000000005C0000-0x000000000070A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2500-129-0x0000000005000000-0x0000000005015000-memory.dmp

    Filesize

    84KB

    Download