Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    72s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2022, 01:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4efe8814fed12848173ac6f73cf929931c298b04562ef8a93dab2997846637ea.exe

  • Size

    1.6MB

  • MD5

    07af7909022d06c617c9eff098c173f6

  • SHA1

    dea48caf042901fd7e19e5c8faec5231cb7cbc93

  • SHA256

    4efe8814fed12848173ac6f73cf929931c298b04562ef8a93dab2997846637ea

  • SHA512

    57947935a4cd816cbaf97f6fc65b1a20a479457a9d0974f7939c599911fe8dc4ed163d34836d9d21896da0f21602da855c36f4fd167ec96c7382b6d3b95b1a79

  • SSDEEP

    24576:gJr8tE+gHqSo1NBI5C6b1DFCFMmriybAGOcwzyohNYqtRFn0AqqEEecxMnB5:gJ4NSoOC6b1JCFRisAXPIgzVyLcxk5

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4efe8814fed12848173ac6f73cf929931c298b04562ef8a93dab2997846637ea.exe
    "C:\Users\Admin\AppData\Local\Temp\4efe8814fed12848173ac6f73cf929931c298b04562ef8a93dab2997846637ea.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3544
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /S AWYuID.Sh4
      2⤵
      • Loads dropped DLL
      PID:2592

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AWYuID.Sh4
    Filesize

    1.5MB

    MD5

    b17c462e94412450fe2f51270042fc57

    SHA1

    31486090a022c7324eaecbce180b8ab83c0fa463

    SHA256

    f5e198abce5a306fd621978b027100343a6e54f1d9293d8998e5a901cc4eb69f

    SHA512

    23bc4b7051b9eb7d50e979e8177b18d2edc30e10c9b0b8949d2c8c2ca4d27ebcff58653fb0460cb45ced21db0181a072abb7c0aef356d012fafee27d6855b7eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\aWyuId.Sh4
    Filesize

    1.5MB

    MD5

    b17c462e94412450fe2f51270042fc57

    SHA1

    31486090a022c7324eaecbce180b8ab83c0fa463

    SHA256

    f5e198abce5a306fd621978b027100343a6e54f1d9293d8998e5a901cc4eb69f

    SHA512

    23bc4b7051b9eb7d50e979e8177b18d2edc30e10c9b0b8949d2c8c2ca4d27ebcff58653fb0460cb45ced21db0181a072abb7c0aef356d012fafee27d6855b7eb

    Download Submit

  • memory/2592-135-0x00000000021B0000-0x0000000002335000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2592-136-0x0000000073500000-0x000000007368C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2592-137-0x00000000020A0000-0x0000000002186000-memory.dmp

    Filesize

    920KB

    Download

  • memory/2592-138-0x0000000002880000-0x000000000294E000-memory.dmp

    Filesize

    824KB

    Download