Overview

overview

8

Static

static

1

dridex

windows10-1703-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    102s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08-02-2023 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e36b36d5813065884804b4343b24a86e06e20313ce57d2acc4aa0579d999a3c.exe

  • Size

    316KB

  • MD5

    75fcc8a6cfd25ce25f4cefa25205f059

  • SHA1

    6bf0fdbb0c4167949967a2574f90e3842ad445e6

  • SHA256

    8e36b36d5813065884804b4343b24a86e06e20313ce57d2acc4aa0579d999a3c

  • SHA512

    a66596fe2e4588c7e3e11cfeec0d4ebd4f6a90438d12d9d3323ef5f53c34274516e20f10b73213969fba69fcc9336a8e7057e19f1905f4f7b6d60e6a976138e4

  • SSDEEP

    3072:zwayTdWD+B7A6/OW7uvR9up0ExVfo+2OxiFd1RLStKRxhUwJ:zq48Aw9uHe0Ex1bPW1gtKB

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Downloads MZ/PE file
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 19 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 36 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e36b36d5813065884804b4343b24a86e06e20313ce57d2acc4aa0579d999a3c.exe
    "C:\Users\Admin\AppData\Local\Temp\8e36b36d5813065884804b4343b24a86e06e20313ce57d2acc4aa0579d999a3c.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1680
  • C:\Users\Admin\AppData\Local\Temp\1E65.exe
    C:\Users\Admin\AppData\Local\Temp\1E65.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Ifdefyrywdt.dll,start
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Checks processor information in registry
      • Suspicious use of WriteProcessMemory
      PID:3636
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 20218
        3⤵
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        PID:3156
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 752
      2⤵
      • Program crash
      PID:3704
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4712

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1E65.exe
      Filesize

      3.8MB

      MD5

      f3edb8cce3e0d978042fce1db10b660d

      SHA1

      94bf01d5aebd096458f70dac868bf848d468825f

      SHA256

      9f9581aba7126566ed28b61ad8e5fb59687ea8849f574c18cf7c3c4cffafd8ba

      SHA512

      1f1ae6e737031aa37a984185c14174d8d4ac03392a8900b3f3d115994d270ec312b1252785c756f0780ddb748a2b197d53b568880d2be931da7eb9e5ac7b4459

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1E65.exe
      Filesize

      3.8MB

      MD5

      f3edb8cce3e0d978042fce1db10b660d

      SHA1

      94bf01d5aebd096458f70dac868bf848d468825f

      SHA256

      9f9581aba7126566ed28b61ad8e5fb59687ea8849f574c18cf7c3c4cffafd8ba

      SHA512

      1f1ae6e737031aa37a984185c14174d8d4ac03392a8900b3f3d115994d270ec312b1252785c756f0780ddb748a2b197d53b568880d2be931da7eb9e5ac7b4459

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Ifdefyrywdt.dll
      Filesize

      4.3MB

      MD5

      340cae2d9f2b05f5f6fb77c07fe44b23

      SHA1

      60c4fbf7d6a1c19b0fa1421dcd16629a0879b1d8

      SHA256

      e88bea465742085f5509a32c6546f64542fe352c636643043b37564cfad8e3f0

      SHA512

      76cd21751991e14cb4fe114fd49e12f79c35518971e14686f709b6d3c939e35ee27c65620b2f2d5f9b29e210c5403dfd0b856e1651f36ee749694eff2efeb7d5

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Ifdefyrywdt.dll
      Filesize

      4.3MB

      MD5

      340cae2d9f2b05f5f6fb77c07fe44b23

      SHA1

      60c4fbf7d6a1c19b0fa1421dcd16629a0879b1d8

      SHA256

      e88bea465742085f5509a32c6546f64542fe352c636643043b37564cfad8e3f0

      SHA512

      76cd21751991e14cb4fe114fd49e12f79c35518971e14686f709b6d3c939e35ee27c65620b2f2d5f9b29e210c5403dfd0b856e1651f36ee749694eff2efeb7d5

      Download Submit

    • memory/1680-120-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-121-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-122-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-123-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-124-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-125-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-126-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-127-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-128-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-129-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-130-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-131-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-132-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-133-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-134-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-135-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-136-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-137-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-138-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-139-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-140-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-141-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-142-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-143-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-145-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-146-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-147-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-148-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-149-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-150-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-151-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-152-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-154-0x0000000000590000-0x00000000006DA000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1680-156-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-157-0x0000000000400000-0x00000000004CA000-memory.dmp

      Filesize

      808KB

      Download

    • memory/1680-155-0x00000000004D0000-0x000000000057E000-memory.dmp

      Filesize

      696KB

      Download

    • memory/1680-153-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1680-158-0x0000000000400000-0x00000000004CA000-memory.dmp

      Filesize

      808KB

      Download

    • memory/2824-185-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-162-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-164-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-163-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-165-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-166-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-169-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-170-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-171-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-167-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-172-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-174-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-175-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-173-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-176-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-177-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-178-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-179-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-180-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-181-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-182-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-183-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-161-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-184-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-187-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-189-0x0000000002720000-0x0000000002AB2000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/2824-188-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-190-0x0000000002AC0000-0x0000000002FAB000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/2824-191-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-192-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-193-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-194-0x0000000077390000-0x000000007751E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-213-0x0000000000400000-0x00000000008F8000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/2824-226-0x0000000002720000-0x0000000002AB2000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/2824-228-0x0000000002AC0000-0x0000000002FAB000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/2824-255-0x0000000000400000-0x00000000008F8000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/2824-269-0x0000000000400000-0x00000000008F8000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/3156-335-0x0000000000050000-0x00000000002F2000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/3156-336-0x00000248942E0000-0x0000024894594000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3636-320-0x0000000005A90000-0x00000000065D0000-memory.dmp

      Filesize

      11.2MB

      Download

    • memory/3636-334-0x0000000006649000-0x000000000664B000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3636-337-0x0000000005A90000-0x00000000065D0000-memory.dmp

      Filesize

      11.2MB

      Download