Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/12/2023, 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e691b81339118781a1ca428d2dadb3cbb84fb4ee7757a13c9df52520d16098e7.exe

  • Size

    6.9MB

  • MD5

    c5eb707f96661c3e929b214c658028ec

  • SHA1

    77063c28da4cfedc00c24dfe1fd68cef88fec775

  • SHA256

    e691b81339118781a1ca428d2dadb3cbb84fb4ee7757a13c9df52520d16098e7

  • SHA512

    fb4b85fee532fe6f0b1ebb3bd5974dd30e2a093893f78730c7e34565206b2edf9eeacd2a980eef4bf0b9bfc26b409f6632a7072166f915ddd6f0d6667c6c5c94

  • SSDEEP

    98304:Y+koiRLFdsODKUdFxQ8k618KzAYYC9z3Bbgtev25o40nsZJjNw5MQNiEU4P5EKHl:pz25G6bV1yYDuZxCWQNhUU2uNzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e691b81339118781a1ca428d2dadb3cbb84fb4ee7757a13c9df52520d16098e7.exe
    "C:\Users\Admin\AppData\Local\Temp\e691b81339118781a1ca428d2dadb3cbb84fb4ee7757a13c9df52520d16098e7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3464
    • C:\Users\Admin\AppData\Local\Temp\is-QE55H.tmp\e691b81339118781a1ca428d2dadb3cbb84fb4ee7757a13c9df52520d16098e7.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-QE55H.tmp\e691b81339118781a1ca428d2dadb3cbb84fb4ee7757a13c9df52520d16098e7.tmp" /SL5="$501FA,6985375,54272,C:\Users\Admin\AppData\Local\Temp\e691b81339118781a1ca428d2dadb3cbb84fb4ee7757a13c9df52520d16098e7.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4592
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:3512
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
          3⤵
          • Executes dropped EXE
          PID:3532
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
          3⤵
          • Executes dropped EXE
          PID:3404
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 10
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4632
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:3756

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        487KB

        MD5

        9b082cafa19f8f84a0e40807fa105cb0

        SHA1

        194acdc4e87bb0c5de5785e2df64b8dd829a3c96

        SHA256

        006e7002560ebaf68e96010689b35f7e18d52f6d018a0a8e1076bf8d945196e5

        SHA512

        d9405252719d29d4b5a3cfb2218c619ca3914077c7ccea7ce9a873c080b40f2173e7a904b0a5a4467bfcc4b16a0fcc7a7e16c1443ed1b37f3e14eb39157f989d

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        524KB

        MD5

        c6a79752daf2738290478dd5201faac6

        SHA1

        fc944c4da931fbb019b08be1fbb59b0fa41aebf8

        SHA256

        2fd7cadbca6588b5e2ec227e3b6015bf98664725264cf079f6772cffe621bb1a

        SHA512

        966b17e8f25cf38537c60f7fb54876bf27fa0fce7032fb6194c55011db8ed1deb20be1f63458afaa98c2a22059d745f3aca03838561f91bc1d6129039eebd375

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        424KB

        MD5

        0af4e0e28730a1cc27f0a5ce8e745919

        SHA1

        92ef0452d2dbe37d29a5a580c00279ffd1d57545

        SHA256

        3f1aaf8a884c98b0386a63088a2a5a8df7df624aa51012d4a2b602d72c23afba

        SHA512

        6e8f1f42cf6c5491cab0ebf225fa97d1c42fd065a77e2c67ea1ccb01280d0d988c3705c62cdfed0f905029989b12fec69b5c24682496e7e095f3ba319de5e5a0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-QE55H.tmp\e691b81339118781a1ca428d2dadb3cbb84fb4ee7757a13c9df52520d16098e7.tmp
        Filesize

        507KB

        MD5

        03b5f06313322c3a880d0a25441f0064

        SHA1

        9689c8f70cad5198d51fa87dbefdbaa01b40b1a5

        SHA256

        0e14b4f1300b7f2871766722687056a23786bf80ab96a1f554c7ace5c5323a6f

        SHA512

        0d3af8e26862dac61821e612440f91d5d96025f65d4f7d633932d4a49e13dc3d97317a73bd4bb3282721dea658aeb8c5794c2a5e22d7f46e4f55550e8c214aa0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-QE55H.tmp\e691b81339118781a1ca428d2dadb3cbb84fb4ee7757a13c9df52520d16098e7.tmp
        Filesize

        421KB

        MD5

        55fd19f1ce70e3d008ce03c3efd7cd35

        SHA1

        3a3e18682177e3466d9e2897e02044af2c6e5d80

        SHA256

        68f745b15b1ed8ec7d9469409b5034132455586bf983dca5a87a3cd14ef8966f

        SHA512

        9b0573a3815bb7106cae30a8d81ea78229ba4d8510c0763f7a0884d732d5dafb3416ce259c3c38f7f9733a7a96487b6b6cdb9b7bf1d922e84b4bd752db734e7e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-8OH94.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-8OH94.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/3404-183-0x0000000000800000-0x00000000008A1000-memory.dmp

        Filesize

        644KB

        Download

      • memory/3404-170-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-209-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-206-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-203-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-199-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-196-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-157-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-159-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-193-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-190-0x0000000000800000-0x00000000008A1000-memory.dmp

        Filesize

        644KB

        Download

      • memory/3404-162-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-189-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-166-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-167-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-186-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-173-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-176-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3404-177-0x0000000000800000-0x00000000008A1000-memory.dmp

        Filesize

        644KB

        Download

      • memory/3404-182-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3464-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/3464-160-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/3464-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/3532-155-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3532-154-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3532-152-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3532-151-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4592-10-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4592-163-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4592-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download