Overview

overview

7

Static

static

dridex

windows10-2004_x64

7

Analysis

  • max time kernel
    70s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49918eabc6909b8c8b28e66bebe9466dcce19ec026a67e10b5d4c19cb2021e86.exe

  • Size

    416KB

  • MD5

    93fb446fe69caafcfe3649b957db7fcc

  • SHA1

    983da9ecef17a8362f8b97f4d39f8aac46d0ea49

  • SHA256

    49918eabc6909b8c8b28e66bebe9466dcce19ec026a67e10b5d4c19cb2021e86

  • SHA512

    8869aff50a27a67c72af1aa098fe5f73a2ba36b6b51331fda2ebb4ecc434da80ad57eccdf3566c8941b4dbda7dee84c26d64b0f9b14cb33b8864ef8ea8dcd813

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49918eabc6909b8c8b28e66bebe9466dcce19ec026a67e10b5d4c19cb2021e86.exe
    "C:\Users\Admin\AppData\Local\Temp\49918eabc6909b8c8b28e66bebe9466dcce19ec026a67e10b5d4c19cb2021e86.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:996
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 1252
      2⤵
      • Program crash
      PID:4416
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 996 -ip 996
    1⤵
      PID:4944

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Credentials in Files

    2
    T1081

    Discovery

    Query Registry

    1
    T1012

    Lateral Movement

    Collection

    Data from Local System

    2
    T1005

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/996-130-0x0000000000602000-0x000000000062E000-memory.dmp
      Filesize

      176KB

      Download
    • memory/996-131-0x0000000002110000-0x000000000214A000-memory.dmp
      Filesize

      232KB

      Download
    • memory/996-132-0x0000000000400000-0x00000000004A9000-memory.dmp
      Filesize

      676KB

      Download
    • memory/996-133-0x0000000004CD0000-0x0000000005274000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/996-134-0x0000000005280000-0x0000000005898000-memory.dmp
      Filesize

      6.1MB

      Download
    • memory/996-135-0x0000000004B30000-0x0000000004B42000-memory.dmp
      Filesize

      72KB

      Download
    • memory/996-136-0x0000000004B50000-0x0000000004C5A000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/996-137-0x0000000004C80000-0x0000000004CBC000-memory.dmp
      Filesize

      240KB

      Download
    • memory/996-138-0x0000000005B70000-0x0000000005BD6000-memory.dmp
      Filesize

      408KB

      Download
    • memory/996-139-0x0000000006210000-0x00000000062A2000-memory.dmp
      Filesize

      584KB

      Download
    • memory/996-140-0x00000000062C0000-0x0000000006336000-memory.dmp
      Filesize

      472KB

      Download
    • memory/996-141-0x00000000063E0000-0x00000000063FE000-memory.dmp
      Filesize

      120KB

      Download
    • memory/996-142-0x0000000006720000-0x00000000068E2000-memory.dmp
      Filesize

      1.8MB

      Download
    • memory/996-143-0x00000000068F0000-0x0000000006E1C000-memory.dmp
      Filesize

      5.2MB

      Download