Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 21:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40eba0cd59939801bacfa65093668febd00477a6202947e7b4c50c2adc8a6e47.exe

  • Size

    1.7MB

  • MD5

    cf99ac3ff913b21c8f7e309e7589485b

  • SHA1

    97df8344531340b4bd416b2902cbe92660a45213

  • SHA256

    40eba0cd59939801bacfa65093668febd00477a6202947e7b4c50c2adc8a6e47

  • SHA512

    e6da24d61b805e344052c950fe08532cd7e9807bbc61da3978f1ab2e383a1e6cf5edd8d7742c0e1e743983f124a25022f4cd8fe9bf2bea0d4aa75d21edcef6bf

  • SSDEEP

    24576:VLeTtjJF5HrKlXJPbQNHjEbMUajd0W0gwP3R4tn3yxgqLLk4y4ipdXBYvDaDBBZP:VLYgl2D7DGPhnxgWwD4ipbweP93wY

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40eba0cd59939801bacfa65093668febd00477a6202947e7b4c50c2adc8a6e47.exe
    "C:\Users\Admin\AppData\Local\Temp\40eba0cd59939801bacfa65093668febd00477a6202947e7b4c50c2adc8a6e47.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4324
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" VrkuI~m.4v -u -s
      2⤵
      • Loads dropped DLL
      PID:4684

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\VrkuI~m.4v
    Filesize

    1.7MB

    MD5

    6878abf780ac97e70d76d7d0d23a0c7d

    SHA1

    370ef69d569bf4ac7d0a77ea5414a7aeae1eb899

    SHA256

    c8c9fb51850044cb7e1e9e00943530d26dd177ed9f2e49b395bbcbe8cc3e205a

    SHA512

    0e516a356e34abdfb89423553446386d85efc2259ac3df5e12d42767979090c4152e7ec56337afaa64a5bbb6c47c7db183875295faac8350aa8b90c1fac7f3fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\VrkuI~m.4v
    Filesize

    1.7MB

    MD5

    6878abf780ac97e70d76d7d0d23a0c7d

    SHA1

    370ef69d569bf4ac7d0a77ea5414a7aeae1eb899

    SHA256

    c8c9fb51850044cb7e1e9e00943530d26dd177ed9f2e49b395bbcbe8cc3e205a

    SHA512

    0e516a356e34abdfb89423553446386d85efc2259ac3df5e12d42767979090c4152e7ec56337afaa64a5bbb6c47c7db183875295faac8350aa8b90c1fac7f3fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\VrkuI~m.4v
    Filesize

    1.7MB

    MD5

    6878abf780ac97e70d76d7d0d23a0c7d

    SHA1

    370ef69d569bf4ac7d0a77ea5414a7aeae1eb899

    SHA256

    c8c9fb51850044cb7e1e9e00943530d26dd177ed9f2e49b395bbcbe8cc3e205a

    SHA512

    0e516a356e34abdfb89423553446386d85efc2259ac3df5e12d42767979090c4152e7ec56337afaa64a5bbb6c47c7db183875295faac8350aa8b90c1fac7f3fb

    Download Submit

  • memory/4684-136-0x0000000002950000-0x0000000002B13000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4684-137-0x0000000002E80000-0x0000000002F94000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4684-138-0x00000000030C0000-0x00000000031D4000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4684-139-0x0000000002850000-0x0000000002918000-memory.dmp

    Filesize

    800KB

    Download

  • memory/4684-140-0x00000000031E0000-0x0000000003293000-memory.dmp

    Filesize

    716KB

    Download

  • memory/4684-143-0x00000000030C0000-0x00000000031D4000-memory.dmp

    Filesize

    1.1MB

    Download