Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

dridex

windows10-1703-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    134s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/05/2023, 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df91f09bb69f751c9adfe0f7cdf37200e0867b1e23e053c782298335b1260825.exe

  • Size

    3.3MB

  • MD5

    109b1fc3db19488a6569f6d817de86e4

  • SHA1

    d7b9e47af0324f27af49f252b63cd97f93d08454

  • SHA256

    df91f09bb69f751c9adfe0f7cdf37200e0867b1e23e053c782298335b1260825

  • SHA512

    48e8d636dfe8832d69b996e4794cc5d58c04596ff15bc95364ee5881ccde2e000ea1c82db60a7f6df13b31c5385f516ad847eb7bb1d542562ead65d213874b57

  • SSDEEP

    98304:1Lxn0mUyL1zbLFPlF4yGDnoeNSE6dPu+Ls/jCwVMaV2:1LxGyL1Z4yG9N0dPu+Ls75

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 17 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df91f09bb69f751c9adfe0f7cdf37200e0867b1e23e053c782298335b1260825.exe
    "C:\Users\Admin\AppData\Local\Temp\df91f09bb69f751c9adfe0f7cdf37200e0867b1e23e053c782298335b1260825.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Users\Admin\AppData\Local\Temp\df91f09bb69f751c9adfe0f7cdf37200e0867b1e23e053c782298335b1260825.exe
      "C:\Users\Admin\AppData\Local\Temp\df91f09bb69f751c9adfe0f7cdf37200e0867b1e23e053c782298335b1260825.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2548
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Wyhfteohi.dll,start
        3⤵
        • Blocklisted process makes network request
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2992
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:3676
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:3864
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:4848
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:3276
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:5016
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:5076
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:1584
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:1428
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:4140
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:2616
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:2472
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:4088
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:4716
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:2904
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:3444
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          PID:4400
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 23994
          4⤵
            PID:4124
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3040

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
        Filesize

        403KB

        MD5

        b4d3016a1cccde90a62b685149c832f9

        SHA1

        5d6c4ba3474e6544bd24343da564e90bba89f6f7

        SHA256

        df6afa046a72bb55e8984cf9e2870dc62112e4b81d4fef5a94c98e1c4386e373

        SHA512

        abf5e15b40fa03eb9390854199b9feaf0132aac756c5f07d45c81f58c8b4d909833a996a19ccfef7abb905ddb9206591b1eda49a4674bc75a7c5a9c6372590e7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Wyhfteohi.dll
        Filesize

        3.2MB

        MD5

        eba1abe008f5b2ce26c183b21d061070

        SHA1

        ac80dc6b95b5f13dccc1db2c8cc6631da0faffe5

        SHA256

        3a05745d8b3f45f097fd62ad20244e646d6b2a98aac797e2d862006b82fa43f1

        SHA512

        9561ce5f9d22f8f66c527ec09b5db006a5bd382add49f2ed38574cbbd956f1079d05e0823936250b59bf0bd590461f4612c4ff841e91d4fdf047af308592d2da

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Wyhfteohi.dll
        Filesize

        3.2MB

        MD5

        eba1abe008f5b2ce26c183b21d061070

        SHA1

        ac80dc6b95b5f13dccc1db2c8cc6631da0faffe5

        SHA256

        3a05745d8b3f45f097fd62ad20244e646d6b2a98aac797e2d862006b82fa43f1

        SHA512

        9561ce5f9d22f8f66c527ec09b5db006a5bd382add49f2ed38574cbbd956f1079d05e0823936250b59bf0bd590461f4612c4ff841e91d4fdf047af308592d2da

        Download Submit

      • memory/1428-345-0x000001A8ACF10000-0x000001A8AD1BB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1428-350-0x000001A8ACF10000-0x000001A8AD1BB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1584-323-0x00000205AAAC0000-0x00000205AAD6B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1584-327-0x00000205AAAC0000-0x00000205AAD6B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2408-122-0x0000000002A60000-0x0000000002F72000-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/2472-418-0x0000029DF2260000-0x0000029DF250B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2472-414-0x0000029DF2260000-0x0000029DF250B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2548-126-0x0000000000400000-0x000000000091E000-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/2548-128-0x0000000000400000-0x000000000091E000-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/2548-125-0x0000000000400000-0x000000000091E000-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/2548-124-0x0000000000400000-0x000000000091E000-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/2548-123-0x0000000000400000-0x000000000091E000-memory.dmp

