Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    97s
  • max time network
    103s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30/08/2023, 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    611458b0884686eab54298c7e82e23daaad3a93482def2f42d8d259004e95774.exe

  • Size

    12.7MB

  • MD5

    60255ef7d90a35361e5fe2f5d5514734

  • SHA1

    bef1b9033a5e8665da849fb64285601e9da82966

  • SHA256

    611458b0884686eab54298c7e82e23daaad3a93482def2f42d8d259004e95774

  • SHA512

    9fc5b5f22d1ace55d8eaf5a3a2b71c771b56d99f057aea5557f648b4063772b999187819ab58883e86933e5cf9d44aa6b59ffddc312686b15a6b477edfe029d5

  • SSDEEP

    49152:rlCm9habSnsmzuiuJtiks5bTJguq+Z0A19OO31Fb/n0EZOL/JGm/8sID0n1EY1eT:RrCliIid5nb/n5AM4mD01huEDmlvRrd

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\611458b0884686eab54298c7e82e23daaad3a93482def2f42d8d259004e95774.exe
    "C:\Users\Admin\AppData\Local\Temp\611458b0884686eab54298c7e82e23daaad3a93482def2f42d8d259004e95774.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3984
    • C:\Program Files\7-Zip\7z.exe
      "C:\Program Files\7-Zip\7z.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:376
      • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
        C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
        3⤵
        • Executes dropped EXE
        PID:4912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    673.3MB

    MD5

    766c9fb312b18cbc311d58069a78b613

    SHA1

    aa70486da036f699de654cf181b760391cb52b80

    SHA256

    818369abf27bdef22bc3a9e0d7b9c77f5743c449f7ae186e523988f736464b39

    SHA512

    2ef66b6bac7cfe33a8a004cb69cff803e859ece2003449d59c64c4970b56f9a391fd04a3627592f8c897d47768447898f24ef6fca336541f8088f01002bb70f9

    Download Submit

  • memory/376-2-0x00000165D8090000-0x00000165D84F9000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/376-5-0x00000165D8090000-0x00000165D84F9000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/376-7-0x00000165D8090000-0x00000165D84F9000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/376-8-0x00000165D8090000-0x00000165D84F9000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/376-9-0x00000165D8090000-0x00000165D84F9000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/376-10-0x00000165D8090000-0x00000165D84F9000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/376-11-0x00000165D8090000-0x00000165D84F9000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/376-13-0x00000165D8090000-0x00000165D84F9000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/376-15-0x00000165D8090000-0x00000165D84F9000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3984-6-0x00007FF702650000-0x00007FF703377000-memory.dmp

    Filesize

    13.2MB

    Download