Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-02-2023 00:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a5f6bfeda0bb3d4a1dc8209fd480375dfaa2077f2180cd25a7ee8d053fe9376.exe

  • Size

    341KB

  • MD5

    eda3f5f110201416bf3532dec93929d7

  • SHA1

    30fe3bbc11037a01b825b39b3c5c67c3bd8022ce

  • SHA256

    7a5f6bfeda0bb3d4a1dc8209fd480375dfaa2077f2180cd25a7ee8d053fe9376

  • SHA512

    2f71707c01e056d201f997504a508d0378133562d04101d2d1d73910633ece51c1abd32d36b86aee5c0a61dd1ff712d26b367fffd6ff8d2d6a5abaaa66863eaa

  • SSDEEP

    3072:CT0b6bkmL6wRGYrjtiEqZtkJaEmDHaMG8uBpr6xu456a47yIdjl90j8AuQjiMTEC:CAzmL63mjtiTfHaM7u+yGfuQj9za3

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a5f6bfeda0bb3d4a1dc8209fd480375dfaa2077f2180cd25a7ee8d053fe9376.exe
    "C:\Users\Admin\AppData\Local\Temp\7a5f6bfeda0bb3d4a1dc8209fd480375dfaa2077f2180cd25a7ee8d053fe9376.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:848

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/848-132-0x0000000004C70000-0x0000000005214000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/848-133-0x000000000072E000-0x000000000074E000-memory.dmp
    Filesize

    128KB

    Download
  • memory/848-134-0x00000000020F0000-0x000000000211D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/848-135-0x0000000000400000-0x00000000004D1000-memory.dmp
    Filesize

    836KB

    Download
  • memory/848-136-0x000000000072E000-0x000000000074E000-memory.dmp
    Filesize

    128KB

    Download
  • memory/848-137-0x000000000072E000-0x000000000074E000-memory.dmp
    Filesize

    128KB

    Download
  • memory/848-138-0x0000000000400000-0x00000000004D1000-memory.dmp
    Filesize

    836KB

    Download