Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

dridex

windows10-1703-x64

8

Analysis

  • max time kernel
    97s
  • max time network
    64s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/11/2022, 01:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4.exe

  • Size

    325KB

  • MD5

    9415eafe41baa147f30d1b5d76fb97d2

  • SHA1

    892ec3e5b6f6723e419254fafcc9b11e4e0cfb0c

  • SHA256

    aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4

  • SHA512

    a5638b52390b5123f94c3a6e6743f188ebbecd3e298cda2a8bce7cdc9ddc4f69fdd138bf2a56e245eb393e66c583fcc8a8e4af83a82b0634f4f1fb55726c27e4

  • SSDEEP

    6144:eKlzr1sYCzek2ciDaP9Xk6Ln1W8W/9InBSkZZmLdGcAdgdY6RKpjS:eGhQ2ciDq9ZL1W8q9InBRqELdolRKpj

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4.exe
    "C:\Users\Admin\AppData\Local\Temp\aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Users\Admin\AppData\Local\Temp\aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4.exe
      C:\Users\Admin\AppData\Local\Temp\aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4.exe
      2⤵
        PID:2028
      • C:\Users\Admin\AppData\Local\Temp\aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4.exe
        C:\Users\Admin\AppData\Local\Temp\aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4.exe
        2⤵
          PID:2264
        • C:\Users\Admin\AppData\Local\Temp\aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4.exe
          C:\Users\Admin\AppData\Local\Temp\aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4.exe
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2536
          • C:\Windows\SysWOW64\schtasks.exe
            /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
            3⤵
            • Creates scheduled task(s)
            PID:4352
      • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4984
        • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
          C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
          2⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4960
          • C:\Windows\SysWOW64\schtasks.exe
            /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
            3⤵
            • Creates scheduled task(s)
            PID:4572
      • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:1872
        • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
          C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
          2⤵
          • Executes dropped EXE
          PID:1504

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\oobeldr.exe.log
        Filesize

        789B

        MD5

        db5ef8d7c51bad129d9097bf953e4913

        SHA1

        8439db960aa2d431bf5ec3c37af775b45eb07e06

        SHA256

        1248e67f10b47b397af3c8cbe342bad4be75c68b8e10f4ec6341195cc3138bd9

        SHA512

        04572485790b25e1751347e43b47174051cd153dd75fd55ee5590d25a2579f344cd96cf86cf45bdb7759e3e6d0f734d0ff717148ca70f501b9869e964e036fee

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
        Filesize

        325KB

        MD5

        9415eafe41baa147f30d1b5d76fb97d2

        SHA1

        892ec3e5b6f6723e419254fafcc9b11e4e0cfb0c

        SHA256

        aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4

        SHA512

        a5638b52390b5123f94c3a6e6743f188ebbecd3e298cda2a8bce7cdc9ddc4f69fdd138bf2a56e245eb393e66c583fcc8a8e4af83a82b0634f4f1fb55726c27e4

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
        Filesize

        325KB

        MD5

        9415eafe41baa147f30d1b5d76fb97d2

        SHA1

        892ec3e5b6f6723e419254fafcc9b11e4e0cfb0c

        SHA256

        aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4

        SHA512

        a5638b52390b5123f94c3a6e6743f188ebbecd3e298cda2a8bce7cdc9ddc4f69fdd138bf2a56e245eb393e66c583fcc8a8e4af83a82b0634f4f1fb55726c27e4

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
        Filesize

        325KB

        MD5

        9415eafe41baa147f30d1b5d76fb97d2

        SHA1

        892ec3e5b6f6723e419254fafcc9b11e4e0cfb0c

        SHA256

        aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4

        SHA512

        a5638b52390b5123f94c3a6e6743f188ebbecd3e298cda2a8bce7cdc9ddc4f69fdd138bf2a56e245eb393e66c583fcc8a8e4af83a82b0634f4f1fb55726c27e4

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
        Filesize

        325KB

        MD5

        9415eafe41baa147f30d1b5d76fb97d2

        SHA1

        892ec3e5b6f6723e419254fafcc9b11e4e0cfb0c

        SHA256

        aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4

        SHA512

        a5638b52390b5123f94c3a6e6743f188ebbecd3e298cda2a8bce7cdc9ddc4f69fdd138bf2a56e245eb393e66c583fcc8a8e4af83a82b0634f4f1fb55726c27e4

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
        Filesize

        325KB

        MD5

        9415eafe41baa147f30d1b5d76fb97d2

        SHA1

        892ec3e5b6f6723e419254fafcc9b11e4e0cfb0c

        SHA256

        aa36ab39b81eb7cb5c93b1051ae9db490f8b4214a8073f67f0fd2ea0ea5bb9f4

        SHA512

        a5638b52390b5123f94c3a6e6743f188ebbecd3e298cda2a8bce7cdc9ddc4f69fdd138bf2a56e245eb393e66c583fcc8a8e4af83a82b0634f4f1fb55726c27e4

        Download Submit

      • memory/2536-190-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2536-232-0x0000000000400000-0x0000000000406000-memory.dmp

        Filesize

        24KB

        Download

      • memory/2536-191-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2536-178-0x0000000000400000-0x0000000000406000-memory.dmp

        Filesize

        24KB

        Download

      • memory/2536-189-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2536-188-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2536-187-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2536-185-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2536-183-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2536-182-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2536-181-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2536-180-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-140-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-171-0x0000000004A50000-0x0000000004A6E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2744-142-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-143-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-144-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-145-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-146-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-147-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-148-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-149-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-150-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-151-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-152-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-153-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-154-0x00000000001B0000-0x0000000000206000-memory.dmp

        Filesize

        344KB

        Download

      • memory/2744-155-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-156-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-157-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-158-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-159-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-160-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-161-0x0000000004B90000-0x0000000004C5C000-memory.dmp

        Filesize

        816KB

        Download

      • memory/2744-162-0x0000000007510000-0x0000000007A0E000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/2744-163-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-164-0x00000000070B0000-0x0000000007142000-memory.dmp

        Filesize

        584KB

        Download

      • memory/2744-165-0x0000000004A00000-0x0000000004A06000-memory.dmp

        Filesize

        24KB

        Download

      • memory/2744-166-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-167-0x0000000007350000-0x00000000073C6000-memory.dmp

        Filesize

        472KB

        Download

      • memory/2744-168-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-169-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-170-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-141-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-172-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-173-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-174-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-175-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-176-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-177-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-120-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-139-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-138-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-137-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-136-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-135-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-134-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-186-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-133-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-132-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-131-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-130-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-129-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-121-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-128-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-127-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-126-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-122-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-125-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-123-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2744-124-0x0000000076F80000-0x000000007710E000-memory.dmp

        Filesize

        1.6MB

        Download