Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

dridex

windows10-1703-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    65s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/10/2022, 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63bd3849c22e909ae7abb8b685dc96c1fc472152d5d1d9b178cff71d0339fbd2.exe

  • Size

    229KB

  • MD5

    764e8dff28153e0f82e22e1d4034a7c5

  • SHA1

    314efb3d4fd4599a9a47261663b2c8e0e1e1c699

  • SHA256

    63bd3849c22e909ae7abb8b685dc96c1fc472152d5d1d9b178cff71d0339fbd2

  • SHA512

    a34b3f939a19e155934fba78099e038c4d6acf0eef9efebbd114c95ec0a043353b2079b571fe89b07ada62272b2f25c996ee4b959451ee0a4e8b7a1e3432e4dc

  • SSDEEP

    3072:HJJ/Tsb7pI0SFL6wyKW6dXGgWsknxOEtcvaGRnAug1VoIevxdG:HJpY9IL/yK/d2nrCvnRIUIevx

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63bd3849c22e909ae7abb8b685dc96c1fc472152d5d1d9b178cff71d0339fbd2.exe
    "C:\Users\Admin\AppData\Local\Temp\63bd3849c22e909ae7abb8b685dc96c1fc472152d5d1d9b178cff71d0339fbd2.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1684
  • C:\Users\Admin\AppData\Roaming\rjddaut
    C:\Users\Admin\AppData\Roaming\rjddaut
    1⤵
    • Executes dropped EXE
    PID:3028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\rjddaut
    Filesize

    229KB

    MD5

    764e8dff28153e0f82e22e1d4034a7c5

    SHA1

    314efb3d4fd4599a9a47261663b2c8e0e1e1c699

    SHA256

    63bd3849c22e909ae7abb8b685dc96c1fc472152d5d1d9b178cff71d0339fbd2

    SHA512

    a34b3f939a19e155934fba78099e038c4d6acf0eef9efebbd114c95ec0a043353b2079b571fe89b07ada62272b2f25c996ee4b959451ee0a4e8b7a1e3432e4dc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\rjddaut
    Filesize

    229KB

    MD5

    764e8dff28153e0f82e22e1d4034a7c5

    SHA1

    314efb3d4fd4599a9a47261663b2c8e0e1e1c699

    SHA256

    63bd3849c22e909ae7abb8b685dc96c1fc472152d5d1d9b178cff71d0339fbd2

    SHA512

    a34b3f939a19e155934fba78099e038c4d6acf0eef9efebbd114c95ec0a043353b2079b571fe89b07ada62272b2f25c996ee4b959451ee0a4e8b7a1e3432e4dc

    Download Submit

  • memory/1684-120-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-121-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-122-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-123-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-124-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-125-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-126-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-127-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-128-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-129-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-130-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-131-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-132-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-133-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-134-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-135-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-136-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-137-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-138-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-139-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-140-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-144-0x00000000005A0000-0x00000000006EA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1684-143-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-146-0x0000000000400000-0x0000000000596000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-145-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-142-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-141-0x0000000000871000-0x0000000000881000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1684-147-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-148-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-149-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-150-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-151-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-152-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-153-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-154-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-155-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1684-156-0x0000000000871000-0x0000000000881000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1684-157-0x0000000000400000-0x0000000000596000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-159-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-160-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-161-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-162-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-163-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-164-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-165-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-168-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-169-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-170-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-171-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-172-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-173-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-174-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-175-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-176-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-177-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-179-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-183-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-185-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-188-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-191-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-190-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-189-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-187-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-186-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-184-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-182-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-181-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-180-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3028-178-0x0000000077390000-0x000000007751E000-memory.dmp

    Filesize

    1.6MB

    Download