Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2023, 02:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b6a891aeab2f2ef00e9aa41fb0a4496200e5d857c1b3f4ccce0b3164d15d0991.exe

  • Size

    392KB

  • MD5

    5bdd8bc310ff1e7f02dc12b83a34fca5

  • SHA1

    dea6431c8111134eba9f961934defcbaccdb4472

  • SHA256

    b6a891aeab2f2ef00e9aa41fb0a4496200e5d857c1b3f4ccce0b3164d15d0991

  • SHA512

    6dc7835a0aa0def8f428fb32ca9427402b651ac8592204cee3010078dba0f07cc1e02c2af08d16639898d12ec1521cbc0a526391287254d756916d8e624c8480

  • SSDEEP

    6144:FCLhuhASFC8JeQ3xmzTa9d9WCNv1JU+QNaRUD2jl5zZY:FCduhv8Y3xmClWcvU0Ow

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6a891aeab2f2ef00e9aa41fb0a4496200e5d857c1b3f4ccce0b3164d15d0991.exe
    "C:\Users\Admin\AppData\Local\Temp\b6a891aeab2f2ef00e9aa41fb0a4496200e5d857c1b3f4ccce0b3164d15d0991.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1604
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 1256
      2⤵
      • Program crash
      PID:4392
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1604 -ip 1604
    1⤵
      PID:1152

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1604-132-0x000000000051E000-0x0000000000554000-memory.dmp

            Filesize

            216KB

            Download

          • memory/1604-133-0x00000000021B0000-0x0000000002209000-memory.dmp

            Filesize

            356KB

            Download

          • memory/1604-134-0x0000000000400000-0x000000000047F000-memory.dmp

            Filesize

            508KB

            Download

          • memory/1604-135-0x0000000004C00000-0x00000000051A4000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/1604-136-0x00000000051B0000-0x00000000057C8000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/1604-137-0x0000000005860000-0x0000000005872000-memory.dmp

            Filesize

            72KB

            Download

          • memory/1604-138-0x0000000005880000-0x000000000598A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/1604-139-0x0000000005990000-0x00000000059CC000-memory.dmp

            Filesize

            240KB

            Download

          • memory/1604-140-0x0000000005CA0000-0x0000000005D06000-memory.dmp

            Filesize

            408KB

            Download

          • memory/1604-141-0x0000000006380000-0x0000000006412000-memory.dmp

            Filesize

            584KB

            Download

          • memory/1604-142-0x0000000006540000-0x0000000006702000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/1604-143-0x0000000006720000-0x0000000006C4C000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/1604-144-0x0000000006D60000-0x0000000006DD6000-memory.dmp

            Filesize

            472KB

            Download

          • memory/1604-145-0x0000000006E20000-0x0000000006E3E000-memory.dmp

            Filesize

            120KB

            Download

          • memory/1604-146-0x000000000051E000-0x0000000000554000-memory.dmp

            Filesize

            216KB

            Download

          • memory/1604-147-0x0000000000400000-0x000000000047F000-memory.dmp

            Filesize

            508KB

            Download