Overview

overview

7

Static

static

1

dridex

windows10-2004_x64

7

Analysis

  • max time kernel
    4265059s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    15-01-2022 01:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17a6638d6a4ae2a8d8a70746cdd8ea5992b71bd3c7997652e9b2f1f15d25b8b4.exe

  • Size

    12.5MB

  • MD5

    6851a3346e8ac3d2bf0fcf6866b03b67

  • SHA1

    06137a14a871c66d64d3db247980ce35e75945a0

  • SHA256

    17a6638d6a4ae2a8d8a70746cdd8ea5992b71bd3c7997652e9b2f1f15d25b8b4

  • SHA512

    ea59764dc0aa3afafdbf1e4c1a8ccfc209ebd7592cd49a13aa2ea03b512cbda1d8f1fcc4eefd1a81e373b41035cfc2fd289b959951cbb7551a59e2e8e40a02c3

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17a6638d6a4ae2a8d8a70746cdd8ea5992b71bd3c7997652e9b2f1f15d25b8b4.exe
    "C:\Users\Admin\AppData\Local\Temp\17a6638d6a4ae2a8d8a70746cdd8ea5992b71bd3c7997652e9b2f1f15d25b8b4.exe"
    1⤵
    • Loads dropped DLL
    PID:3768
  • C:\Windows\system32\MusNotification.exe
    C:\Windows\system32\MusNotification.exe
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2544

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nss6172.tmp\System.dll
    MD5

    2e025e2cee2953cce0160c3cd2e1a64e

    SHA1

    dec3da040ea72d63528240598bf14f344efb2a76

    SHA256

    d821a62802900b068dcf61ddc9fdff2f7ada04b706815ab6e5038b21543da8a5

    SHA512

    3cafce382b605a68e5a3f35f95b32761685112c5a9da9f87b0a06ec13da4155145bd06ffb63131bf87c3dc8bd61cb085884c5e78c832386d70397e3974854860

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nss6172.tmp\nsDialogs.dll
    MD5

    65373b20dbff5c3834548dd7330bb0c1

    SHA1

    18a160aa0ba10be95f7a95b244c3bf02a3bbfcd6

    SHA256

    57a001c9770c864f983aa33e4c81e60cac4335b83dc036e269f0727a629dd221

    SHA512

    4634b60a83f2524050970ac6c991f4dbfdbbd98a1173415dbb46fe6c8932b1cb2a758ba77d0c8eae5c6134d899135ea4094023f1145b6b5ee78d3728ebd8ef4a

    Download Submit