Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/04/2023, 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b80efe78c764b4a3229e08b9aa39c211a1cbe0bba811a7273f4e0483df6f038a.exe

  • Size

    693KB

  • MD5

    99f7d0f17c893682c6ae54f3c4b9bd44

  • SHA1

    26ce329be648d6e24fc556c0655c3f9e1a468e9c

  • SHA256

    b80efe78c764b4a3229e08b9aa39c211a1cbe0bba811a7273f4e0483df6f038a

  • SHA512

    b32078e0cbff78101620cf6b3f633409474b0be77bde5a37da5388281ecdb7c50182e7870d4912d5ceac517a36756d97aabfcf91e872081ca8ecd4c3990a04be

  • SSDEEP

    12288:3y90i9nge53vwSXxiJyCjhq8AMaQufNr87BPF3DFJ9Nj0ttQ/lYEDCWeYpqffCoZ:3ytgKNXxCjhqyDEZ87BPlYAl7Vb2qoZb

Score
10/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b80efe78c764b4a3229e08b9aa39c211a1cbe0bba811a7273f4e0483df6f038a.exe
    "C:\Users\Admin\AppData\Local\Temp\b80efe78c764b4a3229e08b9aa39c211a1cbe0bba811a7273f4e0483df6f038a.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4348
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un501813.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un501813.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1180
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\18634415.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\18634415.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3332
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 1080
          4⤵
          • Program crash
          PID:4652
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk518042.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk518042.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:560
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 1812
          4⤵
          • Program crash
          PID:2212
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si382265.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si382265.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2324
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3332 -ip 3332
    1⤵
      PID:4560
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 560 -ip 560
      1⤵
        PID:2072

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si382265.exe
        Filesize

        136KB

        MD5

        73cae2858379cab7e68b9e5bf751c372

        SHA1

        38c375354bda6e5c8fb2579f1ef0416a6c65929a

        SHA256

        e423b9b79b441e48fd15c0980c78bf87ddaab308fa1c5d5ecdfbd85e1da73f1c

        SHA512

        343c2e4470d42c5078a7e4025509779bfd4b92b5c8b71a9e270acb2b98b6b6fcfa04f8158d9c10c468d0984daac5c8f316424df5e4def7db13e8768eb0d7c7d8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si382265.exe
        Filesize

        136KB

        MD5

        73cae2858379cab7e68b9e5bf751c372

        SHA1

        38c375354bda6e5c8fb2579f1ef0416a6c65929a

        SHA256

        e423b9b79b441e48fd15c0980c78bf87ddaab308fa1c5d5ecdfbd85e1da73f1c

        SHA512

        343c2e4470d42c5078a7e4025509779bfd4b92b5c8b71a9e270acb2b98b6b6fcfa04f8158d9c10c468d0984daac5c8f316424df5e4def7db13e8768eb0d7c7d8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un501813.exe
        Filesize

        540KB

        MD5

        93025ab8cdcf055a3dab69aa4e690f8f

        SHA1

        56fda78e40acccbe60e43e238926488a90192ae6

        SHA256

        3cb1d1dacc7a6d68d5466eb2e2c55b45368cf8f6fa75fbd278a83f7119afb56f

        SHA512

        3456c58ff4b86e76625f09242e554efb06abafe26fa15a76b7a93f315bb898370084878121d01fa7fb0138ba02e9c6e25328f1acfafe322413c7d5afe20a7882

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un501813.exe
        Filesize

        540KB

        MD5

        93025ab8cdcf055a3dab69aa4e690f8f

        SHA1

        56fda78e40acccbe60e43e238926488a90192ae6

        SHA256

        3cb1d1dacc7a6d68d5466eb2e2c55b45368cf8f6fa75fbd278a83f7119afb56f

        SHA512

        3456c58ff4b86e76625f09242e554efb06abafe26fa15a76b7a93f315bb898370084878121d01fa7fb0138ba02e9c6e25328f1acfafe322413c7d5afe20a7882

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\18634415.exe
        Filesize

        258KB

        MD5

        4d8d3af1426d35f999aa723316de8586

        SHA1

        4ed68f7b04a9965d4fdb53283d2106e25b8f66e6

        SHA256

        15ce07d60af35d4a62628e41a9838230e56e92944bc7146b88b431ed1712e59b

        SHA512

        c174899445c59011bd8342ca30557db51fdb425e85a6971c90f070ef06003b9b8d0bf21136b360846ea6e4fe2726b9bc564440af58bfd8d4a1cd871f8ab62949

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\18634415.exe
        Filesize

