Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Resubmissions

26/11/2023, 10:39

231126-mp763sgh7x 7

20/11/2023, 15:34

231120-szwhxshf9x 7

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2023, 15:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b87fd3c98383089618d2f66cbbecd2b0ed91db6923135235eb52a671f8dd7cb6.exe

  • Size

    2.3MB

  • MD5

    d56df2995b539368495f3300e48d8e18

  • SHA1

    8d2d02923afb5fb5e09ce1592104db17a3128246

  • SHA256

    b87fd3c98383089618d2f66cbbecd2b0ed91db6923135235eb52a671f8dd7cb6

  • SHA512

    2b25f9b2ff56abafcd8aa0a5fbae4ea78e9e95cec3d4cb832a7a3c5ec13af7d9ecf3ef26ec5c7144805868801aacb8de4113490c3bd665fda4e23ec05b9d8008

  • SSDEEP

    49152:5u2s5FXQ4EmojLjCRELVf7Avil+dHIsLp1thIikN+6u2hsC:5+zX71oDCRAZUviAHImDqia7hsC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b87fd3c98383089618d2f66cbbecd2b0ed91db6923135235eb52a671f8dd7cb6.exe
    "C:\Users\Admin\AppData\Local\Temp\b87fd3c98383089618d2f66cbbecd2b0ed91db6923135235eb52a671f8dd7cb6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\Broom.exe
      C:\Users\Admin\AppData\Local\Temp\Broom.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4120

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Broom.exe
          Filesize

          5.3MB

          MD5

          00e93456aa5bcf9f60f84b0c0760a212

          SHA1

          6096890893116e75bd46fea0b8c3921ceb33f57d

          SHA256

          ff3025f9cf19323c5972d14f00f01296d6d7a71547eca7e4016bfd0e1f27b504

          SHA512

          abd2be819c7d93bd6097155cf84eaf803e3133a7e0ca71f9d9cbc3c65e4e4a26415d2523a36adafdd19b0751e25ea1a99b8d060cad61cdfd1f79adf9cd4b4eca

          Download Submit

        • memory/4120-3-0x0000000000C90000-0x0000000000C91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4120-4-0x0000000000400000-0x0000000000965000-memory.dmp

          Filesize

          5.4MB

          Download

        • memory/4120-5-0x0000000000400000-0x0000000000965000-memory.dmp

          Filesize

          5.4MB

          Download

        • memory/4120-6-0x0000000000C90000-0x0000000000C91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4120-10-0x0000000000400000-0x0000000000965000-memory.dmp

          Filesize

          5.4MB

          Download

        • memory/4120-11-0x0000000000400000-0x0000000000965000-memory.dmp

          Filesize

          5.4MB

          Download