Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    92s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/04/2023, 05:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e6916a446c465844ae6afdeadbca0dfd2b109659ef9e7c43798851d653e79002.exe

  • Size

    936KB

  • MD5

    5ba853a212e4b8fac1d0a8464d759772

  • SHA1

    7dc0b1584028b77af60b4743663706892f87085e

  • SHA256

    e6916a446c465844ae6afdeadbca0dfd2b109659ef9e7c43798851d653e79002

  • SHA512

    88d92495574604ba93c728fe14901663f2ac5d84a2325e6aab193f80293bf16410575c2d0b03bd33ac28206e056e6280538141dd493ca9368618eb40a30d57dc

  • SSDEEP

    12288:Zy90hhvSZLZQv2raInUJ38GlTlUrSfqMrwIDXCFShQYfKKF2k6LaHr1LdSH2Hw6L:ZyYwaOeIng33rwsh3Z7+aHZO2Hw6veU

Score
10/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs
    evasiontrojan
  • Executes dropped EXE 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6916a446c465844ae6afdeadbca0dfd2b109659ef9e7c43798851d653e79002.exe
    "C:\Users\Admin\AppData\Local\Temp\e6916a446c465844ae6afdeadbca0dfd2b109659ef9e7c43798851d653e79002.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4144
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziJo8411.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziJo8411.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4560
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zihy6433.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zihy6433.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:5040
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it658703.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it658703.exe
          4⤵
          • Modifies Windows Defender Real-time Protection settings
          • Executes dropped EXE
          • Windows security modification
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2068
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr174562.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr174562.exe
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2700
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp390966.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp390966.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:356
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr232746.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr232746.exe
      2⤵
      • Executes dropped EXE
      PID:4028
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 616
        3⤵
        • Program crash
        PID:392
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 696
        3⤵
        • Program crash
        PID:3100
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 836
        3⤵
        • Program crash
        PID:2068
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 844
        3⤵
        • Program crash
        PID:3884
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 872
        3⤵
        • Program crash
        PID:4624
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 884
        3⤵
        • Program crash
        PID:4732
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 1060
        3⤵
        • Program crash
        PID:944

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr232746.exe
    Filesize

    381KB

    MD5

    2cf0e6a0663f4f7256d6e8facc9d9b50

    SHA1

    009db6b64429943ff2aa5ea4c5a3c5a9c6741ba9

    SHA256

    1d2caab70ef647c746aeeb5f93b7a52852d7368baf9eda5b216dd13da3a7a12e

    SHA512

    759aeb00b387c90e9066943dbb083d8e6e6173c8f1befe97a8c7370db33099591d9072545abb2bae63b3c85daceb463c2781496d214041726a27ee8d82ffe20e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr232746.exe
    Filesize

    381KB

    MD5

    2cf0e6a0663f4f7256d6e8facc9d9b50

    SHA1

    009db6b64429943ff2aa5ea4c5a3c5a9c6741ba9

    SHA256

    1d2caab70ef647c746aeeb5f93b7a52852d7368baf9eda5b216dd13da3a7a12e

    SHA512

    759aeb00b387c90e9066943dbb083d8e6e6173c8f1befe97a8c7370db33099591d9072545abb2bae63b3c85daceb463c2781496d214041726a27ee8d82ffe20e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziJo8411.exe
    Filesize

    623KB

    MD5

    9be3ef0f263fd0acda33ec6b7c909acd

    SHA1

    6613db489d711288c91543b9be528534ed866e0a

    SHA256

    fe8b5682f9690aa8635e808fa7642f6ce39160789a20372837c39b22d2d92ba3

    SHA512

    d3313aa43d639dccb29179a72d89ec55760adf835421e75ad006a7fe1a0b634cc1a513a5586a514eb5052673c1bcd211145229f676f28e74fe64fa638bb7ffd1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziJo8411.exe
    Filesize

    623KB

    MD5

    9be3ef0f263fd0acda33ec6b7c909acd

    SHA1

    6613db489d711288c91543b9be528534ed866e0a

    SHA256

    fe8b5682f9690aa8635e808fa7642f6ce39160789a20372837c39b22d2d92ba3

    SHA512

    d3313aa43d639dccb29179a72d89ec55760adf835421e75ad006a7fe1a0b634cc1a513a5586a514eb5052673c1bcd211145229f676f28e74fe64fa638bb7ffd1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp390966.exe
    Filesize