        258KB

        MD5

        4d8d3af1426d35f999aa723316de8586

        SHA1

        4ed68f7b04a9965d4fdb53283d2106e25b8f66e6

        SHA256

        15ce07d60af35d4a62628e41a9838230e56e92944bc7146b88b431ed1712e59b

        SHA512

        c174899445c59011bd8342ca30557db51fdb425e85a6971c90f070ef06003b9b8d0bf21136b360846ea6e4fe2726b9bc564440af58bfd8d4a1cd871f8ab62949

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk518042.exe
        Filesize

        340KB

        MD5

        66277de1d87c3d41027be18f44725f0a

        SHA1

        d429fcafa099500d753a3c4ce0717ab5b04979d3

        SHA256

        ddb25aca080ea3834c30235a84653f17e71000ee21122145ad11d466d062c557

        SHA512

        5089296979a0b6be77d9379424cd280e59ab5c0fd7c65feafa66724fa9632fa7917dda38d98b31f92750a64474fdde8a2cfdc3fb1aaf067e5b34e5f6733a3e28

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk518042.exe
        Filesize

        340KB

        MD5

        66277de1d87c3d41027be18f44725f0a

        SHA1

        d429fcafa099500d753a3c4ce0717ab5b04979d3

        SHA256

        ddb25aca080ea3834c30235a84653f17e71000ee21122145ad11d466d062c557

        SHA512

        5089296979a0b6be77d9379424cd280e59ab5c0fd7c65feafa66724fa9632fa7917dda38d98b31f92750a64474fdde8a2cfdc3fb1aaf067e5b34e5f6733a3e28

        Download Submit

      • memory/560-223-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-988-0x0000000009C40000-0x000000000A258000-memory.dmp

        Filesize

        6.1MB

        Download

      • memory/560-999-0x0000000006C00000-0x0000000006C50000-memory.dmp

        Filesize

        320KB

        Download

      • memory/560-998-0x000000000B360000-0x000000000B88C000-memory.dmp

        Filesize

        5.2MB

        Download

      • memory/560-997-0x000000000B190000-0x000000000B352000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/560-996-0x000000000AF70000-0x000000000AF8E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/560-995-0x000000000AED0000-0x000000000AF46000-memory.dmp

        Filesize

        472KB

        Download

      • memory/560-994-0x000000000AE10000-0x000000000AEA2000-memory.dmp

        Filesize

        584KB

        Download

      • memory/560-993-0x000000000A740000-0x000000000A7A6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/560-992-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/560-991-0x000000000A440000-0x000000000A47C000-memory.dmp

        Filesize

        240KB

        Download

      • memory/560-990-0x000000000A320000-0x000000000A42A000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/560-989-0x000000000A300000-0x000000000A312000-memory.dmp

        Filesize

        72KB

        Download

      • memory/560-229-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-227-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-225-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-221-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-219-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-215-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-217-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-213-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-211-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-209-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-207-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-193-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/560-192-0x0000000002C80000-0x0000000002CC6000-memory.dmp

        Filesize

        280KB

        Download

      • memory/560-194-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-195-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/560-196-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-197-0x0000000004AA0000-0x0000000004AB0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/560-199-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-201-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-203-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/560-205-0x0000000007710000-0x0000000007745000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2324-1006-0x0000000000910000-0x0000000000938000-memory.dmp

        Filesize

        160KB

        Download

      • memory/2324-1007-0x0000000007660000-0x0000000007670000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3332-172-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-149-0x00000000072A0000-0x0000000007844000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/3332-183-0x0000000004E10000-0x0000000004E20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3332-184-0x0000000004E10000-0x0000000004E20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3332-182-0x0000000002BA0000-0x0000000002BCD000-memory.dmp

        Filesize

        180KB

        Download

      • memory/3332-181-0x0000000000400000-0x0000000002B9B000-memory.dmp

        Filesize

        39.6MB

        Download

      • memory/3332-180-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-150-0x0000000004E10000-0x0000000004E20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3332-178-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-176-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-153-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-174-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-186-0x0000000004E10000-0x0000000004E20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3332-152-0x0000000004E10000-0x0000000004E20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3332-160-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-166-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-164-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-162-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-168-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-158-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-156-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-151-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-170-0x0000000004DF0000-0x0000000004E03000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3332-148-0x0000000002BA0000-0x0000000002BCD000-memory.dmp

        Filesize

        180KB

        Download

      • memory/3332-187-0x0000000000400000-0x0000000002B9B000-memory.dmp

        Filesize

        39.6MB

        Download

      • memory/3332-154-0x0000000004E10000-0x0000000004E20000-memory.dmp

        Filesize

        64KB

        Download