Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2022, 10:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a7bbd16dc1c0c8da3766f5ba6282e0786f568485c6df8e66e91930ab8cc35d09.exe

  • Size

    459KB

  • MD5

    9ea396764d2a9737444ce6fb42cd2101

  • SHA1

    d72c0bdbbbcbd6cbfbf6d0d54ab4a2b0b654d40e

  • SHA256

    a7bbd16dc1c0c8da3766f5ba6282e0786f568485c6df8e66e91930ab8cc35d09

  • SHA512

    2282da2d25ef71f784d1905253e277463d9ee7973b3c49c985ae6b67bc9f99010841e6ff2e4873945d0b0922923852f2f97273a10f5a6aa83e9502520c5e6b00

  • SSDEEP

    6144:AUk2LymVltNyAz5nDuweg6wE4+zXFHVOa4DREjfYf67k13bwZ4Vxq:rL2mVsm5nDujyGVTjfYy7

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7bbd16dc1c0c8da3766f5ba6282e0786f568485c6df8e66e91930ab8cc35d09.exe
    "C:\Users\Admin\AppData\Local\Temp\a7bbd16dc1c0c8da3766f5ba6282e0786f568485c6df8e66e91930ab8cc35d09.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 1540
      2⤵
      • Program crash
      PID:2352
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4968 -ip 4968
    1⤵
      PID:1956

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4968-132-0x00000000005C7000-0x00000000005FE000-memory.dmp

            Filesize

            220KB

            Download

          • memory/4968-133-0x0000000000510000-0x0000000000569000-memory.dmp

            Filesize

            356KB

            Download

          • memory/4968-134-0x0000000000400000-0x0000000000478000-memory.dmp

            Filesize

            480KB

            Download

          • memory/4968-135-0x0000000004B80000-0x0000000005124000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/4968-136-0x00000000051A0000-0x00000000057B8000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/4968-137-0x0000000005860000-0x0000000005872000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4968-138-0x0000000005880000-0x000000000598A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/4968-139-0x0000000005990000-0x00000000059CC000-memory.dmp

            Filesize

            240KB

            Download

          • memory/4968-140-0x0000000005CA0000-0x0000000005D06000-memory.dmp

            Filesize

            408KB

            Download

          • memory/4968-141-0x0000000006380000-0x0000000006412000-memory.dmp

            Filesize

            584KB

            Download

          • memory/4968-142-0x0000000006440000-0x0000000006602000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/4968-143-0x0000000006620000-0x0000000006B4C000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/4968-144-0x0000000006C60000-0x0000000006CD6000-memory.dmp

            Filesize

            472KB

            Download

          • memory/4968-145-0x0000000006D20000-0x0000000006D3E000-memory.dmp

            Filesize

            120KB

            Download

          • memory/4968-146-0x00000000005C7000-0x00000000005FE000-memory.dmp

            Filesize

            220KB

            Download

          • memory/4968-147-0x0000000000400000-0x0000000000478000-memory.dmp

            Filesize

            480KB

            Download