Overview

overview

7

Static

static

1

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    72s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2023, 16:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e43b5e9bf67283b46080db49302cb254c93874ea318aa8add3f1e3c611500320.exe

  • Size

    1.6MB

  • MD5

    804b7919a1eb3deb8e4b0c359714b9d2

  • SHA1

    c71100a2aa7e089b2a38034acc45b8f55c3b1bac

  • SHA256

    e43b5e9bf67283b46080db49302cb254c93874ea318aa8add3f1e3c611500320

  • SHA512

    50fcf17fc5e96bc719b5f7a1963fb2e53adccd19f6be97e3444c75724f80ea0a77ea19761cf5cc3c9c6a3c38d9bb3ff941b457b52c822110a366927396fc95bd

  • SSDEEP

    49152:FNsWhFtBfJXAEobaEjyyiMrWC4HCVsUtigDW:LsWhFtBfKEKaFyiMx2es8W

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e43b5e9bf67283b46080db49302cb254c93874ea318aa8add3f1e3c611500320.exe
    "C:\Users\Admin\AppData\Local\Temp\e43b5e9bf67283b46080db49302cb254c93874ea318aa8add3f1e3c611500320.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3524
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /y .\B_ToE.9X
      2⤵
      • Loads dropped DLL
      PID:1732

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\B_ToE.9X
          Filesize

          1.0MB

          MD5

          78b5d9e0c04c00a62c928519e56fdfbd

          SHA1

          b1b2e99f3ea37b8b95cb683610bfacea0b9b7ea0

          SHA256

          460b764bf10b6bc77469dbc5661c0f4035f22471e92f9b7d12f6cf0c03e4e078

          SHA512

          39acc11b95e4654a0da0f3b96c497755e0ccb5a0a1e620c77023a1bcbd5457535cd626483bc3e63b09ee0cc15e873a953e3a051e8d6bf2567ab42c4a117edb95

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\B_ToE.9X
          Filesize

          1.0MB

          MD5

          78b5d9e0c04c00a62c928519e56fdfbd

          SHA1

          b1b2e99f3ea37b8b95cb683610bfacea0b9b7ea0

          SHA256

          460b764bf10b6bc77469dbc5661c0f4035f22471e92f9b7d12f6cf0c03e4e078

          SHA512

          39acc11b95e4654a0da0f3b96c497755e0ccb5a0a1e620c77023a1bcbd5457535cd626483bc3e63b09ee0cc15e873a953e3a051e8d6bf2567ab42c4a117edb95

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\B_ToE.9X
          Filesize

          1.0MB

          MD5

          78b5d9e0c04c00a62c928519e56fdfbd

          SHA1

          b1b2e99f3ea37b8b95cb683610bfacea0b9b7ea0

          SHA256

          460b764bf10b6bc77469dbc5661c0f4035f22471e92f9b7d12f6cf0c03e4e078

          SHA512

          39acc11b95e4654a0da0f3b96c497755e0ccb5a0a1e620c77023a1bcbd5457535cd626483bc3e63b09ee0cc15e873a953e3a051e8d6bf2567ab42c4a117edb95

          Download Submit

        • memory/1732-138-0x0000000002F10000-0x000000000301B000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/1732-139-0x0000000002F10000-0x000000000301B000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/1732-141-0x0000000001140000-0x0000000001146000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1732-142-0x0000000003340000-0x0000000003427000-memory.dmp

          Filesize

          924KB

          Download

        • memory/1732-143-0x0000000003430000-0x00000000034FF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/1732-146-0x0000000003430000-0x00000000034FF000-memory.dmp

          Filesize

          828KB

          Download

        • memory/1732-147-0x0000000003430000-0x00000000034FF000-memory.dmp

          Filesize

          828KB

          Download