Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

dridex

windows10-1703-x64

8

Analysis

  • max time kernel
    138s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/11/2022, 15:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997.exe

  • Size

    324KB

  • MD5

    ba238623aaecea28bc9cf546c7fe4a8f

  • SHA1

    8dde5098006fbfcfa92b61f7a629ec016d1418f6

  • SHA256

    ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997

  • SHA512

    4530f4d85183fa2f71c7dcdf7ed6618e543b4ca2eee08c7fc77364bc6af5a3ead17656ca7dc97827bcd71a05a26e87fdf660a970f49f742def8b9344f8449ef2

  • SSDEEP

    6144:eKlzr1sYCzek2ciDaP9Xk6Ln1W8W/9InBSkZZmLdGcAdgdY6RKpjS:eGhQ2ciDq9ZL1W8q9InBRqELdolRKpj

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997.exe
    "C:\Users\Admin\AppData\Local\Temp\ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Users\Admin\AppData\Local\Temp\ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997.exe
      C:\Users\Admin\AppData\Local\Temp\ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:388
      • C:\Windows\SysWOW64\schtasks.exe
        /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
        3⤵
        • Creates scheduled task(s)
        PID:4108
  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3564
      • C:\Windows\SysWOW64\schtasks.exe
        /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
        3⤵
        • Creates scheduled task(s)
        PID:3884
  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4840
    • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      2⤵
      • Executes dropped EXE
      PID:664
  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:820
    • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      2⤵
      • Executes dropped EXE
      PID:1732

Network

    No results found
  • 20.50.80.210:443
    322 B
     7
  • 67.27.153.254:80
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\oobeldr.exe.log
    Filesize

    789B

    MD5

    db5ef8d7c51bad129d9097bf953e4913

    SHA1

    8439db960aa2d431bf5ec3c37af775b45eb07e06

    SHA256

    1248e67f10b47b397af3c8cbe342bad4be75c68b8e10f4ec6341195cc3138bd9

    SHA512

    04572485790b25e1751347e43b47174051cd153dd75fd55ee5590d25a2579f344cd96cf86cf45bdb7759e3e6d0f734d0ff717148ca70f501b9869e964e036fee

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    324KB

    MD5

    ba238623aaecea28bc9cf546c7fe4a8f

    SHA1

    8dde5098006fbfcfa92b61f7a629ec016d1418f6

    SHA256

    ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997

    SHA512

    4530f4d85183fa2f71c7dcdf7ed6618e543b4ca2eee08c7fc77364bc6af5a3ead17656ca7dc97827bcd71a05a26e87fdf660a970f49f742def8b9344f8449ef2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    324KB

    MD5

    ba238623aaecea28bc9cf546c7fe4a8f

    SHA1

    8dde5098006fbfcfa92b61f7a629ec016d1418f6

    SHA256

    ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997

    SHA512

    4530f4d85183fa2f71c7dcdf7ed6618e543b4ca2eee08c7fc77364bc6af5a3ead17656ca7dc97827bcd71a05a26e87fdf660a970f49f742def8b9344f8449ef2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    324KB

    MD5

    ba238623aaecea28bc9cf546c7fe4a8f

    SHA1

    8dde5098006fbfcfa92b61f7a629ec016d1418f6

    SHA256

    ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997

    SHA512

    4530f4d85183fa2f71c7dcdf7ed6618e543b4ca2eee08c7fc77364bc6af5a3ead17656ca7dc97827bcd71a05a26e87fdf660a970f49f742def8b9344f8449ef2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    324KB

    MD5

    ba238623aaecea28bc9cf546c7fe4a8f

    SHA1

    8dde5098006fbfcfa92b61f7a629ec016d1418f6

    SHA256

    ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997

    SHA512

    4530f4d85183fa2f71c7dcdf7ed6618e543b4ca2eee08c7fc77364bc6af5a3ead17656ca7dc97827bcd71a05a26e87fdf660a970f49f742def8b9344f8449ef2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    324KB

    MD5

    ba238623aaecea28bc9cf546c7fe4a8f

    SHA1

    8dde5098006fbfcfa92b61f7a629ec016d1418f6

    SHA256

    ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997

    SHA512

    4530f4d85183fa2f71c7dcdf7ed6618e543b4ca2eee08c7fc77364bc6af5a3ead17656ca7dc97827bcd71a05a26e87fdf660a970f49f742def8b9344f8449ef2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    324KB

    MD5

    ba238623aaecea28bc9cf546c7fe4a8f

    SHA1

    8dde5098006fbfcfa92b61f7a629ec016d1418f6

    SHA256

    ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997

    SHA512

    4530f4d85183fa2f71c7dcdf7ed6618e543b4ca2eee08c7fc77364bc6af5a3ead17656ca7dc97827bcd71a05a26e87fdf660a970f49f742def8b9344f8449ef2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    324KB

    MD5

    ba238623aaecea28bc9cf546c7fe4a8f

    SHA1

    8dde5098006fbfcfa92b61f7a629ec016d1418f6

    SHA256

    ad24ffe7165218ceb872cb1cd99de072b159e44d4f367e23d750f5b631ab1997

    SHA512

    4530f4d85183fa2f71c7dcdf7ed6618e543b4ca2eee08c7fc77364bc6af5a3ead17656ca7dc97827bcd71a05a26e87fdf660a970f49f742def8b9344f8449ef2

    Download Submit

  • memory/388-184-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-183-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-227-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/388-186-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-185-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-173-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/388-175-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-182-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-181-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-176-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-177-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-179-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-136-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-169-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-140-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-141-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-142-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-143-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-144-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-145-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-146-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-147-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-148-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-149-0x0000000000290000-0x00000000002E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2664-150-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-151-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-152-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-153-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-154-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-155-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-156-0x0000000006F80000-0x000000000704C000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2664-157-0x0000000007550000-0x0000000007A4E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2664-158-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-159-0x00000000070F0000-0x0000000007182000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2664-160-0x0000000007050000-0x0000000007056000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2664-161-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-162-0x0000000007390000-0x0000000007406000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2664-163-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-164-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-165-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-166-0x00000000070A0000-0x00000000070BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2664-167-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-168-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-139-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-170-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-171-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-172-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-138-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-137-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-115-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-178-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-135-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-134-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-133-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-132-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-131-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-130-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-129-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-128-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-127-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-116-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-126-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-124-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-125-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-117-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-123-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-118-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-122-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-121-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-120-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2664-119-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.