Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    57s
  • max time network
    145s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/10/2022, 03:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2e3dc01e73cb2633905f26baf6d86f826033a2b085c4380b0034a14eec130af.exe

  • Size

    5.3MB

  • MD5

    24b34bfe59a97dea9850d39005a9b635

  • SHA1

    6e19d47f444eaef2b117d57232753757466784d4

  • SHA256

    e2e3dc01e73cb2633905f26baf6d86f826033a2b085c4380b0034a14eec130af

  • SHA512

    914ba8a794d664d6ed432f1b933294d4457b6459cd224b0ad46d0bdf0754ab00cdcc18509654265ceb6f4a170f2657ede81453f1a61a279584277f4427d4aa66

  • SSDEEP

    98304:ByIwfYjsOpKO+6PbFmS3VjVEOeTtJaAbLECnrZXJT7W:BaEsUbFmS3VjVEOeTtJHbdnrz7

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Program crash 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2e3dc01e73cb2633905f26baf6d86f826033a2b085c4380b0034a14eec130af.exe
    "C:\Users\Admin\AppData\Local\Temp\e2e3dc01e73cb2633905f26baf6d86f826033a2b085c4380b0034a14eec130af.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:388
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 544
      2⤵
      • Program crash
      PID:352
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 524
      2⤵
      • Program crash
      PID:4656
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 592
      2⤵
      • Program crash
      PID:4720
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 640
      2⤵
      • Program crash
      PID:4988
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 748
      2⤵
      • Program crash
      PID:5084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 880
      2⤵
      • Program crash
      PID:4876
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic os get Caption
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 1328
      2⤵
      • Program crash
      PID:1796
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 1344
      2⤵
      • Program crash
      PID:4672
    • C:\Windows\SysWOW64\cmd.exe
      cmd /C "wmic path win32_VideoController get name"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4264
      • C:\Windows\SysWOW64\Wbem\WMIC.exe
        wmic path win32_VideoController get name
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4068
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 1396
      2⤵
      • Program crash
      PID:3952
    • C:\Windows\SysWOW64\cmd.exe
      cmd /C "wmic cpu get name"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4380
      • C:\Windows\SysWOW64\Wbem\WMIC.exe
        wmic cpu get name
        3⤵
          PID:4316
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 312
        2⤵
        • Program crash
        PID:3864

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/388-115-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-116-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-117-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-118-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-119-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-120-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-121-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-123-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-122-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-124-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-125-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-126-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-127-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-128-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-129-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-130-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-131-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-132-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-133-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-134-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-135-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-136-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-138-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-137-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-139-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-140-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-141-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-142-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-143-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-144-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-145-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-146-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-147-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-148-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-149-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-150-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-151-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-152-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-153-0x00000000030A0000-0x00000000034E7000-memory.dmp

      Filesize

      4.3MB

      Download

    • memory/388-154-0x0000000000400000-0x0000000000959000-memory.dmp

      Filesize

      5.3MB

      Download

    • memory/388-155-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-156-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-157-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-158-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-159-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-160-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-161-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-162-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-163-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-164-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-165-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-166-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/388-381-0x0000000000400000-0x0000000000959000-memory.dmp

      Filesize

      5.3MB

      Download

    • memory/2416-168-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-169-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-171-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-170-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-172-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-173-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-174-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-175-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-176-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-178-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-177-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-179-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-180-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2416-181-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

      Filesize

      1.6MB

      Download