Overview

overview

7

Static

static

dridex

windows10-1703-x64

7

Resubmissions

27-12-2022 00:41

221227-a15twahc5y 7

27-12-2022 00:20

221227-amsmdshc3w 7

Analysis

  • max time kernel
    150s
  • max time network
    62s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27-12-2022 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf9f7872dd9109d9e11f39184d19fc93f74b9c5411681c6881a12415eb0751fc.exe

  • Size

    1.7MB

  • MD5

    39fa68973af1c0d337504dc5f5a78c19

  • SHA1

    ef0a813e0667a0fd0bb7f3856a3a43f910fd07b8

  • SHA256

    cf9f7872dd9109d9e11f39184d19fc93f74b9c5411681c6881a12415eb0751fc

  • SHA512

    25c944174c1387c881ed5b01e25f7190519fbdca7a8e51f7f1de87954b7f2aded3bdff65c30294e68b3c1512ce1f38ae7b7d62c030ee214ffcbee08f3398c538

  • SSDEEP

    49152:084cPIOD7j5EfFtmwLWwzshG41qQfMqhyf3hVEtg:6cPIOD7jWfWwLWwz8G4xfMqhyJVEa

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf9f7872dd9109d9e11f39184d19fc93f74b9c5411681c6881a12415eb0751fc.exe
    "C:\Users\Admin\AppData\Local\Temp\cf9f7872dd9109d9e11f39184d19fc93f74b9c5411681c6881a12415eb0751fc.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3824
    • C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\BV7TV.CPl",
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3456
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\BV7TV.CPl",
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:4764
        • C:\Windows\system32\RunDll32.exe
          C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\BV7TV.CPl",
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4716
          • C:\Windows\SysWOW64\rundll32.exe
            "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\BV7TV.CPl",
            5⤵
            • Loads dropped DLL
            PID:3048

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\BV7TV.CPl
    Filesize

    1.7MB

    MD5

    ac5fc984f91784330c3fe570fc2d2904

    SHA1

    805fb0e284ce964335559a01e2ed9c3da70604b7

    SHA256

    65074cc409f4d1947ab4fd51d01c15db063cca4cbf7818d2e21d3bb4d43d6e54

    SHA512

    75b88512e3dc4955d0210502ee17e5414542d1c1b80bd65ebcaa0ad52ef1c6dcb4f9f84333d7b619ef7fcea260e97e32d18a2d5dc6555d167c550bfabfee37f6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Bv7tv.cpl
    Filesize

    1.7MB

    MD5

    ac5fc984f91784330c3fe570fc2d2904

    SHA1

    805fb0e284ce964335559a01e2ed9c3da70604b7

    SHA256

    65074cc409f4d1947ab4fd51d01c15db063cca4cbf7818d2e21d3bb4d43d6e54

    SHA512

    75b88512e3dc4955d0210502ee17e5414542d1c1b80bd65ebcaa0ad52ef1c6dcb4f9f84333d7b619ef7fcea260e97e32d18a2d5dc6555d167c550bfabfee37f6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Bv7tv.cpl
    Filesize

    1.7MB

    MD5

    ac5fc984f91784330c3fe570fc2d2904

    SHA1

    805fb0e284ce964335559a01e2ed9c3da70604b7

    SHA256

    65074cc409f4d1947ab4fd51d01c15db063cca4cbf7818d2e21d3bb4d43d6e54

    SHA512

    75b88512e3dc4955d0210502ee17e5414542d1c1b80bd65ebcaa0ad52ef1c6dcb4f9f84333d7b619ef7fcea260e97e32d18a2d5dc6555d167c550bfabfee37f6

    Download Submit

  • memory/3048-326-0x0000000004510000-0x00000000046BE000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3824-150-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-133-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-121-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-122-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-124-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-125-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-126-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-127-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-129-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-128-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-130-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-131-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-132-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-153-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-134-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-135-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-136-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-137-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-138-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-139-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-140-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-141-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-142-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-143-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-155-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-145-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-146-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-147-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-148-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-149-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-118-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-151-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-162-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-119-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-144-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-156-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-158-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-159-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-160-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-161-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-152-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-157-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-154-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-163-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-164-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-165-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-167-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-168-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-166-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-170-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-169-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-171-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-172-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-173-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-174-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-175-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-176-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-177-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-178-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-179-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-180-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-181-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-116-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-117-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4764-273-0x00000000727E0000-0x0000000072997000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4764-272-0x00000000045A0000-0x000000000474E000-memory.dmp

    Filesize

    1.7MB

    Download