Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231201-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231201-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-12-2023 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1eb8aca43bd4d402410d39bb56a575c6bee07589dd4a4fb3712818e4ec95c426.exe

  • Size

    6.9MB

  • MD5

    6aa6c18602cfe9c8c3f2c6d03bd02f44

  • SHA1

    b9e296e11eeccf76c8c27b9d42c29cd586298bd5

  • SHA256

    1eb8aca43bd4d402410d39bb56a575c6bee07589dd4a4fb3712818e4ec95c426

  • SHA512

    b4034322cf98bb57d3a25f13f17f109afdb15fb95557d9820f9c6ecc285e541500f6744ad8d6b4ad18a2fcd1341d62c6f3fd459d0fefa4aeb1a5adffbb44dd96

  • SSDEEP

    98304:o+koiRLFdsODKUdFxQ8k618KzAYYC9z3Bbgtev25o40nsZJjNw5MQNiEU4P5EKHl:Zz25G6bV1yYDuZxCWQNhUU2uNzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1eb8aca43bd4d402410d39bb56a575c6bee07589dd4a4fb3712818e4ec95c426.exe
    "C:\Users\Admin\AppData\Local\Temp\1eb8aca43bd4d402410d39bb56a575c6bee07589dd4a4fb3712818e4ec95c426.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Users\Admin\AppData\Local\Temp\is-3KB5M.tmp\1eb8aca43bd4d402410d39bb56a575c6bee07589dd4a4fb3712818e4ec95c426.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-3KB5M.tmp\1eb8aca43bd4d402410d39bb56a575c6bee07589dd4a4fb3712818e4ec95c426.tmp" /SL5="$60056,6985375,54272,C:\Users\Admin\AppData\Local\Temp\1eb8aca43bd4d402410d39bb56a575c6bee07589dd4a4fb3712818e4ec95c426.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1804
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:60
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
        3⤵
        • Executes dropped EXE
        PID:3932
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:976
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 helpmsg 10
          4⤵
            PID:4360
        • C:\Windows\SysWOW64\schtasks.exe
          "C:\Windows\system32\schtasks.exe" /Query
          3⤵
            PID:4324

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        125KB

        MD5

        b09bdc173e4dc0720318475b3ddfa4e1

        SHA1

        a6b3318d0105392b3d8883c9e7073cbe6668f021

        SHA256

        89619756f6093fb55ad70ed55cc8369bfe65d2c78ce8626a3a8cce2f5998f554

        SHA512

        edf961ea8376f11dab28e1169d241a85f5b611b7784b61fbd00fe8f4a6007f5171fa5c6effad3de855a76bd0fce6c9ab9c4ed954b7c181f8a0dfd8016cce51da

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        224KB

        MD5

        2ce2fc6010061a87d80a78cc8f316d72

        SHA1

        e9c5ca210990facef1af0a8332667981d8b8565a

        SHA256

        6feef14e99b9ee8c1c4d21d58e073b8e57f812ab97d8351b3a03285a445189ed

        SHA512

        1e55cc3034caf457eb158163c8531303af33fc7125481cb1c86c849a5db375ecbe8b14b5b3a489d2f46103c8286f62d14fed1585e08322464901c4c5f653d913

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        214KB

        MD5

        d5b5888bf6e6d089eb074b4f7804c51d

        SHA1

        a9fc464d4127908b9c5852986e5a253c1c4f2d6d

        SHA256

        29dfd82951f3877390eef55a9b4cc77085f1f24de4f5cde6c5f21cf204816241

        SHA512

        b12f2114142ac8ede5b62230bc4c2bbe7d21af9d118c395466d6fdddb2249b3bd2f667bca253721f7a198f37f1775926677cb270df23a9be2941bd79d2403f52

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-3KB5M.tmp\1eb8aca43bd4d402410d39bb56a575c6bee07589dd4a4fb3712818e4ec95c426.tmp
        Filesize

        345KB

        MD5

        ca43a7d1899a3a8c27072193851a04e1

        SHA1

        2ba91afc9e3ca426eed025f6db5334d8e5e21eff

        SHA256

        c1335828f52aa03a63d1164fc24b3205bb9a0c36970f1d23781c4ce572bc918f

        SHA512

        01d83550ca8eb8bbb2523621c159ca2d3f55837dba6365fd96d3ca6fd9aa76b4a36b3cbb22abb9e9f488e9e9776275b7dff7d8c66c22e55fa189bbcf03ca08d4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-3KB5M.tmp\1eb8aca43bd4d402410d39bb56a575c6bee07589dd4a4fb3712818e4ec95c426.tmp
        Filesize

        312KB

        MD5

        87f0630b9341c5ed840d7f8a8ed869d1

        SHA1

        89beac16cc4ea3739bcf78f7e9792794f09f09af

        SHA256

        581ba9cdf43ebf5ee4299ed0f1ea1cb8e3603dcbd80b380e8dafb2fd13738300

        SHA512

        e15012f99f0f4697b45bd8f6ae465621dae2356e275d78ffa35664dfaef4d917a37454f3573c3edf3509a251a3938c48765dc7006f526739458a3bc149b2aa04

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-GB7GT.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-GB7GT.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/60-151-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/60-155-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/60-152-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1544-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1544-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1544-160-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1804-163-0x0000000000650000-0x0000000000651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1804-10-0x0000000000650000-0x0000000000651000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1804-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/3932-157-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-180-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-159-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-166-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-167-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-170-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-173-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-176-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-179-0x0000000000750000-0x00000000007F1000-memory.dmp

        Filesize

        644KB

        Download

      • memory/3932-162-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-183-0x0000000000750000-0x00000000007F1000-memory.dmp

        Filesize

        644KB

        Download

      • memory/3932-186-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-189-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-190-0x0000000000750000-0x00000000007F1000-memory.dmp

        Filesize

        644KB

        Download

      • memory/3932-193-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-196-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-199-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-203-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-206-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3932-209-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download