Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    49s
  • max time network
    73s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26-11-2022 02:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cff6a94fcd391c76c422cdf597792d8342c618105933a2c990ec9f75f644e910.dll

  • Size

    126KB

  • MD5

    0747e59c9fd3c5ddef667c0a18fc1159

  • SHA1

    9a661c2b1937d9c2cd2e1cf85925b10ec4bb4de6

  • SHA256

    cff6a94fcd391c76c422cdf597792d8342c618105933a2c990ec9f75f644e910

  • SHA512

    4872110f6f04108ca54330ae5a1e24879095b9592aaa74d4055eea76c9ddd0bdf371c885d361e0da9254cbcac833ea3d0981666ebec7ebbd2c3583ba7f3ae82b

  • SSDEEP

    3072:ox7pOYzBekZmWDWCMq6As523HeS9FAiZ87vO2rJL3RnK9:ox7ZNhZ/dMq6AO0a7vVJT

Score
7/10
collectionspywarestealer

Malware Config

Signatures

  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
    collection
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cff6a94fcd391c76c422cdf597792d8342c618105933a2c990ec9f75f644e910.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3512
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cff6a94fcd391c76c422cdf597792d8342c618105933a2c990ec9f75f644e910.dll,#1
      2⤵
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: EnumeratesProcesses
      • outlook_win_path
      PID:3828
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 828
        3⤵
        • Program crash
        PID:5000

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3828-117-0x0000000000000000-mapping.dmp
    Download
  • memory/3828-118-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-119-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-120-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-121-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-122-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-123-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-124-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-125-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-126-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-127-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-128-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-129-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-130-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-131-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-132-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-133-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-134-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-135-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-136-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-137-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-138-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-139-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-140-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-141-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-142-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-144-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-145-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-143-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-146-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-147-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-148-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-149-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-150-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-151-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-152-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-153-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-154-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-155-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-156-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-157-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-158-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-160-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-159-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-161-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-162-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-163-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-164-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-165-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-166-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-167-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-168-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-169-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-170-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-171-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-172-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-173-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-174-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-175-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-176-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-177-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-179-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-180-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-178-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/3828-181-0x0000000077B00000-0x0000000077C8E000-memory.dmp
    Filesize

    1.6MB

    Download