Analysis
-
max time kernel
896s -
max time network
1220s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
20-10-2021 15:47
Static task
static1
General
-
Target
xnma.exe
-
Size
272KB
-
MD5
a6a1cd721b167906fc93aaed78b9e269
-
SHA1
26b3044bf37d97dd73b7f8a50aa96a45b03db561
-
SHA256
48bcae0537f84736120735b1c6da0d8f3d8c2a1b959f0f50f5fa34b1e317401f
-
SHA512
ea61285736545f50dffd31ffd51d6cb870f2cc737ec82628e0f51e2bc02ef33b967e4c48296fee5ffc7e89c2f9fa7f7b9fad92a30683cfc8edf039491adc46aa
Malware Config
Extracted
Family
dridex
C2
46.105.131.86:443
5.39.91.110:691
5.133.242.156:170
64.22.124.239:691
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2596-116-0x0000000000400000-0x0000000000463000-memory.dmp dridex_ldr -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
xnma.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA xnma.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
xnma.exepid process 2596 xnma.exe 2596 xnma.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
xnma.exedescription pid process Token: SeDebugPrivilege 2596 xnma.exe Token: SeTcbPrivilege 2596 xnma.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2596-116-0x0000000000400000-0x0000000000463000-memory.dmpFilesize
396KB