Overview

overview

7

Static

static

1

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-02-2023 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee60c72db115870ecc932d9219ece28cbdfd13eec7eb18b0f6db7f22dcbdd3dd.exe

  • Size

    301KB

  • MD5

    cd3776f58a1508685a2594ff13de21e8

  • SHA1

    2124c5cf0904b19b8e835fa3dc9e300c6d698004

  • SHA256

    ee60c72db115870ecc932d9219ece28cbdfd13eec7eb18b0f6db7f22dcbdd3dd

  • SHA512

    5476ece75afbfecd7a685388fd1e99f5018920d856f1ad5b1ff372daa393197dd3e5b4b6523f29d8917aee5f8ee2771491f9b4dbc229fe347c2095126d292df6

  • SSDEEP

    6144:UQ0/ckLARmUk7BduMsn0Vtn5vxNxlClnBHGY4mO4zshvYALb4nkNt8v24:UQ0/ckURUdjVl5vHvO0N/Bm

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee60c72db115870ecc932d9219ece28cbdfd13eec7eb18b0f6db7f22dcbdd3dd.exe
    "C:\Users\Admin\AppData\Local\Temp\ee60c72db115870ecc932d9219ece28cbdfd13eec7eb18b0f6db7f22dcbdd3dd.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4572
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 1228
      2⤵
      • Program crash
      PID:4592
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4572 -ip 4572
    1⤵
      PID:1164

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4572-132-0x00000000007E8000-0x0000000000816000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4572-134-0x0000000004D30000-0x00000000052D4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4572-133-0x0000000002310000-0x0000000002372000-memory.dmp

      Filesize

      392KB

      Download

    • memory/4572-135-0x0000000000400000-0x0000000000579000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4572-136-0x0000000005340000-0x0000000005958000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4572-137-0x00000000059A0000-0x00000000059B2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4572-138-0x00000000059C0000-0x0000000005ACA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4572-139-0x0000000005AD0000-0x0000000005B0C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4572-140-0x0000000005DD0000-0x0000000005E36000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4572-141-0x00000000065A0000-0x0000000006632000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4572-142-0x0000000006650000-0x00000000066C6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4572-143-0x0000000006710000-0x000000000672E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4572-144-0x00000000067C0000-0x0000000006982000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4572-145-0x00000000069C0000-0x0000000006EEC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4572-146-0x00000000007E8000-0x0000000000816000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4572-147-0x0000000000400000-0x0000000000579000-memory.dmp

      Filesize

      1.5MB

      Download