Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows10-1703_x64
  • resource
    win10-20231020-en
  • resource tags

    arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/11/2023, 12:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0d873ed56f2349a5376a64def6871174da51b3823f82eeae1cb33384ed73a3b1.exe

  • Size

    5.6MB

  • MD5

    f75e9da2c82a953ee967f6345c131222

  • SHA1

    22d3fcaff73227a2bcee7f0d90da208fa3239754

  • SHA256

    0d873ed56f2349a5376a64def6871174da51b3823f82eeae1cb33384ed73a3b1

  • SHA512

    5d89bd1e3422bedc3a5b2f7f7fcb6d43c7cd6f10307fb07256d7a9804a24a251f3e1680445b2576222ef53a9e54ea558500b765e974c5855e144b9179cd99e61

  • SSDEEP

    98304:odLMskdar5pAyer48E7mGs4rhmt0djoq1y4HgksEmaYJGN1H//SFlM2PXNpUuq11:oGspAyNH7mGs4k+jl13eaYCHMPUuqE7e

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 34 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d873ed56f2349a5376a64def6871174da51b3823f82eeae1cb33384ed73a3b1.exe
    "C:\Users\Admin\AppData\Local\Temp\0d873ed56f2349a5376a64def6871174da51b3823f82eeae1cb33384ed73a3b1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4516
    • C:\Users\Admin\AppData\Local\Temp\is-17062.tmp\is-3T3RU.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-17062.tmp\is-3T3RU.tmp" /SL4 $8021C "C:\Users\Admin\AppData\Local\Temp\0d873ed56f2349a5376a64def6871174da51b3823f82eeae1cb33384ed73a3b1.exe" 5511751 79360
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:772
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 3
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:668
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 helpmsg 3
          4⤵
            PID:3508
        • C:\Program Files (x86)\ABuster\ABuster.exe
          "C:\Program Files (x86)\ABuster\ABuster.exe" -i
          3⤵
          • Executes dropped EXE
          PID:1076
        • C:\Program Files (x86)\ABuster\ABuster.exe
          "C:\Program Files (x86)\ABuster\ABuster.exe" -s
          3⤵
          • Executes dropped EXE
          PID:4408

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\ABuster\ABuster.exe
            Filesize

            3.8MB

            MD5

            1345f03a935da4ff1df5956ef99046fa

            SHA1

            207b46527929c26399d7e999cc7fbb0f88a19cef

            SHA256

            eadb9e5bb4b1af014ebd89bc01e65c14acc86962476328c04b8aa9ce1305c83e

            SHA512

            e306ceda5b5b7f856bbb99aaa46671862e01e71999ac5237db860a7129f81734d505da61710c49b3345327d61973fa7f2f83f72499c1cd44e4e5a2b7e1cb42d1

            Download Submit

          • C:\Program Files (x86)\ABuster\ABuster.exe
            Filesize

            3.8MB

            MD5

            1345f03a935da4ff1df5956ef99046fa

            SHA1

            207b46527929c26399d7e999cc7fbb0f88a19cef

            SHA256

            eadb9e5bb4b1af014ebd89bc01e65c14acc86962476328c04b8aa9ce1305c83e

            SHA512

            e306ceda5b5b7f856bbb99aaa46671862e01e71999ac5237db860a7129f81734d505da61710c49b3345327d61973fa7f2f83f72499c1cd44e4e5a2b7e1cb42d1

            Download Submit

          • C:\Program Files (x86)\ABuster\ABuster.exe
            Filesize

            3.8MB

            MD5

            1345f03a935da4ff1df5956ef99046fa

            SHA1

            207b46527929c26399d7e999cc7fbb0f88a19cef

            SHA256

            eadb9e5bb4b1af014ebd89bc01e65c14acc86962476328c04b8aa9ce1305c83e

            SHA512

            e306ceda5b5b7f856bbb99aaa46671862e01e71999ac5237db860a7129f81734d505da61710c49b3345327d61973fa7f2f83f72499c1cd44e4e5a2b7e1cb42d1

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-17062.tmp\is-3T3RU.tmp
            Filesize

            643KB

            MD5

            a991510c12f20ccf8a5231a32a7958c3

            SHA1

            122724d1a4fdea39af3aa427e4941158d7e91dfa

            SHA256

            0c3ab280e156e9ff6a325267bc5d721f71dcb12490a53a03a033d932272f9198

            SHA512

            8f387a6189f6fa51f84004706589ed1706dfd08dfc38c1f8ce3ce010f37efac085fd241396ab69bc25c86174a4637492163bf3cb26f88639551dc9fa0c52eafa

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-17062.tmp\is-3T3RU.tmp
            Filesize

            643KB

            MD5

            a991510c12f20ccf8a5231a32a7958c3

            SHA1

            122724d1a4fdea39af3aa427e4941158d7e91dfa

            SHA256

            0c3ab280e156e9ff6a325267bc5d721f71dcb12490a53a03a033d932272f9198

            SHA512

            8f387a6189f6fa51f84004706589ed1706dfd08dfc38c1f8ce3ce010f37efac085fd241396ab69bc25c86174a4637492163bf3cb26f88639551dc9fa0c52eafa

            Download Submit

          • \Users\Admin\AppData\Local\Temp\is-RGKSM.tmp\_iscrypt.dll
            Filesize

            2KB

            MD5

            a69559718ab506675e907fe49deb71e9

            SHA1

            bc8f404ffdb1960b50c12ff9413c893b56f2e36f

            SHA256

            2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

            SHA512

            e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

            Download Submit

          • \Users\Admin\AppData\Local\Temp\is-RGKSM.tmp\_isdecmp.dll
            Filesize

            13KB

            MD5

            a813d18268affd4763dde940246dc7e5

            SHA1

            c7366e1fd925c17cc6068001bd38eaef5b42852f

            SHA256

            e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

            SHA512

            b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

            Download Submit

          • \Users\Admin\AppData\Local\Temp\is-RGKSM.tmp\_isdecmp.dll
            Filesize

            13KB

            MD5

            a813d18268affd4763dde940246dc7e5

            SHA1

            c7366e1fd925c17cc6068001bd38eaef5b42852f

            SHA256

            e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

            SHA512

            b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

            Download Submit

          • memory/772-98-0x00000000001F0000-0x00000000001F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/772-7-0x00000000001F0000-0x00000000001F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/772-100-0x0000000000400000-0x00000000004CF000-memory.dmp

            Filesize

            828KB

            Download

          • memory/1076-88-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/1076-90-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/1076-93-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/1076-92-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-101-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-119-0x00000000008C0000-0x000000000096D000-memory.dmp

            Filesize

            692KB

            Download

          • memory/4408-96-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-148-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-102-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-105-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-108-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-111-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-114-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-118-0x00000000008C0000-0x000000000096D000-memory.dmp

            Filesize

            692KB

            Download

          • memory/4408-117-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-145-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-123-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-124-0x00000000008C0000-0x000000000096D000-memory.dmp

            Filesize

            692KB

            Download

          • memory/4408-127-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-130-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-133-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-136-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-139-0x0000000000400000-0x00000000007CD000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4408-140-0x00000000008C0000-0x000000000096D000-memory.dmp

            Filesize

            692KB

            Download

          • memory/4408-141-0x00000000008C0000-0x000000000096D000-memory.dmp

            Filesize

            692KB

            Download

          • memory/4516-97-0x0000000000400000-0x000000000041A000-memory.dmp

            Filesize

            104KB

            Download

          • memory/4516-1-0x0000000000400000-0x000000000041A000-memory.dmp

            Filesize

            104KB

            Download