Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/04/2023, 00:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3f4fbdb4928d823ef808cc79abeded1f4c42676b7ba983704a39ee0d58d2c95.exe

  • Size

    826KB

  • MD5

    1453763d28106888e2e557f2be5116e5

  • SHA1

    610127b76a2280bac123b27ada266fcbdd0e1048

  • SHA256

    c3f4fbdb4928d823ef808cc79abeded1f4c42676b7ba983704a39ee0d58d2c95

  • SHA512

    4f1e823efe4f4c3ac295f31470f7e55dce594a6f64f2b38748721ac047ef1687a887516066c79712438d5159372159eee89d3c90d6905367b75ea2b784decc5a

  • SSDEEP

    12288:Cy90dKqojEx55bT2lQTeY8F2IXh6Q8v92jSLHa48wwWsQsWWCN1ty:Cy8ojEx5Z2lVXh95asHWWCNfy

Score
10/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs
    evasiontrojan
  • Executes dropped EXE 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3f4fbdb4928d823ef808cc79abeded1f4c42676b7ba983704a39ee0d58d2c95.exe
    "C:\Users\Admin\AppData\Local\Temp\c3f4fbdb4928d823ef808cc79abeded1f4c42676b7ba983704a39ee0d58d2c95.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziGY8620.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziGY8620.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziEl5892.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziEl5892.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:2512
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it679454.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it679454.exe
          4⤵
          • Modifies Windows Defender Real-time Protection settings
          • Executes dropped EXE
          • Windows security modification
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4780
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr529420.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr529420.exe
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4924
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp032736.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp032736.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4288
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr144144.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr144144.exe
      2⤵
      • Executes dropped EXE
      PID:4084
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 624
        3⤵
        • Program crash
        PID:4748
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 704
        3⤵
        • Program crash
        PID:4928
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 844
        3⤵
        • Program crash
        PID:4940
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 876
        3⤵
        • Program crash
        PID:3892
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 856
        3⤵
        • Program crash
        PID:1952
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 888
        3⤵
        • Program crash
        PID:5000
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 1088
        3⤵
        • Program crash
        PID:3516

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr144144.exe
    Filesize

    256KB

    MD5

    9cd0a867585e6efc34d54c7e64fe376d

    SHA1

    30e9d35455e4b257179d799af8ae87dd2e7f975a

    SHA256

    0e719525c476555c22cc3f156cf015ddf7bcab46d4951ff834568ddb748b08dd

    SHA512

    dcdb4c5c0dce9baec87c406f584f2f2bfe2d1e1706636f55f8a2e095ec821c6f4896bcba931d935f82945a5e652a31e2c2a2419c24c035fc1211f289f349b037

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr144144.exe
    Filesize

    256KB

    MD5

    9cd0a867585e6efc34d54c7e64fe376d

    SHA1

    30e9d35455e4b257179d799af8ae87dd2e7f975a

    SHA256

    0e719525c476555c22cc3f156cf015ddf7bcab46d4951ff834568ddb748b08dd

    SHA512

    dcdb4c5c0dce9baec87c406f584f2f2bfe2d1e1706636f55f8a2e095ec821c6f4896bcba931d935f82945a5e652a31e2c2a2419c24c035fc1211f289f349b037

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziGY8620.exe
    Filesize

    568KB

    MD5

    6535ed7f4f92e1a472286e393b10d068

    SHA1

    cb5b78f8f3062185526455d8c54df9e05161c029

    SHA256

    b122a9885a905d1b9ade59696d90b458fe28bd692a8e7f95951083af569734f6

    SHA512

    031c1b23bab1f8e99e7ee49fe2bbb834264eaeed0945b2e37ef432fcf8ba53ab0429359c4eddfffd8f1e68e60705c23e76101d2e516aa0e0dc6966a636777233

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziGY8620.exe
    Filesize

    568KB

    MD5

    6535ed7f4f92e1a472286e393b10d068

    SHA1

    cb5b78f8f3062185526455d8c54df9e05161c029

    SHA256

    b122a9885a905d1b9ade59696d90b458fe28bd692a8e7f95951083af569734f6

    SHA512

    031c1b23bab1f8e99e7ee49fe2bbb834264eaeed0945b2e37ef432fcf8ba53ab0429359c4eddfffd8f1e68e60705c23e76101d2e516aa0e0dc6966a636777233

