Overview

overview

7

Static

static

1

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/03/2023, 15:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    77efd96a15826d009434a2942f9a26a60d6b04688c249d5ef08d0cf126a9c0f5.exe

  • Size

    4.2MB

  • MD5

    1c9a222163b26914af30d525a7536b7a

  • SHA1

    fec34937edb4b9fe8357b7650f33a7f0e509b6d7

  • SHA256

    77efd96a15826d009434a2942f9a26a60d6b04688c249d5ef08d0cf126a9c0f5

  • SHA512

    f74b53d35dde56d9ee69b3fafac112064d1e6f418ef53d26b6ec8e915bebaf5dcebd07c50adec0b149eef19c7937d7042ea5743d53ce7604de9f0c5b90447646

  • SSDEEP

    49152:Mkx28PbFFbDmcVY9yIsI/qaQjI6DpiRp5ZtCaMRka7eQxh+KDQy8YTc7cN6oe4Co:MhutKcm9yB4iIEiB2+a7eUkuL

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Modifies file permissions 1 TTPs 3 IoCs
    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77efd96a15826d009434a2942f9a26a60d6b04688c249d5ef08d0cf126a9c0f5.exe
    "C:\Users\Admin\AppData\Local\Temp\77efd96a15826d009434a2942f9a26a60d6b04688c249d5ef08d0cf126a9c0f5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" "C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
        3⤵
        • Modifies file permissions
        PID:2628
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" "C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
        3⤵
        • Modifies file permissions
        PID:2712
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" "C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5" /inheritance:e /deny "admin:(R,REA,RA,RD)"
        3⤵
        • Modifies file permissions
        PID:4960
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /CREATE /TN "regid.1991-06.com.microsoftMicrosoft-type6.2.6.5\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5" /TR "C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5.exe" /SC MINUTE
        3⤵
        • Creates scheduled task(s)
        PID:448
      • C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5.exe
        "C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5.exe" "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        3⤵
        • Executes dropped EXE
        PID:4036
  • C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5.exe
    C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5.exe
    1⤵
    • Executes dropped EXE
    PID:4460

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5.exe
          Filesize

          809.1MB

          MD5

          3ea7920b77c7697795bb81dc626816a6

          SHA1

          84a11fbb8623b9fd92426d4c91fa92d649fbee85

          SHA256

          f467304dadafc318dee5b2a52ddfad40d63f7efc31af5ce9260ad96230e93733

          SHA512

          1c9a9bc8a49f463daad61607973dd0e9714dd4b6b512883e7580d6c7094af7e39a0f9cfc27bfcc8eecf4831d4dc76e87420fa5321d6b98267cdaef941ba0f874

          Download Submit

        • C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5.exe
          Filesize

          830.2MB

          MD5

          b7ab72eb7f2d5df4c8f52df142832f20

          SHA1

          f2e52c52113c1762cab5a2eb9142278a1247f335

          SHA256

          7c2783a534666b3d9fbec9aad5c884d8445ae201845b8723d6c9b5319beba7df

          SHA512

          fb46acff4d19f9c7b1250037833d26b077581a3ab4fd265763842d1f76cd3597657999c5ae5f654f5ee0eeb636b954c9acc5c86309cec867ef4e217462bf202b

          Download Submit

        • C:\ProgramData\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5\regid.1991-06.com.microsoftMicrosoft-type6.2.6.5.exe
          Filesize

          251.9MB

          MD5

          3b063b0421b1931a868462f2b8f1a26b

          SHA1

          62d1c3388bf7e2ecb9bd77e9ee0e91e5ab1210d6

          SHA256

          bb323811fd9303773fa5984627b3d37959a3bbd735ce85ad4dbb8c168719abab

          SHA512

          59c129ee7fc966d88399dbb1ea45ade966535d9a2f4ef4ec023ef8f866fe660f361dc28c199393724a3633d58dcb027bacba745a0468aa5b4afda9e70c64a018

          Download Submit

        • memory/2104-122-0x0000000000BC0000-0x0000000000FE8000-memory.dmp

          Filesize

          4.2MB

          Download

        • memory/2104-127-0x00000000059C0000-0x0000000005EBE000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/2104-128-0x00000000054C0000-0x0000000005552000-memory.dmp

          Filesize

          584KB

          Download

        • memory/2104-129-0x0000000005460000-0x000000000546A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2104-130-0x0000000005670000-0x0000000005680000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2104-131-0x0000000005670000-0x0000000005680000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2104-132-0x0000000005670000-0x0000000005680000-memory.dmp

          Filesize

          64KB

          Download