Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    123s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 03:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1299d39a7897c363808c8b8a2737ad31f77b912b4fa5adafd9fd88c8184d8436.exe

  • Size

    2.8MB

  • MD5

    6a1e10e1ab33d3b7a48eadcc36c365b5

  • SHA1

    c4e584e1ffb3ee89b230c6596625de8561b1cbf6

  • SHA256

    1299d39a7897c363808c8b8a2737ad31f77b912b4fa5adafd9fd88c8184d8436

  • SHA512

    4079185d0b1e9ab9bddca7bc74fe4ecf2c4fa136dd3bb211b181e59cef60db0ef13468430388541fb7b1d3a7f67a290b735b420d77a4d2f92fb0014f9da5c342

  • SSDEEP

    49152:cYJZxMrRnXjfvgUnsSbuWYik5IjJgFSurqtk+apUB/a4EtNPOyoIW5UGRH9X5Ne:cYJZWrRXjfvmS9j4PAapOGOjU+Ne

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1299d39a7897c363808c8b8a2737ad31f77b912b4fa5adafd9fd88c8184d8436.exe
    "C:\Users\Admin\AppData\Local\Temp\1299d39a7897c363808c8b8a2737ad31f77b912b4fa5adafd9fd88c8184d8436.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1264
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7z876014F0\zkaDj.BAt" "
      2⤵
      • Checks computer location settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3416
      • C:\Windows\SysWOW64\control.exe
        "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\7z876014F0\Gc.cpl",
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2632
        • C:\Windows\SysWOW64\rundll32.exe
          "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7z876014F0\Gc.cpl",
          4⤵
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:1784
          • C:\Windows\system32\RunDll32.exe
            C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7z876014F0\Gc.cpl",
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:3948
            • C:\Windows\SysWOW64\rundll32.exe
              "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7z876014F0\Gc.cpl",
              6⤵
              • Loads dropped DLL
              PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7z876014F0\Gc.cpl
    Filesize

    3.2MB

    MD5

    16187a26a6d345fe49e1723137b021bc

    SHA1

    6d613acf0ca9134380c0a57dff0563acbb2a0abd

    SHA256

    0453a192693e278cfb92cda59ae1711b06cc55de319911b05c8191ebfc4be154

    SHA512

    f2aa54ace51e74d48d602f7acb24024957bc5731c272862f308aa16e4bbf5336d2b36151b0b86bb52170123d120bacaf9fea5c9b1f2d72505799856c3ae224e2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7z876014F0\zkaDj.BAt
    Filesize

    49B

    MD5

    f6edd94cf09c230158ae427a2cd12f35

    SHA1

    58daee2dc3fbc0ea048b529e55b7c104cdc928f6

    SHA256

    ac09771515df0fe43a8a7a42574f3db41a07e9cd669798d283a4193c5d4140e2

    SHA512

    06d33b1de92c6936c231bcb5a41565863db924ca768d886044c4ca15ae6dfe3218308f32b22a2f0181bc28bbd90789e47504127cf1f6560434ac2937a3ce8ed4

    Download Submit

  • memory/1784-16-0x0000000002960000-0x0000000002A77000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1784-9-0x0000000010000000-0x0000000010332000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1784-12-0x0000000002820000-0x0000000002956000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1784-13-0x0000000002960000-0x0000000002A77000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1784-10-0x0000000000850000-0x0000000000856000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1784-17-0x0000000002960000-0x0000000002A77000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3040-19-0x0000000001590000-0x0000000001596000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3040-22-0x00000000036C0000-0x00000000037F6000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3040-23-0x0000000003800000-0x0000000003917000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3040-26-0x0000000003800000-0x0000000003917000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3040-27-0x0000000003800000-0x0000000003917000-memory.dmp

    Filesize

    1.1MB

    Download