Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    71s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/12/2023, 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    012b945af5ab870abd056a40aa2fd09faf17fe70ba199344f4cb7ef3c2817756.exe

  • Size

    6.9MB

  • MD5

    d3d977f0f71fb82005f570d678f72026

  • SHA1

    fa7353e59b1f447c9846494cc90c95a6d2edfafe

  • SHA256

    012b945af5ab870abd056a40aa2fd09faf17fe70ba199344f4cb7ef3c2817756

  • SHA512

    82cd431176f960468222e71c509c44d2750cdafcbe46ecf0afade50d1712ba54f25a40f0cd7258a848550912eceb0971b09745a98f03e2d839a9f153a647ffeb

  • SSDEEP

    196608:VK2+nNevvWstwr2m5BmycyEbSfasepd5e4x6+AjZ6mjxzj:VDY6tiP3myRfzepXe4ny8gxzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\012b945af5ab870abd056a40aa2fd09faf17fe70ba199344f4cb7ef3c2817756.exe
    "C:\Users\Admin\AppData\Local\Temp\012b945af5ab870abd056a40aa2fd09faf17fe70ba199344f4cb7ef3c2817756.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\Users\Admin\AppData\Local\Temp\is-ER44S.tmp\012b945af5ab870abd056a40aa2fd09faf17fe70ba199344f4cb7ef3c2817756.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-ER44S.tmp\012b945af5ab870abd056a40aa2fd09faf17fe70ba199344f4cb7ef3c2817756.tmp" /SL5="$701EA,6991381,54272,C:\Users\Admin\AppData\Local\Temp\012b945af5ab870abd056a40aa2fd09faf17fe70ba199344f4cb7ef3c2817756.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4740
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
        3⤵
        • Executes dropped EXE
        PID:876
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2196
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:3228
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:3404
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:376

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        169KB

        MD5

        cba4fa1424a478a29f852b80572ef755

        SHA1

        32011476a0f34e05254c0fb50509de585394d0a5

        SHA256

        88087940ba1dfcbf0d708e3e046c57528e1302580377287f370918b6c5e3173f

        SHA512

        259de5957f0a661d931ff8c4482fc2c2cddb3b1b7153530adbd6add8d7d185ac72b006292c39125513930e7f97a8d30cc6c0fa2fadfd8fbff611ffbb73be7e1f

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        68KB

        MD5

        671940e4d79d53e9d024eb5ad1e50cdc

        SHA1

        4614b8793280c49154e32a2e3fce52dc73a862d9

        SHA256

        33732cb57b959cd8c930e0156bfea612bfb4fdb97ca40af2c7321447dfb989dc

        SHA512

        a9684c2c4cf974b8c6c1430594f814ad1649b227c7e3a97c019a89b1c3dca507ee15bc29000e4960212f31d194f4ceb566f48b41fa65d35164957afe372a0862

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        47KB

        MD5

        91f46379c1e70c6f6d20b56f54e24005

        SHA1

        ec255b3553ef71e6aa263a4e84cc7d31def38f10

        SHA256

        148f4bce85083fd0bced875acf54e45f6edf9c70c11ea49eeca20fe294478a89

        SHA512

        a93b524f9d187c6782b5d6b625fade0b86a9aae00afa14437a7310eeb58918d58d19a35cb5cd07620f1721d7d8d835150ce50b7e35eca9f9460a19198db9d8da

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-ER44S.tmp\012b945af5ab870abd056a40aa2fd09faf17fe70ba199344f4cb7ef3c2817756.tmp
        Filesize

        113KB

        MD5

        46b0b8e7994f8d645264d54480581c25

        SHA1

        8a10d66ea40213c33d7634a0772197623cd1a5b4

        SHA256

        3133aefbfc67af1b50cdbb6fccdb020cb7b69ebc498b20c6317754aecebcd0d2

        SHA512

        a91ace5c681dffa1e9830dfb0c7672e402e682def12c4a318f8f0a9aae6c28e723d1ba3a3d770ff82ea246fa2d94f7c4046ae1cae27aba74c05f78e264305b55

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-ER44S.tmp\012b945af5ab870abd056a40aa2fd09faf17fe70ba199344f4cb7ef3c2817756.tmp
        Filesize

        120KB

        MD5

        27c42c1318e0d97f653fa4257d92d0e4

        SHA1

        62a65f305f7e4ffc951e45a77e5a03fde7602d25

        SHA256

        9c449286786f9da865d5afc1de29be42da2adce88dc6667c1fcdd2c8cbd3ed4c

        SHA512

        ce9271091945dc15b00ab821f1a8fbca1362c81efa99e6a74f6988c62146a0e911aeaca76d63c623d5cc9f35d1d2587dfc83a7d5202adeff023e1fdd6c15fa2a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-T5G8F.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-T5G8F.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/876-162-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-189-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-209-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-159-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-158-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-206-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-202-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-199-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-196-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-193-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-190-0x00000000007B0000-0x0000000000852000-memory.dmp

        Filesize

        648KB

        Download

      • memory/876-186-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-177-0x00000000007B0000-0x0000000000852000-memory.dmp

        Filesize

        648KB

        Download

      • memory/876-167-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-166-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-170-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-173-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-176-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/876-183-0x00000000007B0000-0x0000000000852000-memory.dmp

        Filesize

        648KB

        Download

      • memory/876-182-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1444-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1444-160-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1444-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/3228-152-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3228-151-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3228-154-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3228-155-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4740-163-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4740-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/4740-12-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download