Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    65s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/12/2022, 20:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5088b2c5548e2b5fe150018899062f5150ae57375641c739e7ba2eb16eb9a293.exe

  • Size

    402KB

  • MD5

    c55dbab764fd7ea4e2e0f8054069a0f0

  • SHA1

    52b625b4dc0218464f4730458d3e658ab8353d79

  • SHA256

    5088b2c5548e2b5fe150018899062f5150ae57375641c739e7ba2eb16eb9a293

  • SHA512

    2346b7f2162fcf889a11be1dbabc8a40c97c0d9672766e19ad03d5d420efff003de436a6877a1521cab67a546ef5b3bc45c680af720843af98723a6f2b88c1f8

  • SSDEEP

    6144:RqLySvpMxyibuCDZk/jefvrttO+scWrEprJ2AB9UZdLaYon5Jk4eROw:A2SRMxLbuCD2/jyRtSJrEz2din5JF

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5088b2c5548e2b5fe150018899062f5150ae57375641c739e7ba2eb16eb9a293.exe
    "C:\Users\Admin\AppData\Local\Temp\5088b2c5548e2b5fe150018899062f5150ae57375641c739e7ba2eb16eb9a293.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4912
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 1688
      2⤵
      • Program crash
      PID:4064
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4912 -ip 4912
    1⤵
      PID:736

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4912-132-0x000000000059E000-0x00000000005CC000-memory.dmp

            Filesize

            184KB

            Download

          • memory/4912-133-0x00000000004F0000-0x000000000053B000-memory.dmp

            Filesize

            300KB

            Download

          • memory/4912-134-0x0000000000400000-0x000000000046A000-memory.dmp

            Filesize

            424KB

            Download

          • memory/4912-135-0x0000000004C10000-0x00000000051B4000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/4912-136-0x00000000051C0000-0x00000000057D8000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/4912-137-0x0000000005840000-0x000000000594A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/4912-138-0x0000000005980000-0x0000000005992000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4912-139-0x00000000059A0000-0x00000000059DC000-memory.dmp

            Filesize

            240KB

            Download

          • memory/4912-140-0x0000000005C90000-0x0000000005CF6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/4912-141-0x0000000006470000-0x0000000006502000-memory.dmp

            Filesize

            584KB

            Download

          • memory/4912-142-0x000000000059E000-0x00000000005CC000-memory.dmp

            Filesize

            184KB

            Download

          • memory/4912-143-0x0000000006680000-0x0000000006842000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/4912-144-0x0000000006860000-0x0000000006D8C000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/4912-145-0x0000000000400000-0x000000000046A000-memory.dmp

            Filesize

            424KB

            Download