Overview

overview

8

Static

static

dridex

windows10-2004-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2022, 05:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357.exe

  • Size

    326KB

  • MD5

    4207ea3533379ee1e43fac874a2ab150

  • SHA1

    7d0f667a36c668311ecf6e7c1270641b745c0b65

  • SHA256

    0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357

  • SHA512

    4c6981d31e4febd4ee25055e0d5ac4d35d4e7b51ccf599714fd2c16a946a191b08ad7b89d99de122e98b94dc50ce080595dfd4b5bac354511fb9b6d7f14f1710

  • SSDEEP

    6144:eKlzr1sYCzek2ciDaP9Xk6Ln1W8W/9InBSkZZmLdGcAdgdY6RKpjS:eGhQ2ciDq9ZL1W8q9InBRqELdolRKpj

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 7 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 45 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357.exe
    "C:\Users\Admin\AppData\Local\Temp\0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Users\Admin\AppData\Local\Temp\0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357.exe
      C:\Users\Admin\AppData\Local\Temp\0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1488
      • C:\Windows\SysWOW64\schtasks.exe
        /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
        3⤵
        • Creates scheduled task(s)
        PID:4896
  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3764
      • C:\Windows\SysWOW64\schtasks.exe
        /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
        3⤵
        • Creates scheduled task(s)
        PID:2132
  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      2⤵
      • Executes dropped EXE
      PID:396
  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      2⤵
      • Executes dropped EXE
      PID:4772
    • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
      2⤵
      • Executes dropped EXE
      PID:4024

Network

    No results found
  • 93.184.220.29:80
    322 B
     7
  • 52.168.112.66:443
    322 B
     7
  • 8.252.51.254:80
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\oobeldr.exe.log
    Filesize

    789B

    MD5

    03d2df1e8834bc4ec1756735429b458c

    SHA1

    4ee6c0f5b04c8e0c5076219c5724032daab11d40

    SHA256

    745ab70552d9a0463b791fd8dc1942838ac3e34fb1a68f09ed3766c7e3b05631

    SHA512

    2482c3d4478125ccbc7f224f50e86b7bf925ed438b59f4dce57b9b6bcdb59df51417049096b131b6b911173550eed98bc92aba7050861de303a692f0681b197b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    326KB

    MD5

    4207ea3533379ee1e43fac874a2ab150

    SHA1

    7d0f667a36c668311ecf6e7c1270641b745c0b65

    SHA256

    0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357

    SHA512

    4c6981d31e4febd4ee25055e0d5ac4d35d4e7b51ccf599714fd2c16a946a191b08ad7b89d99de122e98b94dc50ce080595dfd4b5bac354511fb9b6d7f14f1710

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    326KB

    MD5

    4207ea3533379ee1e43fac874a2ab150

    SHA1

    7d0f667a36c668311ecf6e7c1270641b745c0b65

    SHA256

    0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357

    SHA512

    4c6981d31e4febd4ee25055e0d5ac4d35d4e7b51ccf599714fd2c16a946a191b08ad7b89d99de122e98b94dc50ce080595dfd4b5bac354511fb9b6d7f14f1710

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    326KB

    MD5

    4207ea3533379ee1e43fac874a2ab150

    SHA1

    7d0f667a36c668311ecf6e7c1270641b745c0b65

    SHA256

    0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357

    SHA512

    4c6981d31e4febd4ee25055e0d5ac4d35d4e7b51ccf599714fd2c16a946a191b08ad7b89d99de122e98b94dc50ce080595dfd4b5bac354511fb9b6d7f14f1710

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    326KB

    MD5

    4207ea3533379ee1e43fac874a2ab150

    SHA1

    7d0f667a36c668311ecf6e7c1270641b745c0b65

    SHA256

    0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357

    SHA512

    4c6981d31e4febd4ee25055e0d5ac4d35d4e7b51ccf599714fd2c16a946a191b08ad7b89d99de122e98b94dc50ce080595dfd4b5bac354511fb9b6d7f14f1710

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    326KB

    MD5

    4207ea3533379ee1e43fac874a2ab150

    SHA1

    7d0f667a36c668311ecf6e7c1270641b745c0b65

    SHA256

    0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357

    SHA512

    4c6981d31e4febd4ee25055e0d5ac4d35d4e7b51ccf599714fd2c16a946a191b08ad7b89d99de122e98b94dc50ce080595dfd4b5bac354511fb9b6d7f14f1710

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    326KB

    MD5

    4207ea3533379ee1e43fac874a2ab150

    SHA1

    7d0f667a36c668311ecf6e7c1270641b745c0b65

    SHA256

    0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357

    SHA512

    4c6981d31e4febd4ee25055e0d5ac4d35d4e7b51ccf599714fd2c16a946a191b08ad7b89d99de122e98b94dc50ce080595dfd4b5bac354511fb9b6d7f14f1710

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    326KB

    MD5

    4207ea3533379ee1e43fac874a2ab150

    SHA1

    7d0f667a36c668311ecf6e7c1270641b745c0b65

    SHA256

    0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357

    SHA512

    4c6981d31e4febd4ee25055e0d5ac4d35d4e7b51ccf599714fd2c16a946a191b08ad7b89d99de122e98b94dc50ce080595dfd4b5bac354511fb9b6d7f14f1710

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
    Filesize

    326KB

    MD5

    4207ea3533379ee1e43fac874a2ab150

    SHA1

    7d0f667a36c668311ecf6e7c1270641b745c0b65

    SHA256

    0c3daa58cdc0ff7bb6f135636744103c1ec0ef2cd673b8eff53a8a7d857e1357

    SHA512

    4c6981d31e4febd4ee25055e0d5ac4d35d4e7b51ccf599714fd2c16a946a191b08ad7b89d99de122e98b94dc50ce080595dfd4b5bac354511fb9b6d7f14f1710

    Download Submit

  • memory/1488-142-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1488-140-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1488-138-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5072-135-0x0000000007470000-0x00000000074E6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/5072-134-0x00000000071D0000-0x0000000007262000-memory.dmp

    Filesize

    584KB

    Download

  • memory/5072-132-0x00000000001B0000-0x0000000000206000-memory.dmp

    Filesize

    344KB

    Download

  • memory/5072-133-0x00000000076E0000-0x0000000007C84000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/5072-136-0x0000000007150000-0x000000000716E000-memory.dmp

    Filesize

    120KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.