Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    164s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c1ac743680aa468af5eb66def451451869d0ad95f5de9e8dddce6205a8bb823.exe

  • Size

    1.7MB

  • MD5

    0a15e92b6919f122ad190262bce838b7

  • SHA1

    f58e111a99199afbd8b9011c0c4324f8a4199cce

  • SHA256

    9c1ac743680aa468af5eb66def451451869d0ad95f5de9e8dddce6205a8bb823

  • SHA512

    005ae7623848370d78e6f18f73be1d2cf488561c4e0086bed4bd41f15d939e3c3381fbd4bb321b9440621ddb3f1d00ec7b768d406773d4b1937eb347355f3247

  • SSDEEP

    49152:zuneyh+3QyLwdanzxSiy11Ej0tmflFeXd+kazPV:zKeyhDyLftkuj0tm0+ku

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c1ac743680aa468af5eb66def451451869d0ad95f5de9e8dddce6205a8bb823.exe
    "C:\Users\Admin\AppData\Local\Temp\9c1ac743680aa468af5eb66def451451869d0ad95f5de9e8dddce6205a8bb823.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\System32\msiexec.exe" -Y .\V_YWT.d
      2⤵
      • Loads dropped DLL
      PID:2992

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\V_YWT.d
    Filesize

    2.1MB

    MD5

    40f11efae5438bac9dcd69526e40e6c4

    SHA1

    e57a842bcb8749cc632b68d88a8e46d5126feb7b

    SHA256

    6b640e93f12cd570bb2b8bf41d3cbf99e63762e3bc6717782ce59dc4af6ed877

    SHA512

    5ef3c96f1c095c8bec73f0681ec3cfc8e688ca8508c6ab9b776e03ed9580f35382ae3ef16814477e959fb21499d228b93dc0e35f0058a054e94169cfa6ca3952

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\v_yWT.d
    Filesize

    2.1MB

    MD5

    40f11efae5438bac9dcd69526e40e6c4

    SHA1

    e57a842bcb8749cc632b68d88a8e46d5126feb7b

    SHA256

    6b640e93f12cd570bb2b8bf41d3cbf99e63762e3bc6717782ce59dc4af6ed877

    SHA512

    5ef3c96f1c095c8bec73f0681ec3cfc8e688ca8508c6ab9b776e03ed9580f35382ae3ef16814477e959fb21499d228b93dc0e35f0058a054e94169cfa6ca3952

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\v_yWT.d
    Filesize

    2.1MB

    MD5

    40f11efae5438bac9dcd69526e40e6c4

    SHA1

    e57a842bcb8749cc632b68d88a8e46d5126feb7b

    SHA256

    6b640e93f12cd570bb2b8bf41d3cbf99e63762e3bc6717782ce59dc4af6ed877

    SHA512

    5ef3c96f1c095c8bec73f0681ec3cfc8e688ca8508c6ab9b776e03ed9580f35382ae3ef16814477e959fb21499d228b93dc0e35f0058a054e94169cfa6ca3952

    Download Submit
  • memory/2992-132-0x0000000000000000-mapping.dmp
    Download
  • memory/2992-136-0x0000000002840000-0x0000000002A55000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2992-137-0x0000000002D10000-0x0000000002EC3000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2992-138-0x0000000003010000-0x0000000003151000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/2992-139-0x0000000002760000-0x000000000282F000-memory.dmp
    Filesize

    828KB

    Download
  • memory/2992-140-0x0000000003160000-0x000000000321C000-memory.dmp
    Filesize

    752KB

    Download
  • memory/2992-141-0x0000000003160000-0x000000000321C000-memory.dmp
    Filesize

    752KB

    Download
  • memory/2992-143-0x0000000002D10000-0x0000000002EC3000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2992-144-0x0000000003010000-0x0000000003151000-memory.dmp
    Filesize

    1.3MB

    Download