Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    158s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-12-2023 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8fe80b4684d70e8abb8354466c968344f4c61999fa95b450b560327bdad71f2.exe

  • Size

    7.5MB

  • MD5

    1c980e126da7b885b963e83b532e2fa2

  • SHA1

    cfc4afc6aa0401d9d4ce728f53eef48e32865610

  • SHA256

    b8fe80b4684d70e8abb8354466c968344f4c61999fa95b450b560327bdad71f2

  • SHA512

    fa50f7d35138ddd9aee985c7a8ff0cbf1c0218bae30f0d1c073f0b3baaa953493bde24f07ed6dda8c61748a380a3065fd6f7842e7d83813d7d532e51bbe34543

  • SSDEEP

    196608:upVDDR8SZqepbLqwjKpDf/NIpEpDqfBrT0/WViLFfzj:upVBtvpbL/+vVYBrTTefzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8fe80b4684d70e8abb8354466c968344f4c61999fa95b450b560327bdad71f2.exe
    "C:\Users\Admin\AppData\Local\Temp\b8fe80b4684d70e8abb8354466c968344f4c61999fa95b450b560327bdad71f2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Users\Admin\AppData\Local\Temp\is-NJLTJ.tmp\b8fe80b4684d70e8abb8354466c968344f4c61999fa95b450b560327bdad71f2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-NJLTJ.tmp\b8fe80b4684d70e8abb8354466c968344f4c61999fa95b450b560327bdad71f2.tmp" /SL5="$90062,7565670,68096,C:\Users\Admin\AppData\Local\Temp\b8fe80b4684d70e8abb8354466c968344f4c61999fa95b450b560327bdad71f2.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4656
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:4872
        • C:\Program Files (x86)\PlayGIF\gifplayer.exe
          "C:\Program Files (x86)\PlayGIF\gifplayer.exe" -i
          3⤵
          • Executes dropped EXE
          PID:1052
        • C:\Program Files (x86)\PlayGIF\gifplayer.exe
          "C:\Program Files (x86)\PlayGIF\gifplayer.exe" -s
          3⤵
          • Executes dropped EXE
          PID:3940
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 11
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3748
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 helpmsg 11
            4⤵
              PID:5020

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\PlayGIF\gifplayer.exe
        Filesize

        990KB

        MD5

        463a25d53692d7f139dda5433df72d35

        SHA1

        16c5f3e684b363824cf4a76d145b73abe891a658

        SHA256

        f9fcfe65254e6248c81ac062224223fd467c2c5eacc357559276c94b782718a5

        SHA512

        1ecb900892bce0417f8d47fb7a0a1120f59943a897c186b024d42dae3067c14d31085d6afa7360e6690466868c61986f8c5975130a5033d55ca1372addc39dc9

        Download Submit

      • C:\Program Files (x86)\PlayGIF\gifplayer.exe
        Filesize

        1.3MB

        MD5

        a31cd38bd19a157729ac861ebd2511c7

        SHA1

        8c1a646e22a97db9bfa15c3c1f95e9396d767832

        SHA256

        6d77b7251809ef62801ced0902466be0eb11dc8701fa7d9ec8736f38ecbd5fcb

        SHA512

        f3d3b345abbc111efa935c51f09cf423c768a88eea10293db71432dc01f83928e5e0471d9a45929b084daace13974061cb40abf90b7faf46bba5c0ec22e9b78e

        Download Submit

      • C:\Program Files (x86)\PlayGIF\gifplayer.exe
        Filesize

        543KB

        MD5

        50dbbfb57f25478957b77c1c0d40093b

        SHA1

        bcb9b344fa720bcfbde7ee634dd36fcf60f30ec9

        SHA256

        a7ec7515727061fbbb3d6d9a6d5098a1fd1020822dca6ea7d590fb3a8287ee4b

        SHA512

        7c73637ee515fdc8a172b736ae08ffb0fc3cf3b7b57e3a984167fa1146f9b0fcaf0d00aa1be16736458abc23197d26f1f7a807a47905f3e57c8b534fa896ae03

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-1VEO8.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-1VEO8.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-NJLTJ.tmp\b8fe80b4684d70e8abb8354466c968344f4c61999fa95b450b560327bdad71f2.tmp
        Filesize

        687KB

        MD5

        f448d7f4b76e5c9c3a4eaff16a8b9b73

        SHA1

        31808f1ffa84c954376975b7cdb0007e6b762488

        SHA256

        7233b85eb0f8b3aa5cae3811d727aa8742fec4d1091c120a0fe15006f424cc49

        SHA512

        f8197458cd2764c0b852dac34f9bf361110a7dc86903024a97c7bcd3f77b148342bf45e3c2b60f6af8198ae3b83938dbaad5e007d71a0f88006f3a0618cf36f4

        Download Submit

      • memory/1052-152-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/1052-153-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/1052-156-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/1052-155-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/2300-1-0x0000000000400000-0x0000000000418000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2300-151-0x0000000000400000-0x0000000000418000-memory.dmp

        Filesize

        96KB

        Download

      • memory/3940-167-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-193-0x0000000000890000-0x000000000092E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/3940-160-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-209-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-163-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-205-0x0000000000890000-0x000000000092E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/3940-204-0x0000000000890000-0x000000000092E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/3940-168-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-171-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-174-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-177-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-180-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-182-0x0000000000890000-0x000000000092E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/3940-181-0x0000000000890000-0x000000000092E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/3940-187-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-190-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-159-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-194-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-197-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-200-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3940-203-0x0000000000400000-0x0000000000666000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/4656-12-0x0000000002240000-0x0000000002241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4656-164-0x0000000002240000-0x0000000002241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4656-162-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download