Overview

overview

3

Static

static

dridex

windows10-2004-x64

3

Analysis

  • max time kernel
    179s
  • max time network
    220s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-10-2022 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    839e99c28e35ad517a31e9d060a9b63b0be6b20d6dcade0277e58bd45ccde605.exe

  • Size

    4.7MB

  • MD5

    d9811853511b54d126bbca234a271f33

  • SHA1

    e3898523c441129037f65fa91a43aa69719c5621

  • SHA256

    839e99c28e35ad517a31e9d060a9b63b0be6b20d6dcade0277e58bd45ccde605

  • SHA512

    8858dca977febf35761b4be1ba902d574303c93e408d30c850ff4d11f27bec6258e35239dd948fac5e23386eda4f3d3f83a844248dd943fd577dc31bc52768be

  • SSDEEP

    98304:z2hMpKO+6PbFmS3VjVEOeTtJaAbLECnrZXJT7:z7bFmS3VjVEOeTtJHbdnrz7

Score
3/10

Malware Config

Signatures

  • Program crash 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\839e99c28e35ad517a31e9d060a9b63b0be6b20d6dcade0277e58bd45ccde605.exe
    "C:\Users\Admin\AppData\Local\Temp\839e99c28e35ad517a31e9d060a9b63b0be6b20d6dcade0277e58bd45ccde605.exe"
    1⤵
      PID:5028
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 536
        2⤵
        • Program crash
        PID:1132
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 540
        2⤵
        • Program crash
        PID:2876
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 556
        2⤵
        • Program crash
        PID:2584
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 564
        2⤵
        • Program crash
        PID:3948
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 632
        2⤵
        • Program crash
        PID:2212
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5028 -ip 5028
      1⤵
        PID:3452
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5028 -ip 5028
        1⤵
          PID:3684
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5028 -ip 5028
          1⤵
            PID:3400
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5028 -ip 5028
            1⤵
              PID:2944
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5028 -ip 5028
              1⤵
                PID:3728

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/5028-132-0x0000000003110000-0x0000000003557000-memory.dmp

                Filesize

                4.3MB

                Download

              • memory/5028-133-0x0000000000400000-0x00000000008BC000-memory.dmp

                Filesize

                4.7MB

                Download

              • memory/5028-134-0x0000000000400000-0x00000000008BC000-memory.dmp

                Filesize

                4.7MB

                Download