Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    495ecca21b5eb6def254d60d5f07a4904da0e1bdb1153b18c03e552eaa4eb5f7.exe

  • Size

    7.6MB

  • MD5

    8fc15ddbc69b7cae050923f50a1b0fa9

  • SHA1

    229e6a0e3eaea569892c5c76cb32a01cf389c2d4

  • SHA256

    495ecca21b5eb6def254d60d5f07a4904da0e1bdb1153b18c03e552eaa4eb5f7

  • SHA512

    d13228eb31072fd378061f9fa9fbfd04d6ab3c4790d17795182e56b8bd31dfec6a7539c49689213079a2f2d3f228677692debd3319514b6e1686c651905cfaef

  • SSDEEP

    196608:1nnY8NWvGpWTTlm0OxwW+nFnfZsMUdFt30Dzj:1nnY8NELTIrxwlxQWDzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\495ecca21b5eb6def254d60d5f07a4904da0e1bdb1153b18c03e552eaa4eb5f7.exe
    "C:\Users\Admin\AppData\Local\Temp\495ecca21b5eb6def254d60d5f07a4904da0e1bdb1153b18c03e552eaa4eb5f7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Users\Admin\AppData\Local\Temp\is-VUDR5.tmp\495ecca21b5eb6def254d60d5f07a4904da0e1bdb1153b18c03e552eaa4eb5f7.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-VUDR5.tmp\495ecca21b5eb6def254d60d5f07a4904da0e1bdb1153b18c03e552eaa4eb5f7.tmp" /SL5="$F022A,7715663,68096,C:\Users\Admin\AppData\Local\Temp\495ecca21b5eb6def254d60d5f07a4904da0e1bdb1153b18c03e552eaa4eb5f7.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3116
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:1612
        • C:\Program Files (x86)\PlayGIF\gifplayer.exe
          "C:\Program Files (x86)\PlayGIF\gifplayer.exe" -i
          3⤵
          • Executes dropped EXE
          PID:552
        • C:\Program Files (x86)\PlayGIF\gifplayer.exe
          "C:\Program Files (x86)\PlayGIF\gifplayer.exe" -s
          3⤵
          • Executes dropped EXE
          PID:3868
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 11
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:5004
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 helpmsg 11
            4⤵
              PID:756

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\PlayGIF\gifplayer.exe
        Filesize

        1.7MB

        MD5

        2df4a80ce4bb9162b9796907d30ec73c

        SHA1

        e6b6309e627c7be85e68417bb112f455a0b2544b

        SHA256

        82d122c202930b3d99eef95b603ffc4fe4aae7076719bc659840007e568c3e68

        SHA512

        51d4b57d4dff4d89420a526443c97df94b9c627155f1f01a346058b1af1146c3b82e461c0573c869420b37c3b253eb80be057f6734f138901feb5ccd75f2ff37

        Download Submit

      • C:\Program Files (x86)\PlayGIF\gifplayer.exe
        Filesize

        2.1MB

        MD5

        f605359deca796c54a628e259f703e0f

        SHA1

        d04d6ae60e20db138f5ddc85cbefc8c1988f1e27

        SHA256

        c448285240cee2240d535ddcdf1424972c07e615dd2ceab481c923bd42c5dc8f

        SHA512

        82de8058ccfffe11732b7e074ba50168f891537e9ff3b35d09e67a5f87dc81fd17cbf617240431f42574d96264d67b41b1f44059aec8fcbbb008324de3271489

        Download Submit

      • C:\Program Files (x86)\PlayGIF\gifplayer.exe
        Filesize

        259KB

        MD5

        b4342e5d3f619fb54cec2183a03483a9

        SHA1

        027d718e4e7866ab7ae503cd6cfa2655bfc7df9e

        SHA256

        75029590f3f6efa3b93977bded25b49ccef382702d9937dd0c3b6505af978c3a

        SHA512

        0331d6047a4c65024940f90f08ee4d800f4893dec3278bf87fe575cf78ae3658d22721d64a89ac8b1ae57d068f014c3056bb8b4250f237e2e68467af67466c81

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-R3UI0.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-R3UI0.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-VUDR5.tmp\495ecca21b5eb6def254d60d5f07a4904da0e1bdb1153b18c03e552eaa4eb5f7.tmp
        Filesize

        687KB

        MD5

        f448d7f4b76e5c9c3a4eaff16a8b9b73

        SHA1

        31808f1ffa84c954376975b7cdb0007e6b762488

        SHA256

        7233b85eb0f8b3aa5cae3811d727aa8742fec4d1091c120a0fe15006f424cc49

        SHA512

        f8197458cd2764c0b852dac34f9bf361110a7dc86903024a97c7bcd3f77b148342bf45e3c2b60f6af8198ae3b83938dbaad5e007d71a0f88006f3a0618cf36f4

        Download Submit

      • memory/552-151-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/552-152-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/552-155-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/552-154-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2504-0-0x0000000000400000-0x0000000000418000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2504-2-0x0000000000400000-0x0000000000418000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2504-159-0x0000000000400000-0x0000000000418000-memory.dmp

        Filesize

        96KB

        Download

      • memory/3116-7-0x0000000000720000-0x0000000000721000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3116-162-0x0000000000720000-0x0000000000721000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3116-160-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/3868-161-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-179-0x00000000007D0000-0x000000000086E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/3868-165-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-166-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-169-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-172-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-175-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-178-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-180-0x00000000007D0000-0x000000000086E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/3868-158-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-185-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-188-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-191-0x00000000007D0000-0x000000000086E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/3868-192-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-195-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-198-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-201-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-205-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3868-208-0x0000000000400000-0x000000000068F000-memory.dmp

        Filesize

        2.6MB

        Download