Overview

overview

6

Static

static

1

dridex

windows10-2004-x64

6

Analysis

  • max time kernel
    138s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/02/2023, 11:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8d5889f08fd955603a3a5d0a74861feef799cc7d0b8d57dfa68c1be7ac9fb42a.exe

  • Size

    358KB

  • MD5

    60c870dd74d374b614492f0980725060

  • SHA1

    b647bf9129e219b3bf8b26622c1ae900dea6f661

  • SHA256

    8d5889f08fd955603a3a5d0a74861feef799cc7d0b8d57dfa68c1be7ac9fb42a

  • SHA512

    5ab4c73d17bb6b46606eef9c3b85aeb6721d9d9e5ca34c1090e922818ec538d536830112015f6f500a7523c3e38985e7ebd877125ed2a394cfbf724a9be73f17

  • SSDEEP

    6144:ovSYazFalpk8uwoe7A0pzm2ZbnfWyJA/:oax2pTPpTnfW3/

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d5889f08fd955603a3a5d0a74861feef799cc7d0b8d57dfa68c1be7ac9fb42a.exe
    "C:\Users\Admin\AppData\Local\Temp\8d5889f08fd955603a3a5d0a74861feef799cc7d0b8d57dfa68c1be7ac9fb42a.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:3196
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 1328
      2⤵
      • Program crash
      PID:4784
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3196 -ip 3196
    1⤵
      PID:4816

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3196-132-0x000000000091E000-0x0000000000934000-memory.dmp

            Filesize

            88KB

            Download

          • memory/3196-133-0x00000000008C0000-0x00000000008D5000-memory.dmp

            Filesize

            84KB

            Download

          • memory/3196-134-0x0000000000400000-0x0000000000628000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/3196-135-0x000000000091E000-0x0000000000934000-memory.dmp

            Filesize

            88KB

            Download

          • memory/3196-136-0x0000000000400000-0x0000000000628000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/3196-137-0x0000000000400000-0x0000000000628000-memory.dmp

            Filesize

            2.2MB

            Download