Overview

overview

7

Static

static

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    170s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12-10-2022 06:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72578c2b3a5a8936c76296ee586ebbeb3bdc284f8635e917d8bc39a1a36d65ec.exe

  • Size

    1.7MB

  • MD5

    c867696196477b5be6bd78c138a90d29

  • SHA1

    6ea0d4a9b6492269c484483c1ab7aeb0e9caaa88

  • SHA256

    72578c2b3a5a8936c76296ee586ebbeb3bdc284f8635e917d8bc39a1a36d65ec

  • SHA512

    aa7f80ec87ed3baf68cfd05c9f089885280df9d0a950a12c153599571f72fffe65feef6cbfe0759f0dc93c47297f4da31a6b985d16d4434795039a9b01462e87

  • SSDEEP

    49152:KyrPgD7u9yTnMpUV1PCkfIYUw9F35bq2B9HioFqhkulR:KyrGzTMOPClY5335xrHPgR

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72578c2b3a5a8936c76296ee586ebbeb3bdc284f8635e917d8bc39a1a36d65ec.exe
    "C:\Users\Admin\AppData\Local\Temp\72578c2b3a5a8936c76296ee586ebbeb3bdc284f8635e917d8bc39a1a36d65ec.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe" .\OEUV.UFd
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4108
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL .\OEUV.UFd
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2016
        • C:\Windows\system32\RunDll32.exe
          C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL .\OEUV.UFd
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2820
          • C:\Windows\SysWOW64\rundll32.exe
            "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 .\OEUV.UFd
            5⤵
            • Loads dropped DLL
            PID:4492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\OEUV.UFd
    Filesize

    1.8MB

    MD5

    5170e8fb133313790e5fcaba6578af45

    SHA1

    cfb5e42bf18baa3a0dd520784c070f71eff61e0b

    SHA256

    36cf0c81e55e2d7dda843af20db64bce8f808d75482f6f4abbfbcb8121e81d47

    SHA512

    d4383ccd8c667a3876daf1f6abda10d860e5568497ef40dd657221f52314ddaa73d5ad376307fb9b11ae0082fdff83a9b932655dd90f038d226aabd521f72a07

    Download Submit

  • \Users\Admin\AppData\Local\Temp\oeUV.UFd
    Filesize

    1.8MB

    MD5

    5170e8fb133313790e5fcaba6578af45

    SHA1

    cfb5e42bf18baa3a0dd520784c070f71eff61e0b

    SHA256

    36cf0c81e55e2d7dda843af20db64bce8f808d75482f6f4abbfbcb8121e81d47

    SHA512

    d4383ccd8c667a3876daf1f6abda10d860e5568497ef40dd657221f52314ddaa73d5ad376307fb9b11ae0082fdff83a9b932655dd90f038d226aabd521f72a07

    Download Submit

  • \Users\Admin\AppData\Local\Temp\oeUV.UFd
    Filesize

    1.8MB

    MD5

    5170e8fb133313790e5fcaba6578af45

    SHA1

    cfb5e42bf18baa3a0dd520784c070f71eff61e0b

    SHA256

    36cf0c81e55e2d7dda843af20db64bce8f808d75482f6f4abbfbcb8121e81d47

    SHA512

    d4383ccd8c667a3876daf1f6abda10d860e5568497ef40dd657221f52314ddaa73d5ad376307fb9b11ae0082fdff83a9b932655dd90f038d226aabd521f72a07

    Download Submit

  • memory/2016-227-0x0000000000000000-mapping.dmp

    Download

  • memory/2016-273-0x0000000005110000-0x00000000052A0000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2016-274-0x00000000053F0000-0x000000000553B000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2016-334-0x00000000053F0000-0x000000000553B000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2716-153-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-127-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-123-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-124-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-126-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-157-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-128-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-129-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-130-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-131-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-158-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-133-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-134-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-135-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-136-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-137-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-138-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-139-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-140-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-141-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-142-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-143-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-144-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-145-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-146-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-147-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-148-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-149-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-150-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-156-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-152-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-120-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-154-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-155-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-151-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-121-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-132-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-159-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-160-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-161-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-162-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-163-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-164-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-165-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-166-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-167-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-168-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-169-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-170-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-171-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-172-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-173-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-174-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-175-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-176-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-177-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-178-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-179-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-180-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-181-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-182-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-118-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-119-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2820-280-0x0000000000000000-mapping.dmp

    Download

  • memory/4108-184-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4108-183-0x0000000000000000-mapping.dmp

    Download

  • memory/4492-281-0x0000000000000000-mapping.dmp

    Download

  • memory/4492-326-0x00000000053F0000-0x0000000005580000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4492-327-0x00000000056D0000-0x000000000581B000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4492-333-0x00000000056D0000-0x000000000581B000-memory.dmp

    Filesize

    1.3MB

    Download