Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/12/2023, 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d168199d2769675580f1bda95899868143ac7864d7df130cb1bad9d29614e495.exe

  • Size

    6.9MB

  • MD5

    542547c0b37f5983fcc6713375ea2759

  • SHA1

    af7ce07612cb1e21ae06a07f55d24c9a143fe6f2

  • SHA256

    d168199d2769675580f1bda95899868143ac7864d7df130cb1bad9d29614e495

  • SHA512

    0442eab5d7237553069d0f18ce890f597ad54ff2a0e1f0d751e0b9a9d0f9d0dbdd401668b30800d821e292fba935282c2b277236b471716aa84bd8d10687fa69

  • SSDEEP

    196608:BA89BmaeXRdyXFnlUrU7o7Bz3HzNNn1jnNnTfMImG0zj:JBmakyVnlUQ7Wz3Tv1jNTh0zj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d168199d2769675580f1bda95899868143ac7864d7df130cb1bad9d29614e495.exe
    "C:\Users\Admin\AppData\Local\Temp\d168199d2769675580f1bda95899868143ac7864d7df130cb1bad9d29614e495.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1076
    • C:\Users\Admin\AppData\Local\Temp\is-IBVN5.tmp\d168199d2769675580f1bda95899868143ac7864d7df130cb1bad9d29614e495.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-IBVN5.tmp\d168199d2769675580f1bda95899868143ac7864d7df130cb1bad9d29614e495.tmp" /SL5="$50220,6977575,54272,C:\Users\Admin\AppData\Local\Temp\d168199d2769675580f1bda95899868143ac7864d7df130cb1bad9d29614e495.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1204
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
        3⤵
        • Executes dropped EXE
        PID:4260
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2900
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:1912
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:1656
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:476

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        325KB

        MD5

        8900be03707d43649c15142b87ec245c

        SHA1

        7f3456af40840c34656a03dcfba10c38734dac84

        SHA256

        0ef9a19660cbbb0cdfff1a44a7f4ef1c01ac32c6b8c3bc4efae104f455b4cc9c

        SHA512

        912aeacb40f3ec38273a0394a0c32c0e8b2d3db2680bd6edbc9a3c8e68ea00c6fb6e62eed09f2a41e22db5718bce2c68d59b411f8a7faeea97acf42b52737d33

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        420KB

        MD5

        eb7d0c5b639d9dcd46d807cd735a6437

        SHA1

        b4380a6a74af4534cc306e243703b37ce512bd53

        SHA256

        fb5338b33da1739c5705abe45964660615e19f8d434630b3177cb895e020faeb

        SHA512

        b5ad8c31319feca9561130d35d60dd4b0c9eb25ea926958733d7524b8d25cd177109828e255b881e80bd956676970c5cb08e5e25963afc6c1373c336f7125312

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        428KB

        MD5

        a3e7bd2dd9cc7d26feeadff102d29a44

        SHA1

        d8a35640e68e2a7b32f1423870bd264f98dd79a4

        SHA256

        216c313e03bdbea0ae6263ee20fa71e78786c67dde32159907a7480fcc2e058e

        SHA512

        fc5546be191d7f76323b3721542257d9038e2275e62861192cc2ea12337ee9b52ccf299501e4badd73c7320abe601b4acc702a97028bfd0b86f0ff43d3f3ac9a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-CHC5O.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-CHC5O.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-IBVN5.tmp\d168199d2769675580f1bda95899868143ac7864d7df130cb1bad9d29614e495.tmp
        Filesize

        275KB

        MD5

        59b45219c06aeea121931209f636f1e2

        SHA1

        12fd60ab453ef72fcc46c7da1df13dc86fd05971

        SHA256

        248c6a16a568d9c56818a8b1a40ef1209b578eec77fda6303481e9246038f5bd

        SHA512

        f5a3f27bb1f4b94ebffc0f02fad06e64d92954267a428ee038e10f3fe250928ba5bb379518a84367ba1f9688715153758e56de583cdaca8034b02fc71ae334bf

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-IBVN5.tmp\d168199d2769675580f1bda95899868143ac7864d7df130cb1bad9d29614e495.tmp
        Filesize

        497KB

        MD5

        21af30f44877709e74f86324de4732b4

        SHA1

        008e4a7d437a69dc9b0a3c56074d804e58ba58c0

        SHA256

        d04d27a0d7ac68a594e7aa15430460e56750ca4da68e9de4a0de757243f62912

        SHA512

        89f442e9a5468ff68f8232c0ee51507ee316ded9e70d7f9beeb27aaf2d9d3f14e04f266723ba9a75124b9b106700072731437c4b79c850c34324224422616c93

        Download Submit

      • memory/1076-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1076-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1076-160-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1204-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/1204-7-0x0000000002100000-0x0000000002101000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1204-163-0x0000000002100000-0x0000000002101000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1912-154-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1912-150-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1912-152-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-176-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-179-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-159-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-166-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-167-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-170-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-173-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-158-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-180-0x0000000000850000-0x00000000008F2000-memory.dmp

        Filesize

        648KB

        Download

      • memory/4260-162-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-185-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-188-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-189-0x0000000000850000-0x00000000008F2000-memory.dmp

        Filesize

        648KB

        Download

      • memory/4260-192-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-195-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-198-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-201-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-204-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4260-208-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download