Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-11-2022 15:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87a7b708cf5f194568ce728a77c5778078720d6ff6346ea269f0a5427398ad60.exe

  • Size

    448KB

  • MD5

    0157a88e62b7651bf765bd4fbf73264c

  • SHA1

    fba492f92871cbf674563578d3e91ccb4a412c71

  • SHA256

    87a7b708cf5f194568ce728a77c5778078720d6ff6346ea269f0a5427398ad60

  • SHA512

    821184beaa4e49af6e05583992ea98800a1494fcfe4c0d534dbb048dc2960208545432bb1c59c7f5cb69573bb2e7cb33d90904415c6563873ead802c4e4279c7

  • SSDEEP

    12288:w1bVCfn7om/rE7KdHJaKZODGZ5N1Um4ObM1Mjc:w1ofn7X/9dJaSODGZ5f5hoajc

Score
10/10
formbookdwdpratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

dwdp

Decoy

4DlAaMhdJtwJ15R2TZiMx6GwCg==

oilWdXwEy3OHItOqfLCNx6GwCg==

Ak8/PHhAG8EabtQ6

6M2Ej6pHE8pIcmJHMnpaZmZN50HzwA==

TbfoWsWBhyisR1OC/WI=

c9L5DAKvlT90Emj/mejR

Q52SsCG4oEvuFmMtB3U=

OpXGZzbo03aPI4RLsRqSjCi+4btteRj9

HXOuQvq3ok8Cm/9OCg==

NR7FUuGQbFKbPFOC/WI=

vCVkAKp/MCYvTA==

EIB9dcNoJczrDx1+2FMCpUWh

AelRyJUy6pU3TPPyep9VeiM=

pxM6rxHct23r9lOC/WI=

Jo+EpynW0bkd8EQ=

c93g9H4q6pCGbWGE6jGTmys=

KxeWJh3IeirmwBLvQ6xa5He4

Y18bQIZHI87qwl3/mejR

UDOSCrReNObV5g8I/0swTl5K50HzwA==

6Wum4j786IYvBgz/fu7G

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Suspicious use of SetThreadContext 3 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 58 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Users\Admin\AppData\Local\Temp\87a7b708cf5f194568ce728a77c5778078720d6ff6346ea269f0a5427398ad60.exe
      "C:\Users\Admin\AppData\Local\Temp\87a7b708cf5f194568ce728a77c5778078720d6ff6346ea269f0a5427398ad60.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        PID:2556
    • C:\Windows\SysWOW64\ipconfig.exe
      "C:\Windows\SysWOW64\ipconfig.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Gathers network information
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1688
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:3336

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Command-Line Interface

    1
    T1059

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1688-183-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-179-0x0000000000B00000-0x0000000000C95000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-203-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-202-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-162-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-201-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-200-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-199-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-164-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-197-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-196-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-195-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-194-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-193-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-192-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-191-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-190-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-189-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-188-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-186-0x0000000000B00000-0x0000000000C95000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-181-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-172-0x0000000003150000-0x0000000003470000-memory.dmp
      Filesize

      3.1MB

      Download
    • memory/1688-184-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-171-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-182-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-174-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-180-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-178-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-150-0x0000000000000000-mapping.dmp
      Download
    • memory/1688-151-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-152-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-163-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-154-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-156-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-157-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-176-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-158-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-159-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-160-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-161-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-177-0x0000000000650000-0x000000000067D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/1688-175-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-198-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-165-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-167-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-166-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-168-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1688-169-0x0000000001140000-0x000000000114B000-memory.dmp
      Filesize

      44KB

      Download
    • memory/1688-170-0x0000000000650000-0x000000000067D000-memory.dmp
      Filesize

      180KB

      Download
    • memory/2124-120-0x0000024D2B0A0000-0x0000024D2B114000-memory.dmp
      Filesize

      464KB

      Download
    • memory/2124-121-0x0000024D454F0000-0x0000024D45560000-memory.dmp
      Filesize

      448KB

      Download
    • memory/2556-142-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-140-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-153-0x0000000000400000-0x000000000042F000-memory.dmp
      Filesize

      188KB

      Download
    • memory/2556-124-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-155-0x0000000000401000-0x000000000042F000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2556-149-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-148-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-147-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-146-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-145-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-122-0x0000000000400000-0x000000000042F000-memory.dmp
      Filesize

      188KB

      Download
    • memory/2556-143-0x00000000013B0000-0x0000000001547000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-123-0x00000000004012B0-mapping.dmp
      Download
    • memory/2556-141-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-125-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-126-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-138-0x0000000001550000-0x0000000001870000-memory.dmp
      Filesize

      3.1MB

      Download
    • memory/2556-137-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-136-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-135-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-134-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-133-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-132-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-131-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2556-130-0x0000000000401000-0x000000000042F000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2556-129-0x0000000000400000-0x000000000042F000-memory.dmp
      Filesize

      188KB

      Download
    • memory/2556-127-0x0000000077710000-0x000000007789E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3064-173-0x0000000002740000-0x0000000002817000-memory.dmp
      Filesize

      860KB

      Download
    • memory/3064-187-0x00000000063D0000-0x0000000006518000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/3064-185-0x00000000063D0000-0x0000000006518000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/3064-144-0x0000000002740000-0x0000000002817000-memory.dmp
      Filesize

      860KB

      Download