Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/12/2023, 22:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ba7df536f665581058b0f9f4b586c7e93016d12cb6473efe67b17ead4fe6ae0d.exe

  • Size

    6.9MB

  • MD5

    d13538c5870d1eaeda1005b271c6f5c0

  • SHA1

    de9903629856fde37e604e616a7f49dcbcb6471d

  • SHA256

    ba7df536f665581058b0f9f4b586c7e93016d12cb6473efe67b17ead4fe6ae0d

  • SHA512

    823abef71b92307d29a38f606282dc86fde0972171ab77ca5d70478aff58a5dd0c28c84f52cfb18e41ebe281dd329a51ba11ef72457790c4fe06ef8f08e85ec4

  • SSDEEP

    196608:rxnTNzjsOzc7TGHscDgcXbIdslX38dgFYJzj:BNztzQlcDPXus98d9Jzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba7df536f665581058b0f9f4b586c7e93016d12cb6473efe67b17ead4fe6ae0d.exe
    "C:\Users\Admin\AppData\Local\Temp\ba7df536f665581058b0f9f4b586c7e93016d12cb6473efe67b17ead4fe6ae0d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2596
    • C:\Users\Admin\AppData\Local\Temp\is-92M7C.tmp\ba7df536f665581058b0f9f4b586c7e93016d12cb6473efe67b17ead4fe6ae0d.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-92M7C.tmp\ba7df536f665581058b0f9f4b586c7e93016d12cb6473efe67b17ead4fe6ae0d.tmp" /SL5="$70056,7025884,54272,C:\Users\Admin\AppData\Local\Temp\ba7df536f665581058b0f9f4b586c7e93016d12cb6473efe67b17ead4fe6ae0d.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3564
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:4168
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
          3⤵
          • Executes dropped EXE
          PID:396
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 10
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3864
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
          3⤵
          • Executes dropped EXE
          PID:3776
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:3896

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              74KB

              MD5

              48d277822fae0c13f4c2fe714f00c6dd

              SHA1

              4e002a2b1f1ec87b043d239d1eef807bc3d8e241

              SHA256

              007e0c7426f1fe885c802152afd79eed9555d05b7760a93efb3d8d7344023656

              SHA512

              e86eecffa3a41c39898021e9df3be7189f3ffb3eeb840288cbd5b9da77c5946d4be83ea7d91f53b19ae252f7aa4c91f68338fb6fb009353eda6bbbf3323643e0

              Download Submit

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              65KB

              MD5

              da4f3697b17ced1d2baf410b120a8359

              SHA1

              7ed8c4b1daad061720a0fe079b714bdbdf0ef2f1

              SHA256

              9b3e47728de0aabaae0cafedaae1eddbcfd709e49a6ac79c123f3f081cdb5ea9

              SHA512

              f753d42f8c2de851c016c6f4f1ee9e16dc7d841afd77a27eda0c0c35a3296cbb3e75886ef3ed4c86686dc83327eb4f51ec163bc6d2ee838e4b13813440b231ac

              Download Submit

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              85KB

              MD5

              855897ab27178cfed6ff41c4c02e7795

              SHA1

              b5cdfbaca73c81b39db3c4208678fce5b38568a7

              SHA256

              4d4f318ec90e7e988e6bacabedfabe527623fd1551872294dd217d6098dd49d9

              SHA512

              3b24c174230112a8c29ae2f2484b4c02309df7c2f0084dcbc2e625e960331836e124885aea35810d475d4fb42e112bc79f2731dc469a055c8cd8b032c1d54d29

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\is-6JAEP.tmp\_isetup\_isdecmp.dll
              Filesize

              19KB

              MD5

              3adaa386b671c2df3bae5b39dc093008

              SHA1

              067cf95fbdb922d81db58432c46930f86d23dded

              SHA256

              71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

              SHA512

              bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\is-92M7C.tmp\ba7df536f665581058b0f9f4b586c7e93016d12cb6473efe67b17ead4fe6ae0d.tmp
              Filesize

              68KB

              MD5

              964c614ca76035b64fc29bd90379d4f8

              SHA1

              c9a3f0cbad5b346990b9a309cd8b247255488956

              SHA256

              84c543e7497fc58ead3ca7990eef2d055a23f1c663ecaa78ac90e97fe0308da4

              SHA512

              47bdf7cc9d627ef39823b9041f3d3b047ee5865f039ee19ee042f621b13c2608fba68c7c396b931f4117a186da29b2d3b197ac68f570712e5df1c9a6b7af724f

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\is-92M7C.tmp\ba7df536f665581058b0f9f4b586c7e93016d12cb6473efe67b17ead4fe6ae0d.tmp
              Filesize

              49KB

              MD5

              10dcfca66cad4877702a08201f15f7eb

              SHA1

              1543d5062db06524997dd39533132789828c5906

              SHA256

              db8fc225e50015d56cd41f0fc8e971bcbb36762f599be7e1cf7bb96987f8f68b

              SHA512

              dc256228b4d30e4d323d938aeb444f603b1043e2ab66e50fa2dcb08ff8b0e65b6ccedcc9063be95294c09cc7de79d8be78c45e08c427ed7705b11d11159e067c

              Download Submit

            • memory/396-183-0x0000000000700000-0x00000000007A2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/396-189-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-209-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-206-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-157-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-159-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-203-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-199-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-196-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-193-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-190-0x0000000000700000-0x00000000007A2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/396-162-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-186-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-167-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-166-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-170-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-173-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-176-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/396-178-0x0000000000700000-0x00000000007A2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/396-182-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2596-0-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/2596-160-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/2596-2-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/3564-163-0x0000000000640000-0x0000000000641000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3564-161-0x0000000000400000-0x00000000004BC000-memory.dmp

              Filesize

              752KB

              Download

            • memory/3564-10-0x0000000000640000-0x0000000000641000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3776-152-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3776-151-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3776-153-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3776-155-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download