Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    59s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/04/2023, 10:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ee619787c2607bace3490b38e2eba13d116eb279abfbf00536638fb160faa1d1.exe

  • Size

    566KB

  • MD5

    7db88f076acf1f9d02f58a8aa3bca404

  • SHA1

    1dc5fd22e32fe8ce3ede567d14747273a0db23c8

  • SHA256

    ee619787c2607bace3490b38e2eba13d116eb279abfbf00536638fb160faa1d1

  • SHA512

    55b9a4972070378d66a0729799c033a1a4856f9a1d117ae4fdcf7ae85714fb2b6332d72f7ceeb300391ef1221c032bae587677f6d96d39452636e49d038b39cc

  • SSDEEP

    12288:sy90B8+wo1n62P8jRiNfFac8s8S4J3m/DSQf:sy0aoZJWRKfIcB8S4JW/DSQf

Score
10/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee619787c2607bace3490b38e2eba13d116eb279abfbf00536638fb160faa1d1.exe
    "C:\Users\Admin\AppData\Local\Temp\ee619787c2607bace3490b38e2eba13d116eb279abfbf00536638fb160faa1d1.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziqa0484.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziqa0484.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:224
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it002910.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it002910.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2832
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp763800.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp763800.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3988
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 1556
          4⤵
          • Program crash
          PID:2056
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr192055.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr192055.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4364
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3988 -ip 3988
    1⤵
      PID:3064

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr192055.exe
            Filesize

            136KB

            MD5

            8c80b06d843bd6a7599a5be2075d9a55

            SHA1

            caf86cf2f908f6ac64b8d4788bc61aaaf672f9f2

            SHA256

            e794f573618cef6be742a0f574f179aa1087b51c4ec23bcf7faa16415028850e

            SHA512

            cd902bd2607ee797a60f615c550304e45ff59f2313cbb596b50fae913eae481987a8bde0a83587b153192eeb97514f281864c5fb3db4dc128453d507c5aeeded

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr192055.exe
            Filesize

            136KB

            MD5

            8c80b06d843bd6a7599a5be2075d9a55

            SHA1

            caf86cf2f908f6ac64b8d4788bc61aaaf672f9f2

            SHA256

            e794f573618cef6be742a0f574f179aa1087b51c4ec23bcf7faa16415028850e

            SHA512

            cd902bd2607ee797a60f615c550304e45ff59f2313cbb596b50fae913eae481987a8bde0a83587b153192eeb97514f281864c5fb3db4dc128453d507c5aeeded

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziqa0484.exe
            Filesize

            412KB

            MD5

            36e999559c81cf48ef4612a3c336e523

            SHA1

            9743721c2ff730a982fb6eda447096ed4c58ae8a

            SHA256

            5db17a2a556e7a9bd2335543967892adffcf95ff9e9ffb6385513e5b357c7fdc

            SHA512

            9069900a3799eae1bebaad75fae3f43badbd3348a6a34e27477ee810e2ddd3ce8b2f65134eb35bd156f8dbc8ca5bfecb2860d125e845d823e46ed153899d9d7a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziqa0484.exe
            Filesize

            412KB

            MD5

            36e999559c81cf48ef4612a3c336e523

            SHA1

            9743721c2ff730a982fb6eda447096ed4c58ae8a

            SHA256

            5db17a2a556e7a9bd2335543967892adffcf95ff9e9ffb6385513e5b357c7fdc

            SHA512

            9069900a3799eae1bebaad75fae3f43badbd3348a6a34e27477ee810e2ddd3ce8b2f65134eb35bd156f8dbc8ca5bfecb2860d125e845d823e46ed153899d9d7a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it002910.exe
            Filesize

            11KB

            MD5

            7e93bacbbc33e6652e147e7fe07572a0

            SHA1

            421a7167da01c8da4dc4d5234ca3dd84e319e762

            SHA256

            850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

            SHA512

            250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it002910.exe
            Filesize

            11KB

            MD5

            7e93bacbbc33e6652e147e7fe07572a0

            SHA1

            421a7167da01c8da4dc4d5234ca3dd84e319e762

            SHA256

            850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

            SHA512

            250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp763800.exe
            Filesize

            368KB

            MD5

            a41abe65cde5ad0314d62ac89191040b

            SHA1

            dc51248e58d33e826aebbf3fb5591a32c840622c

            SHA256

            8fa6bd5cdeefa34e10b0f243adaa16cb36488e3ea7f3e153d8592a1db73e3727

            SHA512

            25268b02abf85bdb75633ef8010ab82787a12e8294920bfc08e3f04d9d90eac8624d7429fddff926e28d8bba69885ea7753214508fbf7ab7fe1ead76faeabafd

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp763800.exe
            Filesize

            368KB

            MD5

            a41abe65cde5ad0314d62ac89191040b

            SHA1

            dc51248e58d33e826aebbf3fb5591a32c840622c

            SHA256

            8fa6bd5cdeefa34e10b0f243adaa16cb36488e3ea7f3e153d8592a1db73e3727

            SHA512

            25268b02abf85bdb75633ef8010ab82787a12e8294920bfc08e3f04d9d90eac8624d7429fddff926e28d8bba69885ea7753214508fbf7ab7fe1ead76faeabafd

            Download Submit

          • memory/2832-147-0x0000000000FA0000-0x0000000000FAA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/3988-153-0x00000000073D0000-0x0000000007974000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/3988-155-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-157-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-154-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-159-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-161-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-163-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-165-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-167-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-169-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-171-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-173-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-175-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-177-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-179-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-181-0x0000000002CE0000-0x0000000002D26000-memory.dmp

            Filesize

            280KB

            Download

          • memory/3988-183-0x00000000073C0000-0x00000000073D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3988-182-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-185-0x00000000073C0000-0x00000000073D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3988-186-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-188-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-190-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-192-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-194-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-196-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-198-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-200-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-202-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-204-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-206-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-208-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-210-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-212-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-216-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-214-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-218-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-220-0x0000000004B80000-0x0000000004BB5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/3988-949-0x0000000009D00000-0x000000000A318000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/3988-950-0x000000000A320000-0x000000000A332000-memory.dmp

            Filesize

            72KB

            Download

          • memory/3988-951-0x000000000A340000-0x000000000A44A000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3988-952-0x000000000A460000-0x000000000A49C000-memory.dmp

            Filesize

            240KB

            Download

          • memory/3988-953-0x00000000073C0000-0x00000000073D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3988-954-0x000000000A760000-0x000000000A7C6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/3988-955-0x000000000AE30000-0x000000000AEC2000-memory.dmp

            Filesize

            584KB

            Download

          • memory/3988-956-0x000000000AEF0000-0x000000000AF66000-memory.dmp

            Filesize

            472KB

            Download

          • memory/3988-957-0x000000000AFD0000-0x000000000B192000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/3988-958-0x000000000B1A0000-0x000000000B6CC000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/3988-959-0x000000000B750000-0x000000000B76E000-memory.dmp

            Filesize

            120KB

            Download

          • memory/3988-960-0x0000000006D50000-0x0000000006DA0000-memory.dmp

            Filesize

            320KB

            Download

          • memory/4364-967-0x0000000000C20000-0x0000000000C48000-memory.dmp

            Filesize

            160KB

            Download

          • memory/4364-968-0x0000000007D30000-0x0000000007D40000-memory.dmp

            Filesize

            64KB

            Download