Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    53s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/12/2023, 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08115ea90224f85403b0b13c118ce61b242b5a14ee338e2e09a93f3f4d5d4c23.exe

  • Size

    6.9MB

  • MD5

    7cdc2c1365699b9205b864e5120ba12a

  • SHA1

    10994fb85df4ffcf1ea6bacf9a9fc3b8247bf83c

  • SHA256

    08115ea90224f85403b0b13c118ce61b242b5a14ee338e2e09a93f3f4d5d4c23

  • SHA512

    f2afeebc532b495ac959a8225603b6f60dd766eedf2e871327d0dbf37c34ba8552cd5d19e401378449458fb74d37fd20392b94d0373369c080609dcb12a2ea1d

  • SSDEEP

    196608:vxnTNzjsOzc7TGHscDgcXbIdslX38dgFYJzj:VNztzQlcDPXus98d9Jzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08115ea90224f85403b0b13c118ce61b242b5a14ee338e2e09a93f3f4d5d4c23.exe
    "C:\Users\Admin\AppData\Local\Temp\08115ea90224f85403b0b13c118ce61b242b5a14ee338e2e09a93f3f4d5d4c23.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:920
    • C:\Users\Admin\AppData\Local\Temp\is-DOJEJ.tmp\08115ea90224f85403b0b13c118ce61b242b5a14ee338e2e09a93f3f4d5d4c23.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-DOJEJ.tmp\08115ea90224f85403b0b13c118ce61b242b5a14ee338e2e09a93f3f4d5d4c23.tmp" /SL5="$80068,7025884,54272,C:\Users\Admin\AppData\Local\Temp\08115ea90224f85403b0b13c118ce61b242b5a14ee338e2e09a93f3f4d5d4c23.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4076
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:776
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
        3⤵
        • Executes dropped EXE
        PID:4180
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:5084
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 helpmsg 10
          4⤵
            PID:2180
        • C:\Windows\SysWOW64\schtasks.exe
          "C:\Windows\system32\schtasks.exe" /Query
          3⤵
            PID:60

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        64KB

        MD5

        83d708f2f117505a97374dbdff571bbc

        SHA1

        7ca8e73fa2bd6f5c035be55b80472cc909667620

        SHA256

        6e17305aae7f803450305214c6d5ef2ecb7a80f723d57cdb0bfc58b7b1d0eb5d

        SHA512

        a1db79542fce0edc2