Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231201-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231201-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-12-2023 20:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d1747213712cde132e8b9be68c17bc8cae5183f04741bc47398a0dbe3e7c47f.exe

  • Size

    6.9MB

  • MD5

    79ab8e55aca72539e7efb12f8a8db6f5

  • SHA1

    875e9158b564369c9a7440b98cab61019b281200

  • SHA256

    1d1747213712cde132e8b9be68c17bc8cae5183f04741bc47398a0dbe3e7c47f

  • SHA512

    162ee7fedc1a72a7710e68fdaa1f89d8d2fe219d47fff780ec5e304d51d5a5159a3dafefedf7cbba1cab306059603ce8de0cba9192351bc46ee71104ee8770d0

  • SSDEEP

    196608:SSnj/mmV+GsH+bNueuJRAZVAOk5Vvz+tqE9AmEkzj:SSjumV+jHUodIjk5VzfE9Awzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d1747213712cde132e8b9be68c17bc8cae5183f04741bc47398a0dbe3e7c47f.exe
    "C:\Users\Admin\AppData\Local\Temp\1d1747213712cde132e8b9be68c17bc8cae5183f04741bc47398a0dbe3e7c47f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Users\Admin\AppData\Local\Temp\is-01HQB.tmp\1d1747213712cde132e8b9be68c17bc8cae5183f04741bc47398a0dbe3e7c47f.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-01HQB.tmp\1d1747213712cde132e8b9be68c17bc8cae5183f04741bc47398a0dbe3e7c47f.tmp" /SL5="$8006A,6998999,54272,C:\Users\Admin\AppData\Local\Temp\1d1747213712cde132e8b9be68c17bc8cae5183f04741bc47398a0dbe3e7c47f.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3548
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:4416
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
        3⤵
        • Executes dropped EXE
        PID:4936
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4080
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:3484
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:2780

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        284KB

        MD5

        489fa5a269494062c56ea4026b1e0ef8

        SHA1

        af1857f23eacbe00167ef1559fab0cfe8c3e7355

        SHA256

        28ebd46e6ea5daf2c4a1cec271df5308b3db37f6721d4942ab6d88512acd08fa

        SHA512

        2657e9d9745782eae74c50aa837b35306aea9717e5e8cee7456c80da7235377d80a55fe248f704e3e04389e5f1db35b70968801fcc2b77466cb32351a4e168ed

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        64KB

        MD5

        3965f914e7a8d865978f8ff0115c99f7

        SHA1

        39f7cb073b2373b1002c5dcf781a8db32bc29605

        SHA256

        50c6efa899dcef70775841e63e38256912913a636967fc78f7b9dedcf6b13981

        SHA512

        67713d28355dfc5be00cbfcec2de7ab7f4f9e97fd65dd425e68241fec1f775d3778e83793e28bdb0d4b2142cb1461f6f9675fd335d9b1aba09b028d5e79d40ce

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        44KB

        MD5

        8fe2f04f0197e52ce14e7356d38e7eae

        SHA1

        4aa6613dc6f1fe788da8416daecf2af18a347902

        SHA256

        38a81422cad06329f1dac75ad5edcff7879d9bbf23a329682ea972cc1634d348

        SHA512

        a9b310d8c8a87cc0d3013636ba2cd6f573440a906fd53f24dfb7f9cb6e39008c21b3648d2715ce868b97626f582ae8ca477dcd7085ee23525b12395c22e15fe7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-01HQB.tmp\1d1747213712cde132e8b9be68c17bc8cae5183f04741bc47398a0dbe3e7c47f.tmp
        Filesize

        313KB

        MD5

        98034d1283ed63904128fb1031a21028

        SHA1

        d410ead19a5b69a0b25f89081b0feee0ff720f5a

        SHA256

        cf9fa6e12f33461849a9cd0dba7327e0dfb39f74c21235ee8fdaa51a75f4ba32

        SHA512

        6e1e19acfbde2d5ded381e6a08000e1640fae7994fe4e9868d0194cc9c9cdb28409c5d1e80f291210fcdb11f7a42124b5dbc2fffb457fba1ced329d29e52aba4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-01HQB.tmp\1d1747213712cde132e8b9be68c17bc8cae5183f04741bc47398a0dbe3e7c47f.tmp
        Filesize

        225KB

        MD5

        73de9d3e83ebc09f55c919b5f3d07789

        SHA1

        47e2afa7b10e82a06b63378b10f3672974391f16

        SHA256

        ad57c53a3e3e57ccc22a8c580446f4f20f078175b4efb39b8404a460f1d5a19a

        SHA512

        443be4169701545c8693be954c31a0549d731060b85d5e10fde737296b8240e9ec62415d1c589e582827800f3276dbb25cdace772f69c58d816b8b8f7b71c2b2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-DKA5O.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-DKA5O.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/1956-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1956-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1956-160-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/3548-7-0x0000000000640000-0x0000000000641000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3548-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/3548-163-0x0000000000640000-0x0000000000641000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4416-151-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4416-152-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4416-154-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4416-155-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-162-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-182-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-159-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-166-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-167-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-170-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-173-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-176-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-183-0x0000000000800000-0x00000000008A1000-memory.dmp

        Filesize

        644KB

        Download

      • memory/4936-158-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-178-0x0000000000800000-0x00000000008A1000-memory.dmp

        Filesize

        644KB

        Download

      • memory/4936-186-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-189-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-190-0x0000000000800000-0x00000000008A1000-memory.dmp

        Filesize

        644KB

        Download

      • memory/4936-193-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-196-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-199-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-203-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-206-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4936-209-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download