Overview

overview

10

Static

static

10

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e246c844a272e80f2819e754e79a394e0fc964ad583ae90110dc38a01100b44d.dll

  • Size

    126KB

  • MD5

    f6d14701e7c568254151e153f7763672

  • SHA1

    4501ffb7284f29cca51b06deba0262b8d33f93f6

  • SHA256

    e246c844a272e80f2819e754e79a394e0fc964ad583ae90110dc38a01100b44d

  • SHA512

    62c1d6cbe6531a6b5d2a9fcdddd91cc3971dd81f1f5208e88c02d97d066e1b04665122817acb228894937279c49ac627bdb3c42cb32e130e39201f3108cde8f2

  • SSDEEP

    3072:Yx7pOYzBekF3tiINwyP7XSSJds3zhrjPcnqULv429:Yx7ZNhF3vwyOztPc3L

Score
7/10
collectionspywarestealer

Malware Config

Signatures

  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
    collection
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e246c844a272e80f2819e754e79a394e0fc964ad583ae90110dc38a01100b44d.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e246c844a272e80f2819e754e79a394e0fc964ad583ae90110dc38a01100b44d.dll,#1
      2⤵
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: EnumeratesProcesses
      • outlook_win_path
      PID:4376
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 844
        3⤵
        • Program crash
        PID:4912
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4376 -ip 4376
    1⤵
      PID:4996

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Credentials in Files

    1
    T1081

    Discovery

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Email Collection

    1
    T1114

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4376-132-0x0000000000000000-mapping.dmp
      Download