Overview

overview

7

Static

static

1

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/02/2023, 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    435fb89bbfcd15dc42406f52b383f14e1068b4d9ffa2446d7644b09792a71d65.exe

  • Size

    3.6MB

  • MD5

    ac916be3f5ec8d6722827b6481160d54

  • SHA1

    9cfd06b23ba5905b87cc5805277e591a0b8f23bc

  • SHA256

    435fb89bbfcd15dc42406f52b383f14e1068b4d9ffa2446d7644b09792a71d65

  • SHA512

    ae829d207cc4c57d832f1caf76a5c66c62de48c489757854c8c4d520caf3771edcfe28b7fe81228a0462080ef40ac36dfa1a4d26f93c595b0e5b895f8f6b976a

  • SSDEEP

    49152:n5/fW69UnItqk5rL9S16BZij0aUuBpyUbZNlIA77pQfJ37n50yaAIgEOzlavUDbv:53vOnItP5rkYZiZJpyUjeJ37n1bVR2

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\435fb89bbfcd15dc42406f52b383f14e1068b4d9ffa2446d7644b09792a71d65.exe
    "C:\Users\Admin\AppData\Local\Temp\435fb89bbfcd15dc42406f52b383f14e1068b4d9ffa2446d7644b09792a71d65.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4832
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Wadadftewrrfq.dll,start
      2⤵
      • Loads dropped DLL
      PID:1164
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 484
      2⤵
      • Program crash
      PID:1152
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4832 -ip 4832
    1⤵
      PID:1972

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Wadadftewrrfq.dll
      Filesize

      4.2MB

      MD5

      1c08931016531865ed9f2d24f915909a

      SHA1

      4b3a240812b8c5168d397e9e8b777f415e3a2ce1

      SHA256

      d9f231fb057d477578eaa0ac8810a759d32cba0bf9706bb62897318260aaa46f

      SHA512

      04a49d1af4a8f406f42209cddf7499cc8d183e263148c2990c2b766698843ca506096cf9a08f29e20faf548cb02ec4584fd02037c560093bae8aa5e2f3945fe2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Wadadftewrrfq.dll
      Filesize

      4.2MB

      MD5

      1c08931016531865ed9f2d24f915909a

      SHA1

      4b3a240812b8c5168d397e9e8b777f415e3a2ce1

      SHA256

      d9f231fb057d477578eaa0ac8810a759d32cba0bf9706bb62897318260aaa46f

      SHA512

      04a49d1af4a8f406f42209cddf7499cc8d183e263148c2990c2b766698843ca506096cf9a08f29e20faf548cb02ec4584fd02037c560093bae8aa5e2f3945fe2

      Download Submit

    • memory/4832-135-0x0000000002713000-0x0000000002A8B000-memory.dmp

      Filesize

      3.5MB

      Download

    • memory/4832-136-0x0000000002A90000-0x0000000002F66000-memory.dmp

      Filesize

      4.8MB

      Download

    • memory/4832-137-0x0000000000400000-0x00000000008E2000-memory.dmp

      Filesize

      4.9MB

      Download