Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10-12-2023 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87705a102f3b959b7ecc2316b7da6bfb6005f42792cce87ec0c57e305d74b5bd.exe

  • Size

    6.9MB

  • MD5

    7bfe67ad151f3f1d39e23c3e2469afda

  • SHA1

    d61b3c7b25c4649f6b91d96f27c4143c50aa9ea8

  • SHA256

    87705a102f3b959b7ecc2316b7da6bfb6005f42792cce87ec0c57e305d74b5bd

  • SHA512

    e95b465d549be29ac166c3a62da319594054f5f289fddf0d66a7df3deadc7a4b8f80377e4c4dde93d7c3070dc1e4a1117ac8da5861a0ca092d782baeebd07012

  • SSDEEP

    196608:1xnTNzjsOzc7TGHscDgcXbIdslX38dgFYJzj:LNztzQlcDPXus98d9Jzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87705a102f3b959b7ecc2316b7da6bfb6005f42792cce87ec0c57e305d74b5bd.exe
    "C:\Users\Admin\AppData\Local\Temp\87705a102f3b959b7ecc2316b7da6bfb6005f42792cce87ec0c57e305d74b5bd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Users\Admin\AppData\Local\Temp\is-NS20A.tmp\87705a102f3b959b7ecc2316b7da6bfb6005f42792cce87ec0c57e305d74b5bd.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-NS20A.tmp\87705a102f3b959b7ecc2316b7da6bfb6005f42792cce87ec0c57e305d74b5bd.tmp" /SL5="$70226,7025884,54272,C:\Users\Admin\AppData\Local\Temp\87705a102f3b959b7ecc2316b7da6bfb6005f42792cce87ec0c57e305d74b5bd.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4568
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:440
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
          3⤵
          • Executes dropped EXE
          PID:1328
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
          3⤵
          • Executes dropped EXE
          PID:808
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 10
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2124
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 helpmsg 10
            4⤵
              PID:4652

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        932KB

        MD5

        d9c11a81c66c24c9f8810347c24088b1

        SHA1

        deea79f6dbacec59fcb14af2df796ef65fddb470

        SHA256

        fbeb6e27c23d32ce444dfc1b856eda1cf612972f9d3d665a4534f46af1cb25a9

        SHA512

        55e8971058ef6ecd516725851ae6b4a76664cd2b5ecb20217d0b493aa81334094f8c376473a72888761be575237450f57f48b6a90541f9afb877dd5722492335

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        1.2MB

        MD5

        958fc8c436afdc6fdc756cfee16a8e75

        SHA1

        ac570f9ed4a025aecae2700fb9ee03e7bdffb5b4

        SHA256

        80c41a959abe05d70f614d9b53cb4b993cb134f2ba50a1f2d6f15ab827e4d38f

        SHA512

        149fe0e8a68b22a58dce5baa97ef54fc4df41f2b85cd68f98213a482849792d558727897b1f455b307ff9fffc2cb493df193d7212bb238a36e6551967dcb2113

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        621KB

        MD5

        4dc8ccf7b21863a8ba3645d8fc20c235

        SHA1

        f137853ac11ae9cbcd6e548870142d9b03c68e72

        SHA256

        2ff0b0751726e29822a670f7c44da6a38735653546305b35b93af423df2bfcc1

        SHA512

        fcd64a6142be302c37a7eb5fc08c6cae18f05d3ec0e41e4aad49c2ad0aae82d92bb141987a0ccd3a577aa7840294a2b9bf45052066b2e1d0339499f687143afa

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-NS20A.tmp\87705a102f3b959b7ecc2316b7da6bfb6005f42792cce87ec0c57e305d74b5bd.tmp
        Filesize

        687KB

        MD5

        f448d7f4b76e5c9c3a4eaff16a8b9b73

        SHA1

        31808f1ffa84c954376975b7cdb0007e6b762488

        SHA256

        7233b85eb0f8b3aa5cae3811d727aa8742fec4d1091c120a0fe15006f424cc49

        SHA512

        f8197458cd2764c0b852dac34f9bf361110a7dc86903024a97c7bcd3f77b148342bf45e3c2b60f6af8198ae3b83938dbaad5e007d71a0f88006f3a0618cf36f4

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-76IC5.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-76IC5.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/808-179-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-189-0x0000000000750000-0x00000000007F2000-memory.dmp

        Filesize

        648KB

        Download

      • memory/808-208-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-205-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-202-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-198-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-195-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-158-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-192-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-188-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-161-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-185-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-165-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-166-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-169-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-172-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-175-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/808-178-0x0000000000750000-0x00000000007F2000-memory.dmp

        Filesize

        648KB

        Download

      • memory/808-182-0x0000000000750000-0x00000000007F2000-memory.dmp

        Filesize

        648KB

        Download

      • memory/1328-155-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1328-154-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1328-152-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1328-151-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2772-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2772-159-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2772-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4568-162-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4568-160-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/4568-7-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download