Overview

overview

7

Static

static

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    50s
  • max time network
    64s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17-10-2022 16:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fca93908f66e2b70232b015640525bfcc3475dfc8f05396501f5ecd405ad6a7.exe

  • Size

    6.3MB

  • MD5

    c7763534d7f58ba28c2a01ccc26ee357

  • SHA1

    b29a3cb0c78e2bc86dd93be9b77387f181b7605c

  • SHA256

    1fca93908f66e2b70232b015640525bfcc3475dfc8f05396501f5ecd405ad6a7

  • SHA512

    5160e71206c71039262fe5f5529a0d1059f4118daa8dfb4a2473cd10631d787ceefb7af404d84b87f018badea42bcfa8cdf629e6e9b11c25629fe611edcc1f2f

  • SSDEEP

    49152:bkmZbQsxBXQbKXmu0Fe6iRyhJ3jkqQVSfWVXqASv1x1dKO/5t7WGiocfGJDcjQcr:bkcbf6bKXPSjL+EnHOMz5ysZA5+bf6c

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Program crash 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fca93908f66e2b70232b015640525bfcc3475dfc8f05396501f5ecd405ad6a7.exe
    "C:\Users\Admin\AppData\Local\Temp\1fca93908f66e2b70232b015640525bfcc3475dfc8f05396501f5ecd405ad6a7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 544
      2⤵
      • Program crash
      PID:3592
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 532
      2⤵
      • Program crash
      PID:4868
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 588
      2⤵
      • Program crash
      PID:2264
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 640
      2⤵
      • Program crash
      PID:3420
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 756
      2⤵
      • Program crash
      PID:1612
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 984
      2⤵
      • Program crash
      PID:1316
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic os get Caption
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1156
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 1328
      2⤵
      • Program crash
      PID:2852
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 1344
      2⤵
      • Program crash
      PID:4964
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 1376
      2⤵
      • Program crash
      PID:4928
    • C:\Windows\SysWOW64\cmd.exe
      cmd /C "wmic path win32_VideoController get name"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4968
      • C:\Windows\SysWOW64\Wbem\WMIC.exe
        wmic path win32_VideoController get name
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2280
    • C:\Windows\SysWOW64\cmd.exe
      cmd /C "wmic cpu get name"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:444
      • C:\Windows\SysWOW64\Wbem\WMIC.exe
        wmic cpu get name
        3⤵
          PID:4668
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 312
        2⤵
        • Program crash
        PID:1924

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1156-181-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-182-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-186-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-185-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-180-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-183-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-173-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-184-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-179-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-178-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-177-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-176-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-175-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1156-174-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-139-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-164-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-140-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-141-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-142-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-144-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-145-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-147-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-149-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-148-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-146-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-143-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-138-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-150-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-151-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-152-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-153-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-154-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-155-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-156-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-157-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-158-0x00000000032F0000-0x000000000380F000-memory.dmp

      Filesize

      5.1MB

      Download

    • memory/2764-159-0x0000000000400000-0x0000000000A55000-memory.dmp

      Filesize

      6.3MB

      Download

    • memory/2764-160-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-161-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-162-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-163-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-120-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-165-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-166-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-167-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-168-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-169-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-170-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-171-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-136-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-137-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-135-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-134-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-133-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-132-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-131-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-130-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-129-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-128-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-127-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-126-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-125-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-124-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-123-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-386-0x0000000000400000-0x0000000000A55000-memory.dmp

      Filesize

      6.3MB

      Download

    • memory/2764-122-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2764-121-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download