Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-05-2023 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a338681d4b6b150332e27743c2b80b9826d214ddcb096178aa53f14c229f558c.exe

  • Size

    308KB

  • MD5

    b1558cd55f5724c03021b61f74598690

  • SHA1

    7b1dfbad95dd0875ff7c0453d4080678429613d1

  • SHA256

    a338681d4b6b150332e27743c2b80b9826d214ddcb096178aa53f14c229f558c

  • SHA512

    3fc6f0f287305acf0e23c22fd16f47bac296cf1f12a7c35a21f6a1696fd88abb998da6f6df85e61747391047555737d7c87c6101055302ce33e4ce61d39f8532

  • SSDEEP

    6144:Kly+bnr+3p0yN90QEMlEY+zbPso4JfzrovwXaJtkLf0:LMr/y90Kb+z7ef9XaJtkg

Score
10/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a338681d4b6b150332e27743c2b80b9826d214ddcb096178aa53f14c229f558c.exe
    "C:\Users\Admin\AppData\Local\Temp\a338681d4b6b150332e27743c2b80b9826d214ddcb096178aa53f14c229f558c.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\g5069005.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\g5069005.exe
      2⤵
      • Modifies Windows Defender Real-time Protection settings
      • Executes dropped EXE
      • Windows security modification
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3176
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\h7127234.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\h7127234.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:548

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\g5069005.exe
    Filesize

    176KB

    MD5

    34b6d2fb9fe885aed8043a4bdc674d9f

    SHA1

    3aa7b765762b5e29902a0abec22ab343683d5fa6

    SHA256

    74c5f3993cf7edb5abfadd49f7585416cbc598a9d399ba1a40a3a45724831c16

    SHA512

    88262f34fc08e7ada45611b9692e0ec9c02fbf582977f1037602dcbbd5cc1389b23159748ee31c0014712b5032a8c61480c0dc1315e2ddd6da85f7e64081ccb8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\g5069005.exe
    Filesize

    176KB

    MD5

    34b6d2fb9fe885aed8043a4bdc674d9f

    SHA1

    3aa7b765762b5e29902a0abec22ab343683d5fa6

    SHA256

    74c5f3993cf7edb5abfadd49f7585416cbc598a9d399ba1a40a3a45724831c16

    SHA512

    88262f34fc08e7ada45611b9692e0ec9c02fbf582977f1037602dcbbd5cc1389b23159748ee31c0014712b5032a8c61480c0dc1315e2ddd6da85f7e64081ccb8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\h7127234.exe
    Filesize

    136KB

    MD5

    09581ac511e754811de1472e86418f06

    SHA1

    68842983b0d9b2e1f5eba562674307a974bc1ebe

    SHA256

    3c6e5e885d599338332e55c8483be971b89dd72926b3eea1b42ff1166317f7d9

    SHA512

    7317a95ec5330b581f8a7d22cbf0dba1afd7cacb29cf3e63bd4e139283ceb13a0c7198658db8340aa85a057d8aa6b9582a33084a1a01d58a1f76e0d2d399bc80

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\h7127234.exe
    Filesize

    136KB

    MD5

    09581ac511e754811de1472e86418f06

    SHA1

    68842983b0d9b2e1f5eba562674307a974bc1ebe

    SHA256

    3c6e5e885d599338332e55c8483be971b89dd72926b3eea1b42ff1166317f7d9

    SHA512

    7317a95ec5330b581f8a7d22cbf0dba1afd7cacb29cf3e63bd4e139283ceb13a0c7198658db8340aa85a057d8aa6b9582a33084a1a01d58a1f76e0d2d399bc80

    Download Submit

  • memory/548-185-0x0000000007D00000-0x0000000007D66000-memory.dmp

    Filesize

    408KB

    Download

  • memory/548-188-0x0000000008A50000-0x0000000008AC6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/548-187-0x0000000008900000-0x0000000008950000-memory.dmp

    Filesize

    320KB

    Download

  • memory/548-186-0x0000000008760000-0x00000000087F2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/548-189-0x0000000009360000-0x0000000009522000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/548-190-0x0000000009A60000-0x0000000009F8C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/548-184-0x0000000007CF0000-0x0000000007D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/548-183-0x0000000007940000-0x000000000797C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/548-182-0x0000000007A10000-0x0000000007B1A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/548-181-0x00000000078E0000-0x00000000078F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/548-180-0x0000000007E40000-0x0000000008458000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/548-179-0x0000000000BD0000-0x0000000000BF8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/548-191-0x0000000008B10000-0x0000000008B2E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3176-149-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-157-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-169-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-171-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-172-0x00000000049F0000-0x0000000004A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3176-173-0x00000000049F0000-0x0000000004A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3176-174-0x00000000049F0000-0x0000000004A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3176-165-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-163-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-161-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-159-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-167-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-155-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-153-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-151-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-147-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-145-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-144-0x0000000004950000-0x0000000004962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-143-0x00000000049F0000-0x0000000004A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3176-142-0x00000000049F0000-0x0000000004A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3176-141-0x00000000049F0000-0x0000000004A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3176-140-0x0000000004A00000-0x0000000004FA4000-memory.dmp

    Filesize

    5.6MB

    Download