Overview

overview

6

Static

static

dridex

windows10_x64

6

Analysis

  • max time kernel
    85s
  • max time network
    110s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-09-2021 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c04ef2a71f7bb35ef1a0228340be178667770444d576a1f599362caf77f863de.exe

  • Size

    533KB

  • MD5

    282c564a109a67ca23dec6c763dfe30f

  • SHA1

    cd749b5c0a841716b58b98dfb76b7d9e0cd20cd7

  • SHA256

    c04ef2a71f7bb35ef1a0228340be178667770444d576a1f599362caf77f863de

  • SHA512

    9d5cb3ef9486960a5fca0adddbccfc3d5585db408e903242c94fa20ae5975c10d35d86be322f432124d423a1f323cc7e559c27d3781a1af0c3e5a4fbf172ff6a

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c04ef2a71f7bb35ef1a0228340be178667770444d576a1f599362caf77f863de.exe
    "C:\Users\Admin\AppData\Local\Temp\c04ef2a71f7bb35ef1a0228340be178667770444d576a1f599362caf77f863de.exe"
    1⤵
    • Checks processor information in registry
    PID:3608

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3608-116-0x0000000000400000-0x000000000050C000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3608-115-0x00000000021A0000-0x000000000226F000-memory.dmp

    Filesize

    828KB

    Download