Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/12/2022, 02:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    892e3867fdf0014ccbd07d7a0bfaf1bd2c36231e601079f060e775dbbd00a5ae.exe

  • Size

    340KB

  • MD5

    18a0af397ec078bfb4261f800d751680

  • SHA1

    39a6f4c4bdd95b2511610d619b00fbe4b81f4102

  • SHA256

    892e3867fdf0014ccbd07d7a0bfaf1bd2c36231e601079f060e775dbbd00a5ae

  • SHA512

    475598838443c82bc7a71fcb1c83337fd670da20d4830e5cbb1e980003a50fff533ad53c67033ff05b04f444d604116b7e672af963343f0d619e920d67f35380

  • SSDEEP

    6144:BOLUn948rlRiIS84zeQNUot3HfnChkiI83zCa:BOA94QRi784hU2YkiD5

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\892e3867fdf0014ccbd07d7a0bfaf1bd2c36231e601079f060e775dbbd00a5ae.exe
    "C:\Users\Admin\AppData\Local\Temp\892e3867fdf0014ccbd07d7a0bfaf1bd2c36231e601079f060e775dbbd00a5ae.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1524
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 1260
      2⤵
      • Program crash
      PID:2528
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1524 -ip 1524
    1⤵
      PID:4448

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1524-132-0x0000000000732000-0x0000000000760000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1524-133-0x00000000020C0000-0x000000000210B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/1524-134-0x0000000000400000-0x000000000047F000-memory.dmp

      Filesize

      508KB

      Download

    • memory/1524-135-0x0000000004CD0000-0x0000000005274000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1524-136-0x0000000005280000-0x0000000005898000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/1524-137-0x0000000004B30000-0x0000000004C3A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1524-138-0x0000000004C70000-0x0000000004C82000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1524-139-0x00000000058A0000-0x00000000058DC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1524-140-0x0000000005B60000-0x0000000005BF2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1524-141-0x0000000005C00000-0x0000000005C66000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1524-142-0x0000000006450000-0x0000000006612000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1524-143-0x0000000006630000-0x0000000006B5C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/1524-144-0x0000000000732000-0x0000000000760000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1524-145-0x0000000006DD0000-0x0000000006E46000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1524-146-0x0000000006E60000-0x0000000006EB0000-memory.dmp

      Filesize

      320KB

      Download

    • memory/1524-147-0x0000000000400000-0x000000000047F000-memory.dmp

      Filesize

      508KB

      Download