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp032736.exe
    Filesize

    136KB

    MD5

    86810f340795831f3c2bd147981be929

    SHA1

    573345e2c322720fa43f74d761ff1d48028f36c9

    SHA256

    d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

    SHA512

    c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp032736.exe
    Filesize

    136KB

    MD5

    86810f340795831f3c2bd147981be929

    SHA1

    573345e2c322720fa43f74d761ff1d48028f36c9

    SHA256

    d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

    SHA512

    c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziEl5892.exe
    Filesize

    414KB

    MD5

    fcc14c053a839c7965f7d2613a0ea142

    SHA1

    da46a1b043098579133165f09c67a91c9721a12a

    SHA256

    c1d4372e144272c5245babf3bbce4cdfa96cdce1f57ce3da964589c049107f29

    SHA512

    820152f1a8844ad8b22fe616bce12d1bcd497e26b2922a9c7ed094e48bb6c0332e7396c5a49088a1d2a463d183537fbbcb34e5a944e3d95f838454a7086a4543

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziEl5892.exe
    Filesize

    414KB

    MD5

    fcc14c053a839c7965f7d2613a0ea142

    SHA1

    da46a1b043098579133165f09c67a91c9721a12a

    SHA256

    c1d4372e144272c5245babf3bbce4cdfa96cdce1f57ce3da964589c049107f29

    SHA512

    820152f1a8844ad8b22fe616bce12d1bcd497e26b2922a9c7ed094e48bb6c0332e7396c5a49088a1d2a463d183537fbbcb34e5a944e3d95f838454a7086a4543

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it679454.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it679454.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr529420.exe
    Filesize

    359KB

    MD5

    6d0c13ac47aa77dcd0fd34303891fa39

    SHA1

    b9c6753a8c916b91e6862c3e11611bfdd33b06b8

    SHA256

    d09d377da5c35f0b63b6cdede4c0cd9d82a301411d3310568085b8096f23472f

    SHA512

    e788336f091c1e5c99e12cb720ebc405b82a8070ef9685f4a7b870e587559fff236c98c4e26ec4bef38971a5e303ebb37d0100ce493e4c8055cdfec2f022b4c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr529420.exe
    Filesize

    359KB

    MD5

    6d0c13ac47aa77dcd0fd34303891fa39

    SHA1

    b9c6753a8c916b91e6862c3e11611bfdd33b06b8

    SHA256

    d09d377da5c35f0b63b6cdede4c0cd9d82a301411d3310568085b8096f23472f

    SHA512

    e788336f091c1e5c99e12cb720ebc405b82a8070ef9685f4a7b870e587559fff236c98c4e26ec4bef38971a5e303ebb37d0100ce493e4c8055cdfec2f022b4c8

    Download Submit

  • memory/4084-972-0x0000000002C70000-0x0000000002CA5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4288-965-0x00000000076E0000-0x000000000772B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4288-964-0x0000000000960000-0x0000000000988000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4288-966-0x0000000007630000-0x0000000007640000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4780-141-0x0000000000940000-0x000000000094A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4924-181-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-201-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-154-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-156-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-158-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-160-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-162-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-164-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-166-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-168-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-170-0x0000000007270000-0x0000000007280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4924-174-0x0000000007270000-0x0000000007280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4924-175-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-172-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-171-0x0000000007270000-0x0000000007280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4924-177-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-179-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-151-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-183-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-185-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-187-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-189-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-191-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-193-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-195-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-197-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-199-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-152-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-203-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-205-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-207-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-209-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-211-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-213-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-215-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-217-0x00000000071B0000-0x00000000071E5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4924-946-0x000000000A210000-0x000000000A816000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4924-947-0x0000000009C00000-0x0000000009C12000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4924-948-0x0000000009C20000-0x0000000009D2A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4924-949-0x0000000009D40000-0x0000000009D7E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4924-950-0x0000000009DC0000-0x0000000009E0B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4924-951-0x0000000007270000-0x0000000007280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4924-952-0x000000000A050000-0x000000000A0B6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4924-953-0x000000000AD10000-0x000000000ADA2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4924-954-0x000000000ADC0000-0x000000000AE10000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4924-150-0x00000000071B0000-0x00000000071EA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4924-149-0x0000000007280000-0x000000000777E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4924-148-0x0000000007130000-0x000000000716C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4924-147-0x0000000002C90000-0x0000000002CD6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4924-955-0x000000000AE30000-0x000000000AEA6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4924-956-0x000000000AEF0000-0x000000000B0B2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4924-957-0x000000000B0D0000-0x000000000B5FC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4924-958-0x000000000B720000-0x000000000B73E000-memory.dmp

    Filesize

    120KB

    Download