Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    112s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2023, 10:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7f2e56fcc1d09a924faf8e9fd38f4781aa79d6d895e8d068d093b4201a3f08e7.exe

  • Size

    220KB

  • MD5

    fd815ed5f97b5a0c8091f3f8d5125673

  • SHA1

    8e062e61dc7fb58a3301741aa4c34b259e3e9b25

  • SHA256

    7f2e56fcc1d09a924faf8e9fd38f4781aa79d6d895e8d068d093b4201a3f08e7

  • SHA512

    e47b639e4692101ea444ee22b99d638c521ae5c5e8f27b16f9c2f335ab3a242bf0deb51f52a9e75ccb40edffa8bbaaa6cf8915ff74e10be79fbd697fe8ee96b7

  • SSDEEP

    3072:xolPLvGk5nuFUgjR73VdjMMUHFnz40axOleldXFPvcc7TbsKeKS:q9LvGSAUgjF3Pja51OOC7cw/ep

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f2e56fcc1d09a924faf8e9fd38f4781aa79d6d895e8d068d093b4201a3f08e7.exe
    "C:\Users\Admin\AppData\Local\Temp\7f2e56fcc1d09a924faf8e9fd38f4781aa79d6d895e8d068d093b4201a3f08e7.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5028
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 948
      2⤵
      • Program crash
      PID:4800
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5028 -ip 5028
    1⤵
      PID:4840

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/5028-132-0x0000000004E70000-0x0000000005414000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/5028-133-0x000000000090E000-0x000000000092E000-memory.dmp

            Filesize

            128KB

            Download

          • memory/5028-134-0x0000000002490000-0x00000000024BD000-memory.dmp

            Filesize

            180KB

            Download

          • memory/5028-135-0x0000000000400000-0x0000000000754000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/5028-136-0x000000000090E000-0x000000000092E000-memory.dmp

            Filesize

            128KB

            Download

          • memory/5028-137-0x000000000090E000-0x000000000092E000-memory.dmp

            Filesize

            128KB

            Download

          • memory/5028-138-0x0000000000400000-0x0000000000754000-memory.dmp

            Filesize

            3.3MB

            Download