Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-01-2023 07:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0af36eb043c60040b08d338f8231d9211e3cf7a179d503524b64a5a08235a8c6.exe

  • Size

    381KB

  • MD5

    020d16e6bc750f721d41bf7902c56c61

  • SHA1

    a9c79f20b40e61f29157eda902843a7e2f469f78

  • SHA256

    0af36eb043c60040b08d338f8231d9211e3cf7a179d503524b64a5a08235a8c6

  • SHA512

    8cd10a2994c06e11a95ce258dfc4cef0f3e2104dff2b14dba1339ecb5a2b9b0ebda4da6bd74d1d32e9ab364774476c03de14d3c5b912073ec404d6f40f4cb3aa

  • SSDEEP

    6144:2jATp2mDzk3kDoZWuwkTB6td8zXZV6owebWbpgpRjFE:2jcphk3fZWuwkTB6gXZ4owzSL

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0af36eb043c60040b08d338f8231d9211e3cf7a179d503524b64a5a08235a8c6.exe
    "C:\Users\Admin\AppData\Local\Temp\0af36eb043c60040b08d338f8231d9211e3cf7a179d503524b64a5a08235a8c6.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4724
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 1284
      2⤵
      • Program crash
      PID:3360
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4724 -ip 4724
    1⤵
      PID:3448

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4724-132-0x0000000002DBD000-0x0000000002DEC000-memory.dmp

      Filesize

      188KB

      Download

    • memory/4724-133-0x0000000004940000-0x000000000498B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/4724-134-0x0000000000400000-0x0000000002BC7000-memory.dmp

      Filesize

      39.8MB

      Download

    • memory/4724-135-0x0000000007340000-0x00000000078E4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4724-136-0x0000000007900000-0x0000000007F18000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4724-137-0x0000000007FA0000-0x00000000080AA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4724-138-0x00000000080E0000-0x00000000080F2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4724-139-0x0000000008100000-0x000000000813C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4724-140-0x0000000002DBD000-0x0000000002DEC000-memory.dmp

      Filesize

      188KB

      Download

    • memory/4724-141-0x0000000002EA0000-0x0000000002F32000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4724-142-0x0000000003080000-0x00000000030E6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4724-143-0x0000000008E20000-0x0000000008FE2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4724-144-0x0000000008FF0000-0x000000000951C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4724-145-0x0000000002DBD000-0x0000000002DEC000-memory.dmp

      Filesize

      188KB

      Download

    • memory/4724-146-0x0000000000400000-0x0000000002BC7000-memory.dmp

      Filesize

      39.8MB

      Download