    136KB

    MD5

    86810f340795831f3c2bd147981be929

    SHA1

    573345e2c322720fa43f74d761ff1d48028f36c9

    SHA256

    d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

    SHA512

    c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp390966.exe
    Filesize

    136KB

    MD5

    86810f340795831f3c2bd147981be929

    SHA1

    573345e2c322720fa43f74d761ff1d48028f36c9

    SHA256

    d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

    SHA512

    c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zihy6433.exe
    Filesize

    468KB

    MD5

    4aba90cce71e3bda4321610348f7f0a4

    SHA1

    5e21b00bc42035318e45ec3cfab50863f23e2edc

    SHA256

    900a35516b7d74cfb37f8e73895d73576fa7cf3f9cf416f4a139ba1dc989ba4f

    SHA512

    f130bc912b35c83034d8935b82f57fdd1bf30f68b60723328d44cfa5312b8d77ec959d7604ff59b79ed508b24d032eeb3c68ab888966c763ec10e5e60641b57e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zihy6433.exe
    Filesize

    468KB

    MD5

    4aba90cce71e3bda4321610348f7f0a4

    SHA1

    5e21b00bc42035318e45ec3cfab50863f23e2edc

    SHA256

    900a35516b7d74cfb37f8e73895d73576fa7cf3f9cf416f4a139ba1dc989ba4f

    SHA512

    f130bc912b35c83034d8935b82f57fdd1bf30f68b60723328d44cfa5312b8d77ec959d7604ff59b79ed508b24d032eeb3c68ab888966c763ec10e5e60641b57e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it658703.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it658703.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr174562.exe
    Filesize

    485KB

    MD5

    e68264d67e11f28228ed602c4de77b58

    SHA1

    53e7f46f229aee825933dfa3ec39db4933f3ab71

    SHA256

    40890563de10131e0b567664401552138fa5e2c147d94144dbe2ab672e735651

    SHA512

    f9a906a3c80f49190dfe40f3ac1dd2aa4a0dfc43fbbd9fab6112c2ea251738eaade158dd3ec15c475ea0a658943c6acf55f0b2820919fc7095f8c354efbeb9da

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr174562.exe
    Filesize

    485KB

    MD5

    e68264d67e11f28228ed602c4de77b58

    SHA1

    53e7f46f229aee825933dfa3ec39db4933f3ab71

    SHA256

    40890563de10131e0b567664401552138fa5e2c147d94144dbe2ab672e735651

    SHA512

    f9a906a3c80f49190dfe40f3ac1dd2aa4a0dfc43fbbd9fab6112c2ea251738eaade158dd3ec15c475ea0a658943c6acf55f0b2820919fc7095f8c354efbeb9da

    Download Submit

  • memory/356-960-0x0000000007B20000-0x0000000007B6B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/356-959-0x0000000000D60000-0x0000000000D88000-memory.dmp

    Filesize

    160KB

    Download

  • memory/356-961-0x0000000007AD0000-0x0000000007AE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2068-137-0x0000000000B70000-0x0000000000B7A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2700-178-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-200-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-148-0x0000000004DE0000-0x0000000004E1A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2700-149-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-150-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-152-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-154-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-156-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-158-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-160-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-162-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-164-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-166-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-168-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-170-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-172-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-174-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-176-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-146-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2700-180-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-182-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-184-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-186-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-188-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-190-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-192-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-194-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-147-0x0000000004EC0000-0x00000000053BE000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/2700-198-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-196-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-202-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-206-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-204-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-208-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-210-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-212-0x0000000004DE0000-0x0000000004E15000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2700-941-0x0000000007840000-0x0000000007E46000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2700-942-0x0000000007E60000-0x0000000007E72000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2700-943-0x0000000007E90000-0x0000000007F9A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2700-944-0x0000000007FB0000-0x0000000007FEE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2700-945-0x0000000008130000-0x000000000817B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/2700-946-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2700-947-0x00000000082C0000-0x0000000008326000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2700-948-0x0000000008980000-0x0000000008A12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2700-949-0x0000000008A40000-0x0000000008AB6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2700-145-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2700-144-0x00000000008F0000-0x0000000000936000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2700-143-0x0000000004D60000-0x0000000004D9C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2700-950-0x0000000008B00000-0x0000000008CC2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2700-951-0x0000000008CE0000-0x000000000920C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2700-952-0x0000000009320000-0x000000000933E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2700-953-0x0000000004890000-0x00000000048E0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4028-967-0x0000000000810000-0x0000000000845000-memory.dmp

    Filesize

    212KB

    Download