Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2022 22:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    962dedefa9086c7d22d7e5a93465fc1cca1ed164a27b6e19cc3004a487ec120b.exe

  • Size

    1.7MB

  • MD5

    c5c2c0180df40b7047334f1b728be189

  • SHA1

    356a0eb4830cda24b0605e285feb15d6243092c7

  • SHA256

    962dedefa9086c7d22d7e5a93465fc1cca1ed164a27b6e19cc3004a487ec120b

  • SHA512

    aa9449e24318096f7baab387345e926207e44a463f7629d2c9bceb45f976dced015e09ecafddd5704fc996a4d7b5abf1f3fb88988172ac53339d86034acd0884

  • SSDEEP

    49152:zunqviCJc/Gx4fvJ5aRz6JxNRaJDrZzMkneskDCedqx7s6Spgz:zKqvib/Q43raRz6JxgBzMkeskpqx2Wz

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\962dedefa9086c7d22d7e5a93465fc1cca1ed164a27b6e19cc3004a487ec120b.exe
    "C:\Users\Admin\AppData\Local\Temp\962dedefa9086c7d22d7e5a93465fc1cca1ed164a27b6e19cc3004a487ec120b.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /S ibNu.73 -u
      2⤵
      • Loads dropped DLL
      PID:2512

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ibNu.73
    Filesize

    1.7MB

    MD5

    dad0fb80cfef4601a5a8bf5d46cdef54

    SHA1

    72934348ea5307ed5693e4ed6510c887fd93f989

    SHA256

    966aee11805d46cd8dd7056e5a06af5eba87a81ec020f91b58714a98abaf6401

    SHA512

    917e866b7f358c0f33edecca7e5f2c13ca26b50d8ce80b7268568b2a5b5908893e1db54a09f359bacd545d351bc90ae45c51a4bc9332f5d538f9a650f58b6979

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ibNu.73
    Filesize

    1.7MB

    MD5

    dad0fb80cfef4601a5a8bf5d46cdef54

    SHA1

    72934348ea5307ed5693e4ed6510c887fd93f989

    SHA256

    966aee11805d46cd8dd7056e5a06af5eba87a81ec020f91b58714a98abaf6401

    SHA512

    917e866b7f358c0f33edecca7e5f2c13ca26b50d8ce80b7268568b2a5b5908893e1db54a09f359bacd545d351bc90ae45c51a4bc9332f5d538f9a650f58b6979

    Download Submit

  • memory/2512-135-0x0000000002930000-0x0000000002ADF000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2512-136-0x00000000731C0000-0x0000000073376000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2512-137-0x0000000002790000-0x000000000288A000-memory.dmp

    Filesize

    1000KB

    Download

  • memory/2512-138-0x00000000030B0000-0x0000000003191000-memory.dmp

    Filesize

    900KB

    Download