Analysis
-
max time kernel
118s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-02-2024 09:35
General
-
Target
DREDGE [01008CD0172D6000][v0][US].nsp
-
Size
685.0MB
-
MD5
f9a59914573134b0d8e2059e3c3cb0f2
-
SHA1
84eab7ab6aa0a65fc25871c0ec5a84eacd9fbe85
-
SHA256
81386189c12ab8e1b33760a72c1026220f20108be3a5ef433b0bb68b07887c95
-
SHA512
00f5d2c12ba5dae6fbcae5ecc96c2fa9fcad576373663828aa5309d881215486008e3db4cba98196e0a4d162d432961d1f5965a0f23caf4ad2dea3a40351e5c3
-
SSDEEP
12582912:tL23LtqXfBTYDRVndbQVimy0mjPzXqAtUQLGyiHHaTNpiZgIBxObBS+XjS:tq3o5TYTdb2mjPmABGyIHaTNpidaBe
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\DREDGE [01008CD0172D6000][v0][US].nsp"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\DREDGE [01008CD0172D6000][v0][US].nsp2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\DREDGE [01008CD0172D6000][v0][US].nsp"3⤵
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5cba0e566014daa665d4cac8409fec3cf
SHA11d6fce2a5b533252d12663267d1a80518cdf1c84
SHA2569152fa804678d004cdab052f1b6737a266ef85bae0262834ea193dff4fd88e4d
SHA51252af6bbe4e09006a0f0b12ea5740930f8768bde1c42a121086dae8a8130d33166d718db54f632a05fdf898dde4ff394b489f4e102a1881f2680eacb0f8abce89