Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    105s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2023 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1182cc52236cb5c4094278f499996c0899c4afd2a26466d019d933f5396d605d.exe

  • Size

    7.0MB

  • MD5

    7348b1d9773ef7830953eac74eee2f27

  • SHA1

    0d2722c763d64574d2514634087a6541cc8e6970

  • SHA256

    1182cc52236cb5c4094278f499996c0899c4afd2a26466d019d933f5396d605d

  • SHA512

    4235d9fef605d639cbf584e4c33881e7303f8a2f82261e1d5113a6e46e7d1f0fc1aee440a20986811e94d7c7bb3b83141de4575f3400dd08c1aa0c49b1c03c69

  • SSDEEP

    98304:yNLf5vtsVQkuiW2EOb9gTLI5f+vvB5QxVuxSVkuAu5T/4qtNHOwejBetyEfe:atcKfFO5g3Ih+rPu5T/4eBLeFe/f

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1182cc52236cb5c4094278f499996c0899c4afd2a26466d019d933f5396d605d.exe
    "C:\Users\Admin\AppData\Local\Temp\1182cc52236cb5c4094278f499996c0899c4afd2a26466d019d933f5396d605d.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4040
    • C:\ProgramData\SoftwareDistributionMicrosoft-2D3D79.3.4.0\SoftwareDistributionMicrosoft-2D3D79.3.4.0.exe
      C:\ProgramData\SoftwareDistributionMicrosoft-2D3D79.3.4.0\SoftwareDistributionMicrosoft-2D3D79.3.4.0.exe
      2⤵
      • Executes dropped EXE
      PID:4916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\SoftwareDistributionMicrosoft-2D3D79.3.4.0\SoftwareDistributionMicrosoft-2D3D79.3.4.0.exe
    Filesize

    757.0MB

    MD5

    569adeb27596fdb2c993fa33e08db8b4

    SHA1

    7a001d630dc5a0385b608af52108128e4b8cf21d

    SHA256

    d45d2f76d8a6393c6b818675eb02b6aa463b2d4fad380b6119dad94f6bbfdd6b

    SHA512

    3a00fd00f99159e90c0cf732b7ba76fdae2aad250cb5c6dc013bdd87df3f3a6e7bcc529e3e8b0dc56072b599d7aeba7a69b668cd08c98d46b4b5fd6310f7d727

    Download Submit

  • C:\ProgramData\SoftwareDistributionMicrosoft-2D3D79.3.4.0\SoftwareDistributionMicrosoft-2D3D79.3.4.0.exe
    Filesize

    757.0MB

    MD5

    569adeb27596fdb2c993fa33e08db8b4

    SHA1

    7a001d630dc5a0385b608af52108128e4b8cf21d

    SHA256

    d45d2f76d8a6393c6b818675eb02b6aa463b2d4fad380b6119dad94f6bbfdd6b

    SHA512

    3a00fd00f99159e90c0cf732b7ba76fdae2aad250cb5c6dc013bdd87df3f3a6e7bcc529e3e8b0dc56072b599d7aeba7a69b668cd08c98d46b4b5fd6310f7d727

    Download Submit

  • memory/4040-133-0x00007FF64C720000-0x00007FF64CE22000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/4916-138-0x00007FF7C9700000-0x00007FF7C9E02000-memory.dmp

    Filesize

    7.0MB

    Download