Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    101s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2023, 17:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8510d5aa42709a046d11e566b792365591325f5036f5512e3c4f0fd6a52cca0e.exe

  • Size

    459KB

  • MD5

    7c932ca189deb1ef55f32939cb32f8b6

  • SHA1

    2bc7c99348548dfa6cb8f579b200acf84aeffbd9

  • SHA256

    8510d5aa42709a046d11e566b792365591325f5036f5512e3c4f0fd6a52cca0e

  • SHA512

    10211e93076244f37067c68a1338200fe89012a18a01a62edef39d88d9131b8f7b7e45339b9dc35f1657086312c73c04d023c4c5dec61ebd4adedc8b458b9e63

  • SSDEEP

    12288:+RbhlQ6mg7ojtbruJFRh2vkzv2T+O7p8dltD:+RhlKcK03P2vGHO7id7

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8510d5aa42709a046d11e566b792365591325f5036f5512e3c4f0fd6a52cca0e.exe
    "C:\Users\Admin\AppData\Local\Temp\8510d5aa42709a046d11e566b792365591325f5036f5512e3c4f0fd6a52cca0e.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3528
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 1292
      2⤵
      • Program crash
      PID:4244
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3528 -ip 3528
    1⤵
      PID:804

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3528-132-0x00000000007FE000-0x0000000000835000-memory.dmp

      Filesize

      220KB

      Download

    • memory/3528-133-0x0000000000720000-0x0000000000779000-memory.dmp

      Filesize

      356KB

      Download

    • memory/3528-134-0x0000000004DA0000-0x0000000005344000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3528-135-0x0000000005350000-0x0000000005968000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/3528-136-0x0000000000400000-0x0000000000478000-memory.dmp

      Filesize

      480KB

      Download

    • memory/3528-137-0x0000000004C80000-0x0000000004C92000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3528-138-0x0000000005970000-0x0000000005A7A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3528-139-0x0000000004CA0000-0x0000000004CDC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3528-140-0x00000000007FE000-0x0000000000835000-memory.dmp

      Filesize

      220KB

      Download

    • memory/3528-141-0x0000000000720000-0x0000000000779000-memory.dmp

      Filesize

      356KB

      Download

    • memory/3528-142-0x0000000006070000-0x0000000006102000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3528-143-0x0000000006110000-0x0000000006176000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3528-144-0x0000000006680000-0x0000000006842000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/3528-145-0x0000000006870000-0x0000000006D9C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/3528-146-0x0000000006EB0000-0x0000000006F26000-memory.dmp

      Filesize

      472KB

      Download

    • memory/3528-147-0x0000000006F80000-0x0000000006F9E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/3528-148-0x00000000007FE000-0x0000000000835000-memory.dmp

      Filesize

      220KB

      Download

    • memory/3528-149-0x0000000000400000-0x0000000000478000-memory.dmp

      Filesize

      480KB

      Download