Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    96s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2022, 08:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    445da156a539d8a0e3a155db58de3809e43163db6674feb67b3d65e0f3e39881.exe

  • Size

    362KB

  • MD5

    04e07e1d5103ce74b8d5f1de5ee378d1

  • SHA1

    83263e23384410af62f09b19c4e9b253f677fc63

  • SHA256

    445da156a539d8a0e3a155db58de3809e43163db6674feb67b3d65e0f3e39881

  • SHA512

    888d74b0450ad6142bcefff56e787cb52f1b8ef011b2ce481852b217c1aed1c77ab6a4e5953c4293d79fc4a9777a1ce293704777a237aa22ba702f960a5208d7

  • SSDEEP

    6144:g7zT0W/lLznZuCAQp79x4DOR4wt4i3/eMZKOPxvlQEk08IR6KWl:g7Ey/nZuCAQqw4wtx1xPxdG08IR6x

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\445da156a539d8a0e3a155db58de3809e43163db6674feb67b3d65e0f3e39881.exe
    "C:\Users\Admin\AppData\Local\Temp\445da156a539d8a0e3a155db58de3809e43163db6674feb67b3d65e0f3e39881.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1556
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 1264
      2⤵
      • Program crash
      PID:1524
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1556 -ip 1556
    1⤵
      PID:4656

    Network

      No results found
    • 8.238.111.254:80
      46 B
       40 B
       1
      1
    • 52.168.117.170:443
      322 B
       7
    • 193.106.191.21:47242
      445da156a539d8a0e3a155db58de3809e43163db6674feb67b3d65e0f3e39881.exe
      716.7kB
       15.6kB
       491
      226
    • 67.27.154.126:80
      46 B
       40 B
       1
      1
    No results found

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1556-132-0x00000000008E8000-0x000000000091F000-memory.dmp

      Filesize

      220KB

      Download

    • memory/1556-133-0x0000000000860000-0x00000000008B9000-memory.dmp

      Filesize

      356KB

      Download

    • memory/1556-134-0x0000000000400000-0x00000000005BE000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/1556-135-0x0000000004C60000-0x0000000005204000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1556-136-0x00000000052E0000-0x00000000058F8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/1556-137-0x00000000059A0000-0x00000000059B2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1556-138-0x00000000059C0000-0x0000000005ACA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1556-139-0x0000000005AD0000-0x0000000005B0C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1556-140-0x00000000008E8000-0x000000000091F000-memory.dmp

      Filesize

      220KB

      Download

    • memory/1556-141-0x0000000000400000-0x00000000005BE000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/1556-142-0x0000000005DE0000-0x0000000005E72000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1556-143-0x0000000005E80000-0x0000000005EE6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1556-144-0x00000000065B0000-0x0000000006772000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1556-145-0x0000000006780000-0x0000000006CAC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/1556-146-0x0000000006DA0000-0x0000000006E16000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1556-147-0x0000000006E50000-0x0000000006E6E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/1556-148-0x00000000008E8000-0x000000000091F000-memory.dmp

      Filesize

      220KB

      Download

    • memory/1556-149-0x0000000000400000-0x00000000005BE000-memory.dmp

      Filesize

      1.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.