Overview

overview

9

Static

static

dridex

windows10-1703-x64

9

Analysis

  • max time kernel
    50s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03-10-2022 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5c807675ef0d70420f5d4141ec903b79a41fe30bb68096786a657358703988a.exe

  • Size

    1.8MB

  • MD5

    06eccd79e2276c2e3ff28f80e7e8e1a9

  • SHA1

    dcf56e343d1773a54a4dd9b2d50c01d5ff41c67c

  • SHA256

    d5c807675ef0d70420f5d4141ec903b79a41fe30bb68096786a657358703988a

  • SHA512

    54dc9f656090b6cf3ac3ffe1336da7bee6ef5151a82efe8b6eaebec73556a38e69a3b548a0044dadd108447e29650086f202ef9138219779d171a57318910482

  • SSDEEP

    49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

Score
9/10
evasiontrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5c807675ef0d70420f5d4141ec903b79a41fe30bb68096786a657358703988a.exe
    "C:\Users\Admin\AppData\Local\Temp\d5c807675ef0d70420f5d4141ec903b79a41fe30bb68096786a657358703988a.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\SysWOW64\schtasks.exe
      /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
      2⤵
      • Creates scheduled task(s)
      PID:2964
  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Executes dropped EXE
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3856
    • C:\Windows\SysWOW64\schtasks.exe
      /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
      2⤵
      • Creates scheduled task(s)
      PID:4448

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    1.8MB

    MD5

    06eccd79e2276c2e3ff28f80e7e8e1a9

    SHA1

    dcf56e343d1773a54a4dd9b2d50c01d5ff41c67c

    SHA256

    d5c807675ef0d70420f5d4141ec903b79a41fe30bb68096786a657358703988a

    SHA512

    54dc9f656090b6cf3ac3ffe1336da7bee6ef5151a82efe8b6eaebec73556a38e69a3b548a0044dadd108447e29650086f202ef9138219779d171a57318910482

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    1.8MB

    MD5

    06eccd79e2276c2e3ff28f80e7e8e1a9

    SHA1

    dcf56e343d1773a54a4dd9b2d50c01d5ff41c67c

    SHA256

    d5c807675ef0d70420f5d4141ec903b79a41fe30bb68096786a657358703988a

    SHA512

    54dc9f656090b6cf3ac3ffe1336da7bee6ef5151a82efe8b6eaebec73556a38e69a3b548a0044dadd108447e29650086f202ef9138219779d171a57318910482

    Download Submit

  • memory/2792-156-0x0000000000C10000-0x0000000000F2F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2792-153-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-122-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-123-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-124-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-126-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-125-0x0000000000C10000-0x0000000000F2F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2792-128-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-129-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-127-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-132-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-120-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-133-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-130-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-134-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-135-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-136-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-138-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-139-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-137-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-140-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-141-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-142-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-143-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-144-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-145-0x00000000030A0000-0x00000000030E4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2792-147-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-146-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-148-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-149-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-150-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-151-0x0000000000C10000-0x0000000000F2F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2792-152-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-160-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-154-0x0000000000C10000-0x0000000000F2F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2792-155-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-157-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-158-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-131-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-159-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-121-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-161-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-162-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-163-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-164-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-165-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-166-0x0000000000C11000-0x0000000000C13000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2792-167-0x0000000000C11000-0x0000000000C13000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2792-168-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-169-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2792-175-0x0000000000C10000-0x0000000000F2F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2792-190-0x0000000000C10000-0x0000000000F2F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2792-191-0x00000000030A0000-0x00000000030E4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2964-189-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-172-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-184-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-185-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-174-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-176-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-177-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-178-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-180-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-179-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-181-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-171-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-183-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-182-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-173-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-186-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-187-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-188-0x00000000772F0000-0x000000007747E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2964-170-0x0000000000000000-mapping.dmp

    Download

  • memory/3856-227-0x0000000001310000-0x000000000162F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3856-229-0x00000000007B0000-0x00000000007F4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3856-258-0x0000000001310000-0x000000000162F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3856-259-0x0000000001310000-0x000000000162F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3856-260-0x00000000007B0000-0x00000000007F4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3856-261-0x0000000001310000-0x000000000162F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4448-239-0x0000000000000000-mapping.dmp

    Download