Overview

overview

10

Static

static

10

dridex

windows10_x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    14-10-2021 06:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40441144fe5d0b152a6817ab9e18852871acbffae36d8a3d7833a9eddee18e70.exe

  • Size

    113KB

  • MD5

    2ecd8ebf431a9f066a58ec9617359448

  • SHA1

    48b2430f05301b1438d9d98c422b4a580027f95c

  • SHA256

    40441144fe5d0b152a6817ab9e18852871acbffae36d8a3d7833a9eddee18e70

  • SHA512

    ec356b85095e5916a70d65c88533f41b8e12e57b3798a22f46ac8dc2b99267d264eaf946126be3cde46cbcfbcf5f4358c9d54738dcbd94d829dafe9c44f8f123

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40441144fe5d0b152a6817ab9e18852871acbffae36d8a3d7833a9eddee18e70.exe
    "C:\Users\Admin\AppData\Local\Temp\40441144fe5d0b152a6817ab9e18852871acbffae36d8a3d7833a9eddee18e70.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3592

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3592-115-0x0000000000150000-0x0000000000151000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-117-0x0000000004F60000-0x0000000004F61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-118-0x0000000004970000-0x0000000004971000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-119-0x0000000004AA0000-0x0000000004AA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-120-0x00000000049D0000-0x00000000049D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-121-0x0000000004A10000-0x0000000004A11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-122-0x0000000004950000-0x0000000004F56000-memory.dmp
    Filesize

    6.0MB

    Download
  • memory/3592-123-0x0000000005CE0000-0x0000000005CE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-124-0x00000000063E0000-0x00000000063E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-125-0x0000000005F70000-0x0000000005F71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-126-0x0000000006090000-0x0000000006091000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-127-0x0000000006E10000-0x0000000006E11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-128-0x0000000006250000-0x0000000006251000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-129-0x0000000006990000-0x0000000006991000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3592-130-0x0000000006B90000-0x0000000006B91000-memory.dmp
    Filesize

    4KB

    Download