Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/12/2023, 19:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    01b1e221dd0ddd383a5022cafbe1e516adcbe658eb0565ce17a158adc4749945.exe

  • Size

    6.9MB

  • MD5

    3539dc923fc41ce3be4469fda90b1bf8

  • SHA1

    c36e8a1cefe22e13ae5de9a2a686a67d151938c5

  • SHA256

    01b1e221dd0ddd383a5022cafbe1e516adcbe658eb0565ce17a158adc4749945

  • SHA512

    f003bec7f62a399e919da1e0d97aaf23ce81c103e451821ca0ae2c32bc1e04d648882fc6b7ac71eb3462b14a1102f31e764220cbd538de366f60e281caf227d2

  • SSDEEP

    196608:wA89BmaeXRdyXFnlUrU7o7Bz3HzNNn1jnNnTfMImG0zj:sBmakyVnlUQ7Wz3Tv1jNTh0zj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01b1e221dd0ddd383a5022cafbe1e516adcbe658eb0565ce17a158adc4749945.exe
    "C:\Users\Admin\AppData\Local\Temp\01b1e221dd0ddd383a5022cafbe1e516adcbe658eb0565ce17a158adc4749945.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Users\Admin\AppData\Local\Temp\is-D600J.tmp\01b1e221dd0ddd383a5022cafbe1e516adcbe658eb0565ce17a158adc4749945.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-D600J.tmp\01b1e221dd0ddd383a5022cafbe1e516adcbe658eb0565ce17a158adc4749945.tmp" /SL5="$5021E,6977575,54272,C:\Users\Admin\AppData\Local\Temp\01b1e221dd0ddd383a5022cafbe1e516adcbe658eb0565ce17a158adc4749945.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4140
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:1900
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4400
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 helpmsg 10
          4⤵
            PID:5108
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
          3⤵
          • Executes dropped EXE
          PID:1800
        • C:\Windows\SysWOW64\schtasks.exe
          "C:\Windows\system32\schtasks.exe" /Query
          3⤵
            PID:224

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              559KB

              MD5

              e8ab43b00a4866f097f87de19ead0ee2

              SHA1

              7afea1ef40e0871a3941682f6a6e61a09b86a1c0

              SHA256

              dc09754a3d0650fa095a1544ff0c6ecd277afb8d92faf8f5c8c74ce371e67ddf

              SHA512

              23acbc63b5afad88f14b8b6f1f1b67a36a18cd1332d5d07184ecc5cd0e97a8e364ad99b39712a7f5f15f431b468e980f480f573fc7e7063e9d198f19648e752f

              Download Submit

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              389KB

              MD5

              84c32ca965ddfe0eb0d590530fc78056

              SHA1

              60e4517319719325c10dfd6c7f1f320e7d620512

              SHA256

              08e2c928922ce170fefa574030845980ca08decb2ea7ac4fdb53e6b6a84920ee

              SHA512

              c96328f95e8536b396228fe069cda2ae6bf0fc92d7ffc2f6665c9424f2aaa0e8d5453ece98557373ac1dc21a0a552c473a7a2c0c5003d365a85e3dd5d4876778

              Download Submit

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              472KB

              MD5

              9df7e3ddd8214aa454f38f73e3217ab2

              SHA1

              721dae435efe4cbebd72061332953c6220c01e8e

              SHA256

              83c7af0790cd1732318948b86824d3136cdd37d034e2255d37874d8ce6f5f133

              SHA512

              d891ccdd2906f492973a38c924b6b25493d67dbfba3a4c5fc9a5248484368d2d15bf4c571f1d2c9f76f0a6da5d85747151c931faf291649d8cbde9b3c568f758

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\is-D600J.tmp\01b1e221dd0ddd383a5022cafbe1e516adcbe658eb0565ce17a158adc4749945.tmp
              Filesize

              322KB

              MD5

              2fb339ccacd4a98204b0890c355ff0b2

              SHA1

              435f6f3b1ac7bbc109bea0ae69936efaf6d2817a

              SHA256

              f55c3642d892ff9734018314aa6f9b48e4f24e63fbde747955f59ae83a8aa82b

              SHA512

              98e219372530f171de875b9d0d28d9c690573e56e3ce6058528b40abb3cb9db6b964d4e74f179dfbe75f17d13e83617825164e07c8f832c858801c5669caadbe

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\is-D600J.tmp\01b1e221dd0ddd383a5022cafbe1e516adcbe658eb0565ce17a158adc4749945.tmp
              Filesize

              135KB

              MD5

              55b2c10780c4ee7b08cecbfdfbdcab59

              SHA1

              dd9d6a9d9e80886ea4200be729a7ea1a39bdc1d0

              SHA256

              73bbe1eaab993d68fb646492c8fdd73d5c9b2cf4d2d8fb4f0326565cad3ac8ff

              SHA512

              3454b28f4058921ba77ebda5b9c9312213be70769ba3fe5028c1649a18fa0cd059c442face9f41cebf569a0d5b85cc9b87cdf1af42e4a7458a634a61fd13d2a1

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-RGC46.tmp\_isetup\_iscrypt.dll
              Filesize

              2KB

              MD5

              a69559718ab506675e907fe49deb71e9

              SHA1

              bc8f404ffdb1960b50c12ff9413c893b56f2e36f

              SHA256

              2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

              SHA512

              e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-RGC46.tmp\_isetup\_isdecmp.dll
              Filesize

              19KB

              MD5

              3adaa386b671c2df3bae5b39dc093008

              SHA1

              067cf95fbdb922d81db58432c46930f86d23dded

              SHA256

              71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

              SHA512

              bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

              Download Submit

            • memory/1800-158-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-189-0x0000000000810000-0x00000000008B2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/1800-205-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-198-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-195-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-185-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-159-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-208-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-192-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-201-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-162-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-188-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-166-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-169-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-172-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-175-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-176-0x0000000000810000-0x00000000008B2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/1800-181-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1800-182-0x0000000000810000-0x00000000008B2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/1900-152-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1900-151-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1900-155-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2484-160-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/2484-2-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/2484-0-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/4140-163-0x00000000001F0000-0x00000000001F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4140-161-0x0000000000400000-0x00000000004BC000-memory.dmp

              Filesize

              752KB

              Download

            • memory/4140-19-0x00000000001F0000-0x00000000001F1000-memory.dmp

              Filesize

              4KB

              Download