Overview

overview

7

Static

static

1

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2023, 00:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4206e65cef9c29abe643774f0addb00b6ac3dded05dc955dc445f5124fcc179e.exe

  • Size

    1.3MB

  • MD5

    afde411479ee59f22693bf9858cebe14

  • SHA1

    58ecf182ea9f42a47d937ec26854b659f2f759e7

  • SHA256

    4206e65cef9c29abe643774f0addb00b6ac3dded05dc955dc445f5124fcc179e

  • SHA512

    0ffaf4046855d9aecd237179eef2b44ce595a7daffb6506ae258b9185aa8f38e56cf9f7f65a6b9883c5ed2107f341f412cf4506ebfbeabb9c1433fa0ec382258

  • SSDEEP

    24576:I/XEXjJSFHUKYZEGbbWqwaWUTMyNZyhBVrjVUaPS/AWGswbBCnvABSKs+RlnwkPC:I/oSYZEoBxDTnZ2VrjgAWUCnovs+fnrC

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4206e65cef9c29abe643774f0addb00b6ac3dded05dc955dc445f5124fcc179e.exe
    "C:\Users\Admin\AppData\Local\Temp\4206e65cef9c29abe643774f0addb00b6ac3dded05dc955dc445f5124fcc179e.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /u YUOxXB.IkA -S
      2⤵
      • Loads dropped DLL
      PID:4176

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\YUOxXB.IkA
    Filesize

    1.1MB

    MD5

    bfbb8e536913d92ac390c873f6a81a1e

    SHA1

    79ddcab4c1a029eabf65cec4ebcf18cfe09e4c3f

    SHA256

    31d5777fd6cc9dad5d8257170f79457af9b0687910e2bd2b667f019014f67828

    SHA512

    cff741971dac0eb98230be460b50dfd9560f7d0836ae76c38f11ebcba7dc874109acf2e6507619a52f0e06b9a858532ba7f2f833a43d56200ce2c46cb352aa54

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yUoxxb.IkA
    Filesize

    1.1MB

    MD5

    bfbb8e536913d92ac390c873f6a81a1e

    SHA1

    79ddcab4c1a029eabf65cec4ebcf18cfe09e4c3f

    SHA256

    31d5777fd6cc9dad5d8257170f79457af9b0687910e2bd2b667f019014f67828

    SHA512

    cff741971dac0eb98230be460b50dfd9560f7d0836ae76c38f11ebcba7dc874109acf2e6507619a52f0e06b9a858532ba7f2f833a43d56200ce2c46cb352aa54

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yUoxxb.IkA
    Filesize

    1.1MB

    MD5

    bfbb8e536913d92ac390c873f6a81a1e

    SHA1

    79ddcab4c1a029eabf65cec4ebcf18cfe09e4c3f

    SHA256

    31d5777fd6cc9dad5d8257170f79457af9b0687910e2bd2b667f019014f67828

    SHA512

    cff741971dac0eb98230be460b50dfd9560f7d0836ae76c38f11ebcba7dc874109acf2e6507619a52f0e06b9a858532ba7f2f833a43d56200ce2c46cb352aa54

    Download Submit

  • memory/4176-138-0x0000000002330000-0x0000000002441000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4176-139-0x0000000002690000-0x0000000002696000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4176-140-0x0000000002330000-0x0000000002441000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4176-142-0x00000000027A0000-0x0000000002880000-memory.dmp

    Filesize

    896KB

    Download

  • memory/4176-143-0x0000000002890000-0x0000000002958000-memory.dmp

    Filesize

    800KB

    Download

  • memory/4176-146-0x0000000002890000-0x0000000002958000-memory.dmp

    Filesize

    800KB

    Download

  • memory/4176-147-0x0000000002890000-0x0000000002958000-memory.dmp

    Filesize

    800KB

    Download