Overview

overview

1

Static

static

dridex

windows10-1703-x64

1

Resubmissions

03-08-2023 23:45

230803-3rv8asge64 10

04-08-2022 12:43

220804-px1s3sfhfn 1

Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220722-en
  • resource tags

    arch:x64arch:x86image:win10-20220722-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04-08-2022 12:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b59430d733e346aef69dc5992cee0f06d8dbfca7744d212159528c89d1008953.dll

  • Size

    297KB

  • MD5

    d38f6f01bb926df07d34de0649f608f6

  • SHA1

    8a3bd09ea156ede59f527af01412e66181b6d74c

  • SHA256

    b59430d733e346aef69dc5992cee0f06d8dbfca7744d212159528c89d1008953

  • SHA512

    73c575e5aa7963ca3d3c8cd2b08c83178030ed3248c215ec766628fad02ece83bb76bf3da613f4591485bf7610e9422eefa3ddbbb53885021338976087395903

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b59430d733e346aef69dc5992cee0f06d8dbfca7744d212159528c89d1008953.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Windows\system32\cmd.exe
      cmd /c "echo Commands" >> C:\Users\Admin\AppData\Local\Temp\C6F0.tmp
      2⤵
        PID:4176
      • C:\Windows\system32\cmd.exe
        cmd /c "dir" >> C:\Users\Admin\AppData\Local\Temp\C6F0.tmp
        2⤵
          PID:5020

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\C6F0.tmp
        Filesize

        11B

        MD5

        a67f2061c697fd95f6b28d89b953a51f

        SHA1

        6730b864104f0840fcebf04383d2e3ef7c324a48

        SHA256

        d4bdd82a900fea52cbd442ce8cae201982392d3533d765bfceb7682bc2d16a79

        SHA512

        d9cc7c1593967dbcaf358bc9d394426d97baa7bb6ddeed1767b638c85aa814276eaa3609588b720cab3b2a0b3e36d1d3833dab3e75c9c1a92b8315db61a64cbe

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\C6F0.tmp
        Filesize

        3KB

        MD5

        d625c512da41bd4ed822a9144a047873

        SHA1

        ec415ee56a68837cf8debd83942cab41d179f624

        SHA256

        53b3f491b43f588ac293b6f9b951eca6334bf3166faeadee9ae733af22cc7443

        SHA512

        88fd07035d6ebd326db2627ed5093a700f4aa04276e6c22bf3b9fc15197a37197d292d759f5df1bacad845ad335dd8cf2eb28310f4b03cc5644b1282e1d86ac1

        Download Submit
      • memory/2788-127-0x0000000180000000-0x0000000180012000-memory.dmp
        Filesize

        72KB

        Download
      • memory/4176-132-0x0000000000000000-mapping.dmp
        Download
      • memory/5020-133-0x0000000000000000-mapping.dmp
        Download