Overview

overview

7

Static

static

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    54s
  • max time network
    53s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23-11-2022 08:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fed042754f65811f3d6caaf6847be23bfffb6c907c575fc29ff360f3237d8e09.exe

  • Size

    1.6MB

  • MD5

    dd0726d609aef9503c138b881d9aaee2

  • SHA1

    1c871511ab0200bf9ae9503483ec1354db21e522

  • SHA256

    fed042754f65811f3d6caaf6847be23bfffb6c907c575fc29ff360f3237d8e09

  • SHA512

    97125986e5b672151dd540cb3383910babc41df72d11a3fd9d75ad648edf7bcdbc43c86ade0807d10ff826bce0ea42ad5006260ae2007a8ab70bbaab19348390

  • SSDEEP

    24576:4ry2uXzmVLxtW/BXgJWNnh5F9UPdxVi3wJZiTPEYZe6RWJLODQtcHNSuxd3fcw/3:4un0WJXzNnhDisAJZiwYZvQpu/vz/dz9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fed042754f65811f3d6caaf6847be23bfffb6c907c575fc29ff360f3237d8e09.exe
    "C:\Users\Admin\AppData\Local\Temp\fed042754f65811f3d6caaf6847be23bfffb6c907c575fc29ff360f3237d8e09.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3512
    • C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\ZS98f.CPl",
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3596
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\ZS98f.CPl",
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:4552
        • C:\Windows\system32\RunDll32.exe
          C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\ZS98f.CPl",
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3076
          • C:\Windows\SysWOW64\rundll32.exe
            "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\ZS98f.CPl",
            5⤵
            • Loads dropped DLL
            PID:4760

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ZS98f.CPl
    Filesize

    1.7MB

    MD5

    2d651abc49d33447713b0fd34f221ae8

    SHA1

    a20738055f2e9e14baec621d9c0f2fee612414ed

    SHA256

    631576338236d320ffffe02311493bad49605b5b93fe7a227888553de26ee35b

    SHA512

    d37ad62467e3bfb0aa39c8e593b53453f4f69868cc5e5f40256d96809410921171edb8882d0749d763538c5ef9a48ffaff7d59da48e8c9412abc856115a17c1e

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Zs98f.cpl
    Filesize

    1.7MB

    MD5

    2d651abc49d33447713b0fd34f221ae8

    SHA1

    a20738055f2e9e14baec621d9c0f2fee612414ed

    SHA256

    631576338236d320ffffe02311493bad49605b5b93fe7a227888553de26ee35b

    SHA512

    d37ad62467e3bfb0aa39c8e593b53453f4f69868cc5e5f40256d96809410921171edb8882d0749d763538c5ef9a48ffaff7d59da48e8c9412abc856115a17c1e

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Zs98f.cpl
    Filesize

    1.7MB

    MD5

    2d651abc49d33447713b0fd34f221ae8

    SHA1

    a20738055f2e9e14baec621d9c0f2fee612414ed

    SHA256

    631576338236d320ffffe02311493bad49605b5b93fe7a227888553de26ee35b

    SHA512

    d37ad62467e3bfb0aa39c8e593b53453f4f69868cc5e5f40256d96809410921171edb8882d0749d763538c5ef9a48ffaff7d59da48e8c9412abc856115a17c1e

    Download Submit
  • memory/3076-285-0x0000000000000000-mapping.dmp
    Download
  • memory/3512-152-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-160-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-119-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-120-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-122-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-155-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-125-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-126-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-127-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-128-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-129-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-130-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-131-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-132-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-133-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-134-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-135-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-136-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-137-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-138-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-139-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-140-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-141-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-142-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-143-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-144-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-145-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-146-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-147-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-148-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-150-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-151-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-149-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-153-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-117-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-154-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-123-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-156-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-118-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-158-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-159-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-157-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-161-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-162-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-163-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-164-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-165-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-166-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-167-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-168-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-171-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-169-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-170-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-172-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-174-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-175-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-173-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-176-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-177-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-178-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-180-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-181-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-179-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3512-182-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3596-183-0x0000000000000000-mapping.dmp
    Download
  • memory/4552-228-0x0000000000000000-mapping.dmp
    Download
  • memory/4552-277-0x00000000056A0000-0x00000000057B5000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4552-276-0x0000000005440000-0x000000000557B000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/4552-344-0x00000000056A0000-0x00000000057B5000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4760-286-0x0000000000000000-mapping.dmp
    Download
  • memory/4760-333-0x0000000004C90000-0x0000000004DCB000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/4760-334-0x0000000004EF0000-0x0000000005005000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4760-342-0x0000000004EF0000-0x0000000005005000-memory.dmp
    Filesize

    1.1MB

    Download