Overview

overview

7

Static

static

1

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-03-2023 23:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5024fbc7fdb326ea6361d7ffa74fba7fa01aae4b56ebe9f6cfd89e677175027.exe

  • Size

    4.6MB

  • MD5

    5a0d8b81fdacc3e4fd6ec25d861ebe1e

  • SHA1

    82def7774a7f2f74c0b776ca00781747b783317e

  • SHA256

    e5024fbc7fdb326ea6361d7ffa74fba7fa01aae4b56ebe9f6cfd89e677175027

  • SHA512

    ff4c39b5cf82c0addff075da01ea4014c949d76251f1b51feaec3ba2ce68110efac58d7c2b622ee2552287a0f56ec8c661853284ec007ba05fc03e0b4b0f4ea8

  • SSDEEP

    49152:yyP31N0xewXOBD4GaacfSG0K4ubh1992ZccWWF6ybP5XVvdDbNtOL4cCZtey+4t4:xojKDtNkS8CRNdDJLcwZ+419RlmItbDg

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Modifies file permissions 1 TTPs 3 IoCs
    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5024fbc7fdb326ea6361d7ffa74fba7fa01aae4b56ebe9f6cfd89e677175027.exe
    "C:\Users\Admin\AppData\Local\Temp\e5024fbc7fdb326ea6361d7ffa74fba7fa01aae4b56ebe9f6cfd89e677175027.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3416
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4568
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" "C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
        3⤵
        • Modifies file permissions
        PID:1124
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" "C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
        3⤵
        • Modifies file permissions
        PID:1196
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" "C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4" /inheritance:e /deny "admin:(R,REA,RA,RD)"
        3⤵
        • Modifies file permissions
        PID:3968
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /CREATE /TN "USOPrivateUSOPrivate-type1.5.7.4\USOPrivateUSOPrivate-type1.5.7.4" /TR "C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4\USOPrivateUSOPrivate-type1.5.7.4.exe" /SC MINUTE
        3⤵
        • Creates scheduled task(s)
        PID:3384
      • C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4\USOPrivateUSOPrivate-type1.5.7.4.exe
        "C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4\USOPrivateUSOPrivate-type1.5.7.4.exe" "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        3⤵
        • Executes dropped EXE
        PID:4664
  • C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4\USOPrivateUSOPrivate-type1.5.7.4.exe
    C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4\USOPrivateUSOPrivate-type1.5.7.4.exe
    1⤵
    • Executes dropped EXE
    PID:3816

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4\USOPrivateUSOPrivate-type1.5.7.4.exe
    Filesize

    517.9MB

    MD5

    94a670afe1481cf5d53769b159928c6d

    SHA1

    d2dfa916f67dfbcaf424f3ae516739ea3757721b

    SHA256

    57d94b0663018a3bbe7ef0bc887a45dfed0dbbbdc43b694c3c93cfc211002b50

    SHA512

    a5f32472b60b6dcc88fc0333e3cdb7ca2fbacfc40f7e9ba63c5f3ce68455c0e3827a7f8296837408e2f2796e3ff1b719a32c980034d121d84bd4843558f39dff

    Download Submit

  • C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4\USOPrivateUSOPrivate-type1.5.7.4.exe
    Filesize

    482.1MB

    MD5

    b3a0dd0e2ea82727685492fe2c61aaa3

    SHA1

    ff2c8c8111ab74fd493b532b0153cc3dffd99c27

    SHA256

    03abfe628c18a840bf76f4f1f472909b195cb1d5dc8cb58a3d809ffef716d679

    SHA512

    9e47b9bae9391cb88ced138dcf64723ad2ada055d841e1af561631a83faf7711d1725d391191360f5048f22d45995c3921d88c130f1d1d45dec2d835ede07a71

    Download Submit

  • C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4\USOPrivateUSOPrivate-type1.5.7.4.exe
    Filesize

    503.5MB

    MD5

    ba9d7f515cc2a2f315f906e71a6b056d

    SHA1

    502e6ab8326b0b78a769301b3bdf4053bfdd736a

    SHA256

    9df9c5a9db5e49039ea24cdbe71885d838660b4418b8fae3d0376bd801b1e44f

    SHA512

    d7eeb962995b766860ad16c93f1c46544534afd5a4e0c608697c11397ca972f0276eb769adc72a51e092a889fa79e88fbb1dbc128515e978f88316a39f86b3ea

    Download Submit

  • C:\ProgramData\USOPrivateUSOPrivate-type1.5.7.4\USOPrivateUSOPrivate-type1.5.7.4.exe
    Filesize

    436.1MB

    MD5

    ba1f68ede422a495d70b3920bb65b7ef

    SHA1

    85acd20f5984dc4c199ace12a72f2670204355e9

    SHA256

    ca48380ce5a46b488ff2f1307a510c2effd8c55d214cbe43465c9ff4bf887925

    SHA512

    1a371bd926dfe923e4a4705890edbede4bd13cbc9525b7ee5f0d218f958cb7eaaa5e274dd6e8ff9f2351adb53688cfa5c74002aa3f20c819daef3588753faddb

    Download Submit

  • memory/4568-134-0x0000000000A00000-0x0000000000E8C000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/4568-139-0x00000000059D0000-0x0000000005F74000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4568-140-0x00000000054C0000-0x0000000005552000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4568-141-0x0000000005490000-0x000000000549A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4568-142-0x0000000005680000-0x0000000005690000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4568-143-0x0000000005680000-0x0000000005690000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4568-144-0x0000000005680000-0x0000000005690000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4568-145-0x0000000005680000-0x0000000005690000-memory.dmp

    Filesize

    64KB

    Download