Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/02/2023, 21:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e772973a3a2010435f221eff87ca8049922f311ba9f1fa43c0df637605795bf2.exe

  • Size

    349KB

  • MD5

    3a86a00c68572a8e68cba8107097874c

  • SHA1

    2254a8888fcfc99cfb97a12799d3b9d2ef3bee8a

  • SHA256

    e772973a3a2010435f221eff87ca8049922f311ba9f1fa43c0df637605795bf2

  • SHA512

    47d351247901cf72ecdac20762aa314016ab9f3873df88f062b8bc3be5a7622346662d7fb14d0bcec53ee63b9d0111ddfa620262e391680715b304cc7955d85f

  • SSDEEP

    6144:RdLN58l1NgarXWqpO+DOdOrbgqWtFHGOoEIqmSOb1ssZHEyk:RdJ56NgiBO+DO2b9WPnoEslxsikZ

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e772973a3a2010435f221eff87ca8049922f311ba9f1fa43c0df637605795bf2.exe
    "C:\Users\Admin\AppData\Local\Temp\e772973a3a2010435f221eff87ca8049922f311ba9f1fa43c0df637605795bf2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4760
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1736
      2⤵
      • Program crash
      PID:640
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4760 -ip 4760
    1⤵
      PID:4584

    Network

      No results found
    • 20.190.159.23:443
      260 B
       5
    • 185.11.61.125:22344
      e772973a3a2010435f221eff87ca8049922f311ba9f1fa43c0df637605795bf2.exe
      10.7kB
       7.3kB
       19
      14
    • 72.21.91.29:80
      322 B
       7
    • 104.208.16.90:443
      322 B
       7
    • 67.27.153.254:80
      322 B
       7
    • 67.27.153.254:80
      322 B
       7
    • 104.80.225.205:443
      322 B
       7
    No results found

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4760-132-0x0000000000810000-0x000000000083D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/4760-133-0x0000000002390000-0x00000000023F2000-memory.dmp

      Filesize

      392KB

      Download

    • memory/4760-134-0x0000000000400000-0x00000000005F1000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/4760-135-0x0000000004EA0000-0x0000000005444000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4760-136-0x0000000005450000-0x0000000005A68000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4760-137-0x0000000004E30000-0x0000000004E42000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4760-138-0x0000000005A70000-0x0000000005B7A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4760-139-0x0000000004E50000-0x0000000004E8C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4760-140-0x0000000005E50000-0x0000000005EB6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4760-141-0x0000000006520000-0x00000000065B2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4760-142-0x00000000065D0000-0x0000000006646000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4760-143-0x0000000006690000-0x00000000066AE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4760-144-0x0000000006850000-0x0000000006A12000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4760-145-0x0000000006A20000-0x0000000006F4C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4760-146-0x0000000000810000-0x000000000083D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/4760-147-0x0000000000400000-0x00000000005F1000-memory.dmp

      Filesize

      1.9MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.