Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2023, 14:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34528a9f5d25a1592b4d54c6efad71192714d99350c6f64384d49e93e30ec22d.exe

  • Size

    100KB

  • MD5

    fd329bbf7a3e9c53800e1a4a40a6e499

  • SHA1

    6b2028412217ac0244bb8057ec79f04e205d3149

  • SHA256

    34528a9f5d25a1592b4d54c6efad71192714d99350c6f64384d49e93e30ec22d

  • SHA512

    75f9c65701eab8cddff294218ce874d8d564893784eab8ce7393b62aadded6bb332603767a80be4b5a54ce3d6e79eccdc3a38b3b0caadab078f0e54ae1003317

  • SSDEEP

    1536:mp6kFya9c7Ok/YNQPq2gB75eGF5S8jyXX9di2YTHLYjzDm:eVBQPqb15S8jyHxYTHcj/

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34528a9f5d25a1592b4d54c6efad71192714d99350c6f64384d49e93e30ec22d.exe
    "C:\Users\Admin\AppData\Local\Temp\34528a9f5d25a1592b4d54c6efad71192714d99350c6f64384d49e93e30ec22d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4004
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Modifies Windows Defender Real-time Protection settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:232
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 248
      2⤵
      • Program crash
      PID:3328
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4004 -ip 4004
    1⤵
      PID:4764

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/232-134-0x0000000000350000-0x000000000035A000-memory.dmp

      Filesize

      40KB

      Download