Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/12/2023, 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5f20b4018605b8f43d4e2e102b480c87e839ce82a5c595e188e832a710a4397.exe

  • Size

    6.9MB

  • MD5

    2a9cf54e646a2545b1831cb20a7ff9bf

  • SHA1

    56a14a2327d90d25b523aa9634f2e93781d9518e

  • SHA256

    b5f20b4018605b8f43d4e2e102b480c87e839ce82a5c595e188e832a710a4397

  • SHA512

    fa19d78b9867415bc80e5ba151b30fed61426e03d4580b2ec8d6275ec778b0b326715c77a6cacbcb30603df0ce6407fd8627c3bb780aa6a79160a733d286a449

  • SSDEEP

    196608:5xnTNzjsOzc7TGHscDgcXbIdslX38dgFYJzj:/NztzQlcDPXus98d9Jzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5f20b4018605b8f43d4e2e102b480c87e839ce82a5c595e188e832a710a4397.exe
    "C:\Users\Admin\AppData\Local\Temp\b5f20b4018605b8f43d4e2e102b480c87e839ce82a5c595e188e832a710a4397.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3384
    • C:\Users\Admin\AppData\Local\Temp\is-9ANHA.tmp\b5f20b4018605b8f43d4e2e102b480c87e839ce82a5c595e188e832a710a4397.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9ANHA.tmp\b5f20b4018605b8f43d4e2e102b480c87e839ce82a5c595e188e832a710a4397.tmp" /SL5="$60192,7025884,54272,C:\Users\Admin\AppData\Local\Temp\b5f20b4018605b8f43d4e2e102b480c87e839ce82a5c595e188e832a710a4397.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4504
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:1928
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
        3⤵
        • Executes dropped EXE
        PID:3320
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3404
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:4592
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:4556

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        160KB

        MD5

        7b4a3f3f3cf411467fddbf0e445c669e

        SHA1

        15bc9e1b463fe4e16406636efe18c708a29fabda

        SHA256

        f0961c5de20077a060e0da76744cacd6c147e7e0cd06318f8eacaac376352cef

        SHA512

        23c694bbecc95aa9f30b4ff2c36e53c6cdcdba0776dff16355f9b5056820a5eae5215c6f6036a8eb8de1637240fa347340c3d2e2ccd92e16a3cdb46e31877d75

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        196KB

        MD5

        29872bac40ca8a178477db2d0110ce9a

        SHA1

        91b386f66bf00a667b832d50ff3f50faeb587388

        SHA256

        b96612549b65dec81690b90d1a6b9e4ae16a3870b80ac5747344c0e1fe58c2ef

        SHA512

        4d4091aac070d4e2a0b5d537319283c47edb211ba0a25f92e863a4f025fe2e80d975a0fca6a6fddfdf958f8c54abe516524a724e43a776a3b0d8e60d8642e1de

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        77KB

        MD5

        17c614c8dc0492c962cbc3720890ccac

        SHA1

        9c78a6437562e83354d5d7c2c9416eb080dc9529

        SHA256

        5bdaea4c0481c0e300a1c1192f07f5e31e352645c428f01ed2dc9b0a079e2e30

        SHA512

        133804de1305d36484f5d028bbdaa3aa81d6a1b1aeca202633ce5f09cacfa8fdda29f03942aac123354598d9a9154f04499978fa7860722bb9ac882141b64a8d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-9ANHA.tmp\b5f20b4018605b8f43d4e2e102b480c87e839ce82a5c595e188e832a710a4397.tmp
        Filesize

        191KB

        MD5

        f6d4a8652834793657b5c9526376622e

        SHA1

        71aba746f22e435c062b56ddaa5e33df5527e184

        SHA256

        b738d52925ee79607c01fd0a4148a0ac4edf6c3f619cd81b29d4b6aa482ce6d9

        SHA512

        91f9c08638b4d23db979c7392a3438c044aa8e554d71ec6d4f816b1d6c1accbe59ae09422dede86a9dfbbf3c450231702b2db457eeb927389b24a5ee7660758f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-9ANHA.tmp\b5f20b4018605b8f43d4e2e102b480c87e839ce82a5c595e188e832a710a4397.tmp
        Filesize

        372KB

        MD5

        5c0465a0a5754d764adc7fd342591ec4

        SHA1

        d808b3593c26126e946ccbc60f904f1c72a27658

        SHA256

        5d9198c13e320f7dcf44d0ba2105e1459a1f08d59df7b5bd9e57509e2ab487d1

        SHA512

        2427d624896b53f39ff5162297d52413ef4d2230d6b08837663820d186a831430f338d11df52f7bdd98e003fb9712062cec38fc857a126f5732646c8e576387f

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-6N3GM.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-6N3GM.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/1928-151-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1928-155-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1928-154-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1928-152-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-162-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-190-0x0000000000870000-0x0000000000912000-memory.dmp

        Filesize

        648KB

        Download

      • memory/3320-159-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-209-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-206-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-202-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-199-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-196-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-193-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-166-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-167-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-170-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-173-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-176-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-177-0x0000000000870000-0x0000000000912000-memory.dmp

        Filesize

        648KB

        Download

      • memory/3320-182-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-183-0x0000000000870000-0x0000000000912000-memory.dmp

        Filesize

        648KB

        Download

      • memory/3320-186-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-189-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3320-157-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3384-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/3384-160-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/3384-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4504-163-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4504-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/4504-12-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download