Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-01-2023 19:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65a2b3cf112d50e941051116e68b736239d521bf7611e143ae1c83f93716f6f5.exe

  • Size

    695KB

  • MD5

    7864b6bcbeada443698afed738824deb

  • SHA1

    93bdd68b06c1372fb982f2a19ca69b374254f692

  • SHA256

    65a2b3cf112d50e941051116e68b736239d521bf7611e143ae1c83f93716f6f5

  • SHA512

    7281ad3c36f3f18a7bdc8574002512e759853d3d229871182ef1cfddd8eb5d49f0f5910dee1fba29c509bb462dadc6b828283a5c9c05447d517578b15bf4608b

  • SSDEEP

    12288:yv1DJyQoHJF62kVKFhfFpNPJVLjl2IDE+3w/Ksq/KsN/Ks:yJUcVKFhfFPJtl2n+Qit

Score
10/10
lgoogloaderdownloaderpersistence

Malware Config

Signatures

  • Detects LgoogLoader payload 1 IoCs
  • LgoogLoader

    A downloader capable of dropping and executing other malware families.

    downloaderlgoogloader
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65a2b3cf112d50e941051116e68b736239d521bf7611e143ae1c83f93716f6f5.exe
    "C:\Users\Admin\AppData\Local\Temp\65a2b3cf112d50e941051116e68b736239d521bf7611e143ae1c83f93716f6f5.exe"
    1⤵
    • Sets service image path in registry
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
      2⤵
        PID:2380
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
        2⤵
          PID:2396
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"
          2⤵
            PID:2484
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
            "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe"
            2⤵
              PID:2556
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe
              "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe"
              2⤵
                PID:2596

            Network

            MITRE ATT&CK Matrix ATT&CK v6

            Initial Access

            Execution

            Persistence

            Registry Run Keys / Startup Folder

            1
            T1060

            Privilege Escalation

            Defense Evasion

            Modify Registry

            1
            T1112

            Credential Access

            Discovery

            Lateral Movement

            Collection

            Exfiltration

            Command and Control

            Impact

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2016-120-0x000001F2F2FE0000-0x000001F2F3090000-memory.dmp
              Filesize

              704KB

              Download
            • memory/2016-121-0x000001F2F33D0000-0x000001F2F344C000-memory.dmp
              Filesize

              496KB

              Download
            • memory/2596-122-0x0000000000400000-0x000000000043E000-memory.dmp
              Filesize

              248KB

              Download
            • memory/2596-123-0x0000000000403980-mapping.dmp
              Download
            • memory/2596-124-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-125-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-126-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-127-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-128-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-129-0x0000000000400000-0x000000000043E000-memory.dmp
              Filesize

              248KB

              Download
            • memory/2596-130-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-131-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-132-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-133-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-134-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-136-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-137-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-135-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-138-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-139-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-140-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-141-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-142-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-143-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-144-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-146-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-147-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-148-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-145-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-149-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-150-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-151-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-152-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-153-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-154-0x0000000000400000-0x000000000043E000-memory.dmp
              Filesize

              248KB

              Download
            • memory/2596-155-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-156-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-157-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-158-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-159-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-160-0x0000000076FB0000-0x000000007713E000-memory.dmp
              Filesize

              1.6MB

              Download
            • memory/2596-161-0x00000000007E0000-0x00000000007E9000-memory.dmp
              Filesize

              36KB

              Download
            • memory/2596-162-0x0000000000A40000-0x0000000000A4D000-memory.dmp
              Filesize

              52KB

              Download