Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    53s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-12-2023 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    091afd2f0050b1b7e6130d6fe6dda5a16f43e8641b0778283c667e6de46f5d45.exe

  • Size

    6.9MB

  • MD5

    454d43078497315cb0002f10f8659b9a

  • SHA1

    229f57f28e3645996cb7da39b26e7bb5599432be

  • SHA256

    091afd2f0050b1b7e6130d6fe6dda5a16f43e8641b0778283c667e6de46f5d45

  • SHA512

    08a2542b517832ab42834ae3e60d02720cccf8cbf7a2d86aa13ad25499bd85aa59e0c9b5738bb7a121605ebf71b96211470a13eb2570aeb7b6128855dcd53254

  • SSDEEP

    196608:xyD4UUAnfcrSuleVp+jatZRGrrC/sF5wvACzj:U4Uvfc2RGatZcXF5uzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\091afd2f0050b1b7e6130d6fe6dda5a16f43e8641b0778283c667e6de46f5d45.exe
    "C:\Users\Admin\AppData\Local\Temp\091afd2f0050b1b7e6130d6fe6dda5a16f43e8641b0778283c667e6de46f5d45.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Users\Admin\AppData\Local\Temp\is-AN4LJ.tmp\091afd2f0050b1b7e6130d6fe6dda5a16f43e8641b0778283c667e6de46f5d45.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-AN4LJ.tmp\091afd2f0050b1b7e6130d6fe6dda5a16f43e8641b0778283c667e6de46f5d45.tmp" /SL5="$501E8,6986290,68096,C:\Users\Admin\AppData\Local\Temp\091afd2f0050b1b7e6130d6fe6dda5a16f43e8641b0778283c667e6de46f5d45.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4500
      • C:\Program Files (x86)\WMAFormat\wmaformat.exe
        "C:\Program Files (x86)\WMAFormat\wmaformat.exe" -i
        3⤵
        • Executes dropped EXE
        PID:3872
      • C:\Program Files (x86)\WMAFormat\wmaformat.exe
        "C:\Program Files (x86)\WMAFormat\wmaformat.exe" -s
        3⤵
        • Executes dropped EXE
        PID:4192
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 11
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:408
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:4568
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 11
      1⤵
        PID:1424

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\WMAFormat\wmaformat.exe
        Filesize

        34KB

        MD5

        543d525e10b0a7d0d93d1a6ef81f3e14

        SHA1

        44c2626efb2d9b3eb510673a64fa542fb7adf35f

        SHA256

        ff11d3eee3aa41807ecbbd7747168ea95d2b33adae776800242629863e020814

        SHA512

        d6a1c09dd4ce0a58243bb08d96a9aa73777713e162842864967f6ac92d699f5c562c80bbfd2d446bb6c415038b896d03f5da70008fa99cdfff7b594bff261851

        Download Submit

      • C:\Program Files (x86)\WMAFormat\wmaformat.exe
        Filesize

        61KB

        MD5

        8e144e7beb86973eeba0ca147b91f58a

        SHA1

        03557e33944b26410c4e9b3dc7f628404d3bd7a6

        SHA256

        f8e129bf7f68f3f1bf0f69345c699583f17f337770f05735be11ed67fb576713

        SHA512

        98f19e1d3df7bc75d255b2683c24599f4ae5135d022f64f3a65eecc1608a07078d6af3e9c3e4e62438af99633c92c41dc4cbdd04ff3e21c67822325c721ae9e2

        Download Submit

      • C:\Program Files (x86)\WMAFormat\wmaformat.exe
        Filesize

        30KB

        MD5

        1381480d027940b03a447bb77a9d8a55

        SHA1

        48f5af68fceba488f17d98a49bd9b2068ad3c855

        SHA256

        053e981c3d8f6fc0ecc8013636ec1b94a04d0982195cac0dd6f7cb0c77f60fc9

        SHA512

        4dce98d54c722c40172170c8c72b82f073d4074b4defaf5bca82c592c900e5ad0f181dceaf2a365a08699fa671b06ccd77232c60e29914d85863ab3dc8fc82a9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-AN4LJ.tmp\091afd2f0050b1b7e6130d6fe6dda5a16f43e8641b0778283c667e6de46f5d45.tmp
        Filesize

        135KB

        MD5

        b08a2af7462374c7c0d2e866c798e947

        SHA1

        f4537383de78478af47e42cabd3dd0bafb666174

        SHA256

        21249440b67007f21745b0b5e38cdb706f58279d12521e7d458445a60c9d4429

        SHA512

        9c02a35d9663f3a784d5a7c96b8cc6804488b2dae47de44cb1b1cc62683fff6a2feeba8b04cd7e5662115a110fca75c6eb1db7c64754a23acc1aff9b888ea45b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-AN4LJ.tmp\091afd2f0050b1b7e6130d6fe6dda5a16f43e8641b0778283c667e6de46f5d45.tmp
        Filesize

        164KB

        MD5

        3e32ff5b8a71062d7adf89f168859427

        SHA1

        2da52e4a3a2d0f171ad019a83265f8faaf57ec89

        SHA256

        845f963e593551d599a5137517390c4c6f8624f0fb7d5380f4e76e62ac500e54

        SHA512

        60f3adcfb2ca507b56ff6e1a7659f12bbc06d830c863243349a4419dd721416eadc1627ce17492ec5ea5d30daa90fe6529754b7ae004c867527ff46b496fa51c

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-P1GP7.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-P1GP7.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/2688-0-0x0000000000400000-0x0000000000418000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2688-160-0x0000000000400000-0x0000000000418000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2688-2-0x0000000000400000-0x0000000000418000-memory.dmp

        Filesize

        96KB

        Download

      • memory/3872-151-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3872-154-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3872-155-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3872-152-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-162-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-177-0x00000000008C0000-0x000000000095E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/4192-209-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-157-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-206-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-203-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-166-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-167-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-170-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-173-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-176-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-159-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-183-0x00000000008C0000-0x000000000095E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/4192-182-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-186-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-189-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-190-0x00000000008C0000-0x000000000095E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/4192-193-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-196-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4192-199-0x0000000000400000-0x00000000005CF000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4500-163-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4500-10-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4500-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download