        Filesize

        5.1MB

        Download

      • memory/2616-396-0x000001A0643E0000-0x000001A06468B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2616-390-0x000001A0643E0000-0x000001A06468B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2904-487-0x000001D2A7D90000-0x000001D2A803B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2904-483-0x000001D2A7D90000-0x000001D2A803B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2992-198-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-216-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-172-0x00000000035C0000-0x00000000035C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2992-173-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-175-0x0000000000400000-0x000000000073B000-memory.dmp

        Filesize

        3.2MB

        Download

      • memory/2992-132-0x0000000000750000-0x0000000000751000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2992-174-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-176-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-137-0x0000000000400000-0x000000000073B000-memory.dmp

        Filesize

        3.2MB

        Download

      • memory/2992-146-0x0000000000400000-0x000000000073B000-memory.dmp

        Filesize

        3.2MB

        Download

      • memory/2992-147-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-148-0x0000000006920000-0x0000000006921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2992-149-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-150-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-159-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-189-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-191-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-192-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-195-0x0000000000400000-0x000000000073B000-memory.dmp

        Filesize

        3.2MB

        Download

      • memory/2992-194-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-196-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-197-0x00000000035D0000-0x00000000035D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2992-169-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-199-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-201-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-160-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-162-0x00000000055C0000-0x00000000055C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2992-161-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-163-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-164-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-165-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-168-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-167-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-212-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-215-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-171-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2992-217-0x0000000005C00000-0x0000000006744000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/2992-219-0x00000000067D0000-0x0000000006910000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3276-253-0x0000019B5D2D0000-0x0000019B5D57B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3276-258-0x0000019B5D2D0000-0x0000019B5D57B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3444-510-0x0000028F1C8C0000-0x0000028F1CB6B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3444-505-0x0000028F1C8C0000-0x0000028F1CB6B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3676-187-0x000001BF0C940000-0x000001BF0CBEB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3676-178-0x00000000005F0000-0x0000000000889000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3676-181-0x000001BF0C940000-0x000001BF0CBEB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3676-182-0x000001BF0E390000-0x000001BF0E4D0000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3676-180-0x00007FF82D400000-0x00007FF82D401000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3676-183-0x000001BF0E390000-0x000001BF0E4D0000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3676-184-0x000001BF0C940000-0x000001BF0CBEB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3676-185-0x000001BF0C940000-0x000001BF0CBEB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3864-208-0x0000021886B50000-0x0000021886DFB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3864-211-0x0000021886B50000-0x0000021886DFB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3864-203-0x00007FF82D400000-0x00007FF82D401000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3864-205-0x0000021886B50000-0x0000021886DFB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3864-206-0x00000218885A0000-0x00000218886E0000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3864-207-0x0000021886B50000-0x0000021886DFB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3864-204-0x00000218885A0000-0x00000218886E0000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/4088-437-0x000001CE02680000-0x000001CE0292B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4088-441-0x000001CE02680000-0x000001CE0292B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4140-368-0x0000022A35A50000-0x0000022A35CFB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4140-372-0x0000022A35A50000-0x0000022A35CFB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4400-533-0x00000249324C0000-0x000002493276B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4400-529-0x00000249324C0000-0x000002493276B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4716-459-0x000001546EED0000-0x000001546F17B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4716-464-0x000001546EED0000-0x000001546F17B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4848-234-0x000001E66EEA0000-0x000001E66F14B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/4848-228-0x000001E66EEA0000-0x000001E66F14B000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/5016-281-0x000002969B900000-0x000002969BBAB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/5016-276-0x000002969B900000-0x000002969BBAB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/5076-299-0x000001B863900000-0x000001B863BAB000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/5076-304-0x000001B863900000-0x000001B863BAB000-memory.dmp

        Filesize

        2.7MB

        Download