Overview

overview

9

Static

static

dridex

windows10-1703-x64

9

Analysis

  • max time kernel
    50s
  • max time network
    63s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/09/2022, 00:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d7704e821b371461de0fb1b61c1d9e44e89d585b81ba88730fe1061612bccee.exe

  • Size

    1.8MB

  • MD5

    5782a2eebbe543ecf16e47c59ac57dc3

  • SHA1

    27c6eb8c1f8d49012e102d83882188f1db119e6e

  • SHA256

    4d7704e821b371461de0fb1b61c1d9e44e89d585b81ba88730fe1061612bccee

  • SHA512

    7c87acf8494bcc39f2e9a50558c0e628cbd2ef73c74ce60371f9c3b642bbdf04cdca71fae7f42609403dbc1dff8f84224858ba4d47692fb5ae8a170d8ff56f23

  • SSDEEP

    49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

Score
9/10
evasiontrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d7704e821b371461de0fb1b61c1d9e44e89d585b81ba88730fe1061612bccee.exe
    "C:\Users\Admin\AppData\Local\Temp\4d7704e821b371461de0fb1b61c1d9e44e89d585b81ba88730fe1061612bccee.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Windows\SysWOW64\schtasks.exe
      /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
      2⤵
      • Creates scheduled task(s)
      PID:3560
  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Executes dropped EXE
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3336
    • C:\Windows\SysWOW64\schtasks.exe
      /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
      2⤵
      • Creates scheduled task(s)
      PID:776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    1.8MB

    MD5

    5782a2eebbe543ecf16e47c59ac57dc3

    SHA1

    27c6eb8c1f8d49012e102d83882188f1db119e6e

    SHA256

    4d7704e821b371461de0fb1b61c1d9e44e89d585b81ba88730fe1061612bccee

    SHA512

    7c87acf8494bcc39f2e9a50558c0e628cbd2ef73c74ce60371f9c3b642bbdf04cdca71fae7f42609403dbc1dff8f84224858ba4d47692fb5ae8a170d8ff56f23

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    1.8MB

    MD5

    5782a2eebbe543ecf16e47c59ac57dc3

    SHA1

    27c6eb8c1f8d49012e102d83882188f1db119e6e

    SHA256

    4d7704e821b371461de0fb1b61c1d9e44e89d585b81ba88730fe1061612bccee

    SHA512

    7c87acf8494bcc39f2e9a50558c0e628cbd2ef73c74ce60371f9c3b642bbdf04cdca71fae7f42609403dbc1dff8f84224858ba4d47692fb5ae8a170d8ff56f23

    Download Submit

  • memory/2744-159-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-153-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-124-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-125-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-126-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-127-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-129-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-128-0x0000000000F20000-0x000000000123F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2744-130-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-131-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-132-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-133-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-134-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-135-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-136-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-137-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-138-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-139-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-140-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-141-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-142-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-143-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-144-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-145-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-146-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-147-0x0000000001640000-0x0000000001684000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2744-148-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-149-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-150-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-151-0x0000000000F20000-0x000000000123F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2744-152-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-161-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-154-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-155-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-157-0x0000000000F20000-0x000000000123F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2744-156-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-158-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-122-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-123-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-160-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-167-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-163-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-164-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-165-0x0000000000F21000-0x0000000000F23000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2744-166-0x0000000000F21000-0x0000000000F23000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2744-162-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-168-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-174-0x0000000000F20000-0x000000000123F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2744-189-0x0000000000F20000-0x000000000123F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2744-190-0x0000000001640000-0x0000000001684000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2744-120-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-121-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3336-195-0x0000000000FC0000-0x00000000012DF000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3336-260-0x0000000000FC0000-0x00000000012DF000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3336-259-0x0000000000780000-0x00000000008CA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3336-258-0x0000000000FC0000-0x00000000012DF000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3336-236-0x0000000000FC0000-0x00000000012DF000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3336-235-0x0000000000780000-0x00000000008CA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3560-178-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-177-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-179-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-180-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-181-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-170-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-185-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-182-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-176-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-175-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-183-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-173-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-172-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-171-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-184-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-186-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-187-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3560-188-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download