Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    980b574cdf4c4f7249d7c1e065246a48b56727368b20cf5a03aa284d236b5bbf.exe

  • Size

    1.7MB

  • MD5

    369c9c77c1643975a9c093c3f776c2ac

  • SHA1

    8a079e78eab762336d2250e04b628711da89a464

  • SHA256

    980b574cdf4c4f7249d7c1e065246a48b56727368b20cf5a03aa284d236b5bbf

  • SHA512

    593ee7d4f6f4e02a808108f37a9daed770d410e080ec3097c40b8de30eb30c30d16a495cae3fcc7801e3b981d01fe6213a5143665a70f34bf45e7bf83b2b2972

  • SSDEEP

    49152:zunBfk3AMQE4g2FHTy9rZnXEjPtzQqVsXk+keT:zKBfk3ADh1arZn0jPtzd+kQ

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\980b574cdf4c4f7249d7c1e065246a48b56727368b20cf5a03aa284d236b5bbf.exe
    "C:\Users\Admin\AppData\Local\Temp\980b574cdf4c4f7249d7c1e065246a48b56727368b20cf5a03aa284d236b5bbf.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3500
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\System32\msiexec.exe" -Y .\V_YWT.d
      2⤵
      • Loads dropped DLL
      PID:4688

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\V_YWT.d
    Filesize

    2.1MB

    MD5

    14aaa15ee8eabc0498dcc092ca789169

    SHA1

    8e053cf4dbc7bed60d34e445bac5fc956f9dc03b

    SHA256

    a8d3d3608d0112d94ea78be633e9202744851d37ce84fa161487a8349124eafd

    SHA512

    a461e51cdb7de0a0bab2473c0a8808b53bb7c92da96fde70a7a6c5b97d6e30d7eb5a4504b6a2d4292129c313e97ac81d4ef9c0ab8ce04b1c392d943d4e27bf5f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\v_yWT.d
    Filesize

    2.1MB

    MD5

    14aaa15ee8eabc0498dcc092ca789169

    SHA1

    8e053cf4dbc7bed60d34e445bac5fc956f9dc03b

    SHA256

    a8d3d3608d0112d94ea78be633e9202744851d37ce84fa161487a8349124eafd

    SHA512

    a461e51cdb7de0a0bab2473c0a8808b53bb7c92da96fde70a7a6c5b97d6e30d7eb5a4504b6a2d4292129c313e97ac81d4ef9c0ab8ce04b1c392d943d4e27bf5f

    Download Submit
  • memory/4688-132-0x0000000000000000-mapping.dmp
    Download
  • memory/4688-135-0x00000000032E0000-0x0000000003493000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/4688-136-0x00000000035E0000-0x0000000003721000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/4688-137-0x0000000003730000-0x00000000037FF000-memory.dmp
    Filesize

    828KB

    Download
  • memory/4688-138-0x0000000003800000-0x00000000038BC000-memory.dmp
    Filesize

    752KB

    Download
  • memory/4688-139-0x0000000003800000-0x00000000038BC000-memory.dmp
    Filesize

    752KB

    Download
  • memory/4688-141-0x00000000035E0000-0x0000000003721000-memory.dmp
    Filesize

    1.3MB

    Download