Overview

overview

7

Static

static

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/01/2023, 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21a7f8907eab236a70d06a1470ca979817749a2e0848a95db6f41be3334671ac.exe

  • Size

    330KB

  • MD5

    c97352897f0dce43e28be225db90500a

  • SHA1

    64b7f89dbc0590bd21f5642c073dae4706889a6c

  • SHA256

    21a7f8907eab236a70d06a1470ca979817749a2e0848a95db6f41be3334671ac

  • SHA512

    d443852f372b88dc36293f84d338ea56809e6232248092e20878ab72bece8c111b769407ab3acd32f8a524f8fe52970523a06be9e4ab87b30433723e323e57bd

  • SSDEEP

    6144:u8ON1HTPG9DF/wzKL1EPupUtI4Zs9EWdLVH1:u8ON5O9GTPuiW4EEG5

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21a7f8907eab236a70d06a1470ca979817749a2e0848a95db6f41be3334671ac.exe
    "C:\Users\Admin\AppData\Local\Temp\21a7f8907eab236a70d06a1470ca979817749a2e0848a95db6f41be3334671ac.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3348
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 1656
      2⤵
      • Program crash
      PID:1116
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3348 -ip 3348
    1⤵
      PID:1160

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3348-132-0x00000000074F0000-0x0000000007A94000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3348-133-0x0000000002CD8000-0x0000000002D07000-memory.dmp

      Filesize

      188KB

      Download

    • memory/3348-134-0x0000000004930000-0x000000000497B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/3348-135-0x0000000000400000-0x0000000002BBB000-memory.dmp

      Filesize

      39.7MB

      Download

    • memory/3348-136-0x0000000007AA0000-0x00000000080B8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/3348-137-0x00000000073B0000-0x00000000074BA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3348-138-0x00000000080D0000-0x00000000080E2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3348-139-0x00000000080F0000-0x000000000812C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3348-140-0x00000000083E0000-0x0000000008472000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3348-141-0x0000000008480000-0x00000000084E6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3348-142-0x0000000008C90000-0x0000000008E52000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/3348-143-0x0000000002CD8000-0x0000000002D07000-memory.dmp

      Filesize

      188KB

      Download

    • memory/3348-144-0x0000000008E60000-0x000000000938C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/3348-145-0x0000000002CD8000-0x0000000002D07000-memory.dmp

      Filesize

      188KB

      Download

    • memory/3348-146-0x0000000000400000-0x0000000002BBB000-memory.dmp

      Filesize

      39.7MB

      Download