Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 07:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e1bd4c3891f3b17c603e76d79566128405b5660bad83312f8de55ecde54402c.exe

  • Size

    1.4MB

  • MD5

    b2b0d114eaebfcfcc34872710e2be6c2

  • SHA1

    a64aefd2858b1261166e289a835321335fac88d1

  • SHA256

    6e1bd4c3891f3b17c603e76d79566128405b5660bad83312f8de55ecde54402c

  • SHA512

    1b541e093fceb321787940923f2d08ea5ccf42305683a4958b14489606df202a2a765589e338faf1d4d4bf093d284769fcbac787aaabde5a88dcb16d58084149

  • SSDEEP

    24576:gJr8tE+gHqbV8q2rN+xYQ+I134u2B61avy0vqVGnx1Vxe06kbB0XHixrDHgEmhFO:gJ4NRf2R+6fIp4vB16lwnx1ZG3iJDHgm

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e1bd4c3891f3b17c603e76d79566128405b5660bad83312f8de55ecde54402c.exe
    "C:\Users\Admin\AppData\Local\Temp\6e1bd4c3891f3b17c603e76d79566128405b5660bad83312f8de55ecde54402c.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3464
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" -u -s S0Gl241.QZm
      2⤵
      • Loads dropped DLL
      PID:3124

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\S0Gl241.QZm
    Filesize

    2.3MB

    MD5

    cc5c759b17ba12073b4561e3f98d6f71

    SHA1

    51e431cf4ae11cc28676e31906e825c0a1af93e5

    SHA256

    8df653095c9994600a0885bfbf78b399906e36408172b41f083e69f96d532b6d

    SHA512

    03bdb33b1f94cd6f17e3776fa693c16964caabd1de4d504d2f9ffb3a5f2a2f423e5a7b9b6e96d7a1d23c251921bd23b54db140c1182578ed226b57711acb27da

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\S0Gl241.qZm
    Filesize

    2.3MB

    MD5

    cc5c759b17ba12073b4561e3f98d6f71

    SHA1

    51e431cf4ae11cc28676e31906e825c0a1af93e5

    SHA256

    8df653095c9994600a0885bfbf78b399906e36408172b41f083e69f96d532b6d

    SHA512

    03bdb33b1f94cd6f17e3776fa693c16964caabd1de4d504d2f9ffb3a5f2a2f423e5a7b9b6e96d7a1d23c251921bd23b54db140c1182578ed226b57711acb27da

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\S0Gl241.qZm
    Filesize

    2.3MB

    MD5

    cc5c759b17ba12073b4561e3f98d6f71

    SHA1

    51e431cf4ae11cc28676e31906e825c0a1af93e5

    SHA256

    8df653095c9994600a0885bfbf78b399906e36408172b41f083e69f96d532b6d

    SHA512

    03bdb33b1f94cd6f17e3776fa693c16964caabd1de4d504d2f9ffb3a5f2a2f423e5a7b9b6e96d7a1d23c251921bd23b54db140c1182578ed226b57711acb27da

    Download Submit

  • memory/3124-136-0x0000000002080000-0x00000000022D8000-memory.dmp

    Filesize

    2.3MB

    Download