Overview

overview

7

Static

static

1

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    51s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/03/2023, 12:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1c7c4264e5c68c0fb91636d466b42e6cfb4398dbeaffad584372935e15e82fe6.exe

  • Size

    4.6MB

  • MD5

    6730f8c0960fc4eca7a8521f0a269d99

  • SHA1

    2c0629b9c9c1c0b978560631036973185ed8beb1

  • SHA256

    1c7c4264e5c68c0fb91636d466b42e6cfb4398dbeaffad584372935e15e82fe6

  • SHA512

    fd04e2d1ec708354608eb5bfe53dc82c3f3ace7d11968fc941b0a25adab684f530378b0142f87f1703860aeaf09ef679735fccd812fd780610c575b634bcc667

  • SSDEEP

    49152:1C71N0xewXOBD4GaacfSG0K4ubh1992ZccWWF6ybP5XVvdDbNtOL4cCZtey+4t4F:2ojKDtNkS8CRNdDJLcwZ+419RlmItbD+

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Modifies file permissions 1 TTPs 3 IoCs
    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c7c4264e5c68c0fb91636d466b42e6cfb4398dbeaffad584372935e15e82fe6.exe
    "C:\Users\Admin\AppData\Local\Temp\1c7c4264e5c68c0fb91636d466b42e6cfb4398dbeaffad584372935e15e82fe6.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3960
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" "C:\ProgramData\DocumentsOracle-type6.1.0.5" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
        3⤵
        • Modifies file permissions
        PID:3720
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" "C:\ProgramData\DocumentsOracle-type6.1.0.5" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
        3⤵
        • Modifies file permissions
        PID:3012
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" "C:\ProgramData\DocumentsOracle-type6.1.0.5" /inheritance:e /deny "admin:(R,REA,RA,RD)"
        3⤵
        • Modifies file permissions
        PID:3028
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /CREATE /TN "DocumentsOracle-type6.1.0.5\DocumentsOracle-type6.1.0.5" /TR "C:\ProgramData\DocumentsOracle-type6.1.0.5\DocumentsOracle-type6.1.0.5.exe" /SC MINUTE
        3⤵
        • Creates scheduled task(s)
        PID:352
      • C:\ProgramData\DocumentsOracle-type6.1.0.5\DocumentsOracle-type6.1.0.5.exe
        "C:\ProgramData\DocumentsOracle-type6.1.0.5\DocumentsOracle-type6.1.0.5.exe" "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        3⤵
        • Executes dropped EXE
        PID:3768
  • C:\ProgramData\DocumentsOracle-type6.1.0.5\DocumentsOracle-type6.1.0.5.exe
    C:\ProgramData\DocumentsOracle-type6.1.0.5\DocumentsOracle-type6.1.0.5.exe
    1⤵
    • Executes dropped EXE
    PID:2724

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\DocumentsOracle-type6.1.0.5\DocumentsOracle-type6.1.0.5.exe
          Filesize

          626.6MB

          MD5

          ea5e2c2316a04816e8d2de14058c5b4b

          SHA1

          945bf74781cfc64d9bd52dd2c31cb6cf0e1fe7bb

          SHA256

          33a10bf19a3b65654c3a8daffc846454fa7ec2994a570a76837e9df6ac777dfa

          SHA512

          cf411028b0660a25bfdd3e1a116d0a502c22ebdd9a782ae39a5fdc048bae47ff7f5b7784901b71baa023edab8ce163ff3f166286a0c266feb391df6aa4d216a0

          Download Submit

        • C:\ProgramData\DocumentsOracle-type6.1.0.5\DocumentsOracle-type6.1.0.5.exe
          Filesize

          577.9MB

          MD5

          8d53db11021a835cbe7a745097178aa0

          SHA1

          2f0357d743ff2f44c16ca908a9dc745017596d23

          SHA256

          9bf1023598cb2c341c7a324990a4e30eee178bdd62def1aaa9846da8aac2f90f

          SHA512

          07fe4ca47b4002d6d9dec03ab13479f71f33550f269cf8cb7a1619ae240eb17bfd425298a43ff8552e0accf865324171852c6e71b81e17da1cbeffb6cdedde2e

          Download Submit

        • C:\ProgramData\DocumentsOracle-type6.1.0.5\DocumentsOracle-type6.1.0.5.exe
          Filesize

          420.4MB

          MD5

          bd11466f55106d931446c2376cb6fbb2

          SHA1

          643b40f3c30766a96a98506f1638b9896d6fc56f

          SHA256

          77b013178a0ea718065a1d55d74544d9ac06bcc6f1d6a63ea901ebad7525cde4

          SHA512

          577e9ba4cc5d329a1a37b887a55d4bb4dfc90cba326ae4a91503ec71d5b646e7d907760fa4cac15aacc830d2e471ad45687b4b422072830cbc5d98c2a7efa954

          Download Submit

        • memory/3960-122-0x0000000000B00000-0x0000000000F8C000-memory.dmp

          Filesize

          4.5MB

          Download

        • memory/3960-129-0x0000000009350000-0x000000000984E000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/3960-130-0x0000000008EF0000-0x0000000008F82000-memory.dmp

          Filesize

          584KB

          Download

        • memory/3960-131-0x0000000008E50000-0x0000000008E5A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3960-132-0x0000000008E30000-0x0000000008E40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3960-133-0x0000000008E30000-0x0000000008E40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3960-134-0x0000000008E30000-0x0000000008E40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3960-135-0x0000000008E30000-0x0000000008E40000-memory.dmp

          Filesize

          64KB

          Download