Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/12/2023, 20:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6db09d94c9382516dedb392f4cacbcc425e976cc1a0694626174723f3a9c6fc1.exe

  • Size

    6.9MB

  • MD5

    0df5f442b3d31c200eed57297709c6d6

  • SHA1

    4c41dfa04863b7018ae6cbfb038652189f6b0893

  • SHA256

    6db09d94c9382516dedb392f4cacbcc425e976cc1a0694626174723f3a9c6fc1

  • SHA512

    c994ccbb1a5c9b9e9adc8ecdc27956e69b201f4f4977a59bbd90971cb68a62141dd3e4b457c1842918c0a01e17f59b22b3f5dc9338d5af2590946800d0493f8b

  • SSDEEP

    196608:BxnTNzjsOzc7TGHscDgcXbIdslX38dgFYJzj:XNztzQlcDPXus98d9Jzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6db09d94c9382516dedb392f4cacbcc425e976cc1a0694626174723f3a9c6fc1.exe
    "C:\Users\Admin\AppData\Local\Temp\6db09d94c9382516dedb392f4cacbcc425e976cc1a0694626174723f3a9c6fc1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Users\Admin\AppData\Local\Temp\is-09R7C.tmp\6db09d94c9382516dedb392f4cacbcc425e976cc1a0694626174723f3a9c6fc1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-09R7C.tmp\6db09d94c9382516dedb392f4cacbcc425e976cc1a0694626174723f3a9c6fc1.tmp" /SL5="$9005E,7025884,54272,C:\Users\Admin\AppData\Local\Temp\6db09d94c9382516dedb392f4cacbcc425e976cc1a0694626174723f3a9c6fc1.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4156
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:944
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:1296
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
          3⤵
          • Executes dropped EXE
          PID:1780
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 10
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4308
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:1744

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        271KB

        MD5

        08878f35ef031f62cfbf81e81a9f19f6

        SHA1

        b80e8e3c0d2ad4446fde0c46d2d9c40620617b44

        SHA256

        7dfeebe24d71ee9cb8c2aa1ef3ffca3db4fd65d3a49282ec0eb6a6c961b171b8

        SHA512

        d795adbfbf485bd74b114caec607f2d8f3e93c414465c166b66784309555dcdcb6ee81c8726cc0586fe8021c0820dc180690ffce55755943baa50a144e75e79e

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        167KB

        MD5

        d0931cb604a1e3b1e24ed443744d859b

        SHA1

        a441895606987b5d1c8e6e192dbf762d41d8c005

        SHA256

        2beb3ebe56f2c938203a42aa8adabe0b118a7205db7003b7015c5d279a448426

        SHA512

        b55407efd4f41337aa69663a9eb6cc9c6a2ad3b230d6a7ce6c9b8dac8ba737d9e6270f727daf867b74d3b55e46e0c38008c5dcb4a9bf143d73c61aec1026843d

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        171KB

        MD5

        95f027a535e577b6344ae29c0d1141d5

        SHA1

        3f3ed1bf7f99d7606de7eba8bf987c33b93128ed

        SHA256

        f40fd6303e30014b38b7b0fc589ec5766d376c28abd4f46b3c951477ac26036e

        SHA512

        ebb4b787e6f35f2fbd5ff01b62ff029e6cefa50cc51d7875eec7e9006b968a9e7440d7a58b59322ea12d606e2d1a5844880fd5870d59c65777a145943cb9d2bd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-09R7C.tmp\6db09d94c9382516dedb392f4cacbcc425e976cc1a0694626174723f3a9c6fc1.tmp
        Filesize

        687KB

        MD5

        f448d7f4b76e5c9c3a4eaff16a8b9b73

        SHA1

        31808f1ffa84c954376975b7cdb0007e6b762488

        SHA256

        7233b85eb0f8b3aa5cae3811d727aa8742fec4d1091c120a0fe15006f424cc49

        SHA512

        f8197458cd2764c0b852dac34f9bf361110a7dc86903024a97c7bcd3f77b148342bf45e3c2b60f6af8198ae3b83938dbaad5e007d71a0f88006f3a0618cf36f4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-09R7C.tmp\6db09d94c9382516dedb392f4cacbcc425e976cc1a0694626174723f3a9c6fc1.tmp
        Filesize

        676KB

        MD5

        c22df4f47147995a3cf434aed9204c17

        SHA1

        13b9e07f1f191bf42e13fd0eeb3679e25c1c06cd

        SHA256

        18caa88fb10e7fc72c5858dd216bc1ca18c1afacfd05ef350c6b8fe55dcf6025

        SHA512

        0a7bf33b27b8846df5e88778d4ab83931b346896bda48ee21c91ce781cd3bf7bf4f98e6043522d8f35c7806933bf3a786031aa0bcdd7e9cddada48e2b0a3a6d7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-TQFEO.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-TQFEO.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/944-150-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/944-151-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/944-154-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/944-153-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-185-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-192-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-157-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-208-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-205-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-202-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-161-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-198-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-165-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-166-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-169-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-172-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-175-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-178-0x0000000000740000-0x00000000007E2000-memory.dmp

        Filesize

        648KB

        Download

      • memory/1780-182-0x0000000000740000-0x00000000007E2000-memory.dmp

        Filesize

        648KB

        Download

      • memory/1780-181-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-195-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-188-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1780-189-0x0000000000740000-0x00000000007E2000-memory.dmp

        Filesize

        648KB

        Download

      • memory/1780-158-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1880-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1880-159-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4156-162-0x0000000000690000-0x0000000000691000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4156-160-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/4156-9-0x0000000000690000-0x0000000000691000-memory.dmp

        Filesize

        4KB

        Download