Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/12/2023, 22:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    47936b07033bef44e6dd2f23bc0cbd325f92b0678f5228e4cdee41b5fc55d6a3.exe

  • Size

    6.9MB

  • MD5

    69690151deb46daedcf5ad7e769dd5da

  • SHA1

    dd392e0e81e6ab13045509111b0bee680c38cf59

  • SHA256

    47936b07033bef44e6dd2f23bc0cbd325f92b0678f5228e4cdee41b5fc55d6a3

  • SHA512

    aac520024eba7725108de47f1f598347c21b10e1e202d9589c982bb1e10149419b37d365f68757a81ea7d89ed3f0acd8ee6d24ea4b25bd0b398c6f28cc0333ca

  • SSDEEP

    196608:VA89BmaeXRdyXFnlUrU7o7Bz3HzNNn1jnNnTfMImG0zj:lBmakyVnlUQ7Wz3Tv1jNTh0zj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47936b07033bef44e6dd2f23bc0cbd325f92b0678f5228e4cdee41b5fc55d6a3.exe
    "C:\Users\Admin\AppData\Local\Temp\47936b07033bef44e6dd2f23bc0cbd325f92b0678f5228e4cdee41b5fc55d6a3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Users\Admin\AppData\Local\Temp\is-9UFA0.tmp\47936b07033bef44e6dd2f23bc0cbd325f92b0678f5228e4cdee41b5fc55d6a3.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9UFA0.tmp\47936b07033bef44e6dd2f23bc0cbd325f92b0678f5228e4cdee41b5fc55d6a3.tmp" /SL5="$50234,6977575,54272,C:\Users\Admin\AppData\Local\Temp\47936b07033bef44e6dd2f23bc0cbd325f92b0678f5228e4cdee41b5fc55d6a3.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4948
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:2372
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
        3⤵
        • Executes dropped EXE
        PID:4720
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4488
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:784
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:3856

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              270KB

              MD5

              55933aa11d9ad05abe4b28101dc57946

              SHA1

              e299ac984e4bf56532953156f9cbba4cde2e119c

              SHA256

              90249ef063251e0c95380e56611bd8eeab3ac13740b398249ee1600f5b921364

              SHA512

              68a5f35a8b4c674d267901adfc6092615a5bccad6aaa50d953ddcfe2c093c870758cf559d2c2131159cdb8cf12835d88b6d7e9e24e619465e8ac463ab7b52b24

              Download Submit

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              32KB

              MD5

              80191db6682aa9c586c0877d0202f036

              SHA1

              706bad9307e0d6cb758cc86895fe7b39aab68b0a

              SHA256

              b82cd06a65c6be970aae16f499b400192f8f4aec4af372e3061b80816d7cfbc7

              SHA512

              783b775313a6f7cc01f57e049eed7aea2bc718959ea88660b7211105463388177be7abbb74c097b2d08624285cd08489bd437b3879353cc72f22692d6a0a9074

              Download Submit

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              233KB

              MD5

              8dc9ba37fc254febc1d4f7df03bb56eb

              SHA1

              10d02e594ea057e154131949043ba921c7e17271

              SHA256

              0ef00a95f5ebd77fd9bdeb2aed1fbca67b50b7593c35455472d3e24937d6c572

              SHA512

              571c9af6b5863fbbabbbf8a52bbc4a1e8b9df6fd83521775afc790824ea7f55fffd95c9bfb6d4703a1fd0baf86e8078b50d249f70968795186d72a09db7c8bce

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\is-9UFA0.tmp\47936b07033bef44e6dd2f23bc0cbd325f92b0678f5228e4cdee41b5fc55d6a3.tmp
              Filesize

              124KB

              MD5

              bb7228522f25a1bf211b9b270f03846c

              SHA1

              df043461f84617f7b5b8813324b318c56906fdf2

              SHA256

              32b0c493bbf6eefd9e345cec7b77f6e7d13714fb7df5ff4acf563708fc6fcb90

              SHA512

              6d3b5777737b41229a089327d7301c769f1d819367a5a9bfe240a2dcfb3a8c6dd89e737050c837491885ab9eb8bb2c0af549600767c9cce1f0a73c43f8712e21

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\is-9UFA0.tmp\47936b07033bef44e6dd2f23bc0cbd325f92b0678f5228e4cdee41b5fc55d6a3.tmp
              Filesize

              43KB

              MD5

              1b75418e1c3ddf84be99cb5da27ad6aa

              SHA1

              573a3afb51f84a41a96fe0c2a44d89426d031d7b

              SHA256

              209ab2d6f09c143acdc2bb9bb445aeade5ec64a0c4eb08d0b2f107b79cdcaac3

              SHA512

              a9614fd5a57bb01dbad7b7e4e68a82f1362424aede0101f799b1d23f2ba4555fc8c08200c7bcb8a010ee938bcfa8cf395d502037ab64b1bdf302c575fe661637

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-O8RDJ.tmp\_isetup\_iscrypt.dll
              Filesize

              2KB

              MD5

              a69559718ab506675e907fe49deb71e9

              SHA1

              bc8f404ffdb1960b50c12ff9413c893b56f2e36f

              SHA256

              2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

              SHA512

              e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-O8RDJ.tmp\_isetup\_isdecmp.dll
              Filesize

              9KB

              MD5

              a561e1071c35f0023b7c6275e0e24fbe

              SHA1

              1ee201fa43a53820143aee61637ba942f4c0c770

              SHA256

              3915d6d2fac0e17ad4deef4ff09d65f7a09f112d2636edfb56ca3d517e354227

              SHA512

              c86399eb15d26f098d687bd361c5c0a737a870bdb180de3cba10e8faaaf82e771bee96277f87f77f500f6957f62790be933400481d2ec017d4bbada00251207a

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-O8RDJ.tmp\_isetup\_isdecmp.dll
              Filesize

              19KB

              MD5

              3adaa386b671c2df3bae5b39dc093008

              SHA1

              067cf95fbdb922d81db58432c46930f86d23dded

              SHA256

              71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

              SHA512

              bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

              Download Submit

            • memory/756-160-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/756-2-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/756-0-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/2372-154-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2372-151-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2372-155-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2372-152-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-189-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-183-0x00000000008F0000-0x0000000000992000-memory.dmp

              Filesize

              648KB

              Download

            • memory/4720-208-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-205-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-162-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-202-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-167-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-166-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-170-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-173-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-176-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-158-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-182-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-177-0x00000000008F0000-0x0000000000992000-memory.dmp

              Filesize

              648KB

              Download

            • memory/4720-186-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-159-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-190-0x00000000008F0000-0x0000000000992000-memory.dmp

              Filesize

              648KB

              Download

            • memory/4720-193-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-196-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4720-199-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4948-163-0x00000000001F0000-0x00000000001F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4948-12-0x00000000001F0000-0x00000000001F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4948-161-0x0000000000400000-0x00000000004BC000-memory.dmp

              Filesize

              752KB

              Download