Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

dridex

windows10-1703-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    131s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/01/2023, 00:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efa35da26e2c21149a9be5e3787d39911ab7e08f435f95099f468b586ebc71d4.exe

  • Size

    342KB

  • MD5

    3bea8a2261b2cae191a0b7501aaed07b

  • SHA1

    68bf79c87ac58e238e48ec177d3b8984a82bc060

  • SHA256

    efa35da26e2c21149a9be5e3787d39911ab7e08f435f95099f468b586ebc71d4

  • SHA512

    fe33e758d26d9937fde33860ea1c88b008bcb7c52e3dface4a2aad1012f26dd8001e74347f6d7f44f2be13e5e847b036955e8fdb8f5cb9f79ce265932453a482

  • SSDEEP

    6144:Uk5L/xG5BH1he4O9OMWKlDycAyjFvJEMbx5rb:35r45h1h5iWGDPAyxfV5

Score
8/10
spywarestealer

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 23 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 36 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efa35da26e2c21149a9be5e3787d39911ab7e08f435f95099f468b586ebc71d4.exe
    "C:\Users\Admin\AppData\Local\Temp\efa35da26e2c21149a9be5e3787d39911ab7e08f435f95099f468b586ebc71d4.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2692
  • C:\Users\Admin\AppData\Local\Temp\E062.exe
    C:\Users\Admin\AppData\Local\Temp\E062.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:4088
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\Oatedoqeryee.tmp",Yqiowyrat
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Checks processor information in registry
      • Suspicious use of WriteProcessMemory
      PID:3360
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 30925
        3⤵
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        PID:4396
  • C:\Users\Admin\AppData\Local\Temp\5E8C.exe
    C:\Users\Admin\AppData\Local\Temp\5E8C.exe
    1⤵
    • Executes dropped EXE
    PID:4624
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:748

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\5E8C.exe
      Filesize

      318KB

      MD5

      094e623899217b14d42c5163e510136e

      SHA1

      cbdee392cf4087e76e0c84023d380d48a54b5192

      SHA256

      66a2ab6f02a60cc983c5e84334fdbca0bfdd567575713ccbb41f18a3d1af8658

      SHA512

      a00f8cf99e953b4222272c33dd896066180b0dee90f50b1e47b8902191a83756833bc22cdda19cf6de807b90a9ef06fddcd69359d04f28d2518d51a07213fbc2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\5E8C.exe
      Filesize

      318KB

      MD5

      094e623899217b14d42c5163e510136e

      SHA1

      cbdee392cf4087e76e0c84023d380d48a54b5192

      SHA256

      66a2ab6f02a60cc983c5e84334fdbca0bfdd567575713ccbb41f18a3d1af8658

      SHA512

      a00f8cf99e953b4222272c33dd896066180b0dee90f50b1e47b8902191a83756833bc22cdda19cf6de807b90a9ef06fddcd69359d04f28d2518d51a07213fbc2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E062.exe
      Filesize

      1.1MB

      MD5

      2ab830a1884ef79ebf74dbd8f3b7eeec

      SHA1

      7e0dc5eb94107b8c840ced3857a35148e3eae2ab

      SHA256

      8e1a4437a2db138c75a38757cb563a10267d5f2c84da68eceda99fefbd74d6c5

      SHA512

      99768e957946e955142892d637d97360cca9d3b29af0d3b7332dd180435066bd8eacf8966144841ff983c49264c819294ff89899c4275f8e2bb9fd869ce33385

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E062.exe
      Filesize

      1.1MB

      MD5

      2ab830a1884ef79ebf74dbd8f3b7eeec

      SHA1

      7e0dc5eb94107b8c840ced3857a35148e3eae2ab

      SHA256

      8e1a4437a2db138c75a38757cb563a10267d5f2c84da68eceda99fefbd74d6c5

      SHA512

      99768e957946e955142892d637d97360cca9d3b29af0d3b7332dd180435066bd8eacf8966144841ff983c49264c819294ff89899c4275f8e2bb9fd869ce33385

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Oatedoqeryee.tmp
      Filesize

      718KB

      MD5

      86df455f98f9b6b06535d64a9cfd7006

      SHA1

      6d79d6464ce3eeb70de564652f9b99b09c5d3a22

      SHA256

      200911b8faaea3104d1b51231d534e615fe755dc84024c1029aeafe1f842206b

      SHA512

      249dac192d6c8023d4673a52d36cc4beecb899ab394f26e6812b3304075f427baba8b4b6a0cf4f6d4f50710eea8a0338d268b82a97a32632e18597c8eae1c426

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Oatedoqeryee.tmp
      Filesize

      718KB

      MD5

      86df455f98f9b6b06535d64a9cfd7006

      SHA1

      6d79d6464ce3eeb70de564652f9b99b09c5d3a22

      SHA256

      200911b8faaea3104d1b51231d534e615fe755dc84024c1029aeafe1f842206b

      SHA512

      249dac192d6c8023d4673a52d36cc4beecb899ab394f26e6812b3304075f427baba8b4b6a0cf4f6d4f50710eea8a0338d268b82a97a32632e18597c8eae1c426

      Download Submit

    • memory/2692-135-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-139-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-119-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-120-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-121-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-122-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-123-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-124-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-125-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-126-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-127-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-129-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-128-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-130-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-131-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-132-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-133-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-134-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-115-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-136-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-137-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-118-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-140-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-141-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-142-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-143-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-144-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-145-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-146-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-147-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-148-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-149-0x0000000002D70000-0x0000000002EBA000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2692-150-0x0000000002D70000-0x0000000002EBA000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2692-151-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-152-0x0000000000400000-0x0000000002C48000-memory.dmp

      Filesize

      40.3MB

      Download

    • memory/2692-153-0x0000000000400000-0x0000000002C48000-memory.dmp

      Filesize

      40.3MB

      Download

    • memory/2692-116-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2692-117-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3360-376-0x0000000007530000-0x0000000008050000-memory.dmp

      Filesize

      11.1MB

      Download

    • memory/3360-304-0x0000000007530000-0x0000000008050000-memory.dmp

      Filesize

      11.1MB

      Download

    • memory/3360-314-0x0000000006FE9000-0x0000000006FEB000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4088-158-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-184-0x0000000004980000-0x0000000004A53000-memory.dmp

      Filesize

      844KB

      Download

    • memory/4088-162-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-164-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-165-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-166-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-168-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-169-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-170-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-171-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-172-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-173-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-174-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-175-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-176-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-177-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-178-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-179-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-167-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-181-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-182-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-161-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-183-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-185-0x0000000004B40000-0x0000000004C4C000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4088-186-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-188-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-187-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-189-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-160-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-191-0x0000000000400000-0x0000000002D01000-memory.dmp

      Filesize

      41.0MB

      Download

    • memory/4088-210-0x0000000000400000-0x0000000002D01000-memory.dmp

      Filesize

      41.0MB

      Download

    • memory/4088-159-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-156-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4088-157-0x0000000077C70000-0x0000000077DFE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4396-329-0x00000000004B0000-0x000000000074D000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/4396-330-0x000001F77D8D0000-0x000001F77DB7E000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4624-365-0x0000000002E91000-0x0000000002EAB000-memory.dmp

      Filesize

      104KB

      Download

    • memory/4624-368-0x0000000004830000-0x0000000004859000-memory.dmp

      Filesize

      164KB

      Download

    • memory/4624-371-0x0000000000400000-0x0000000002C43000-memory.dmp

      Filesize

      40.3MB

      Download

    • memory/4624-375-0x0000000002E91000-0x0000000002EAB000-memory.dmp

      Filesize

      104KB

      Download

    • memory/4624-377-0x0000000000400000-0x0000000002C43000-memory.dmp

      Filesize

      40.3MB

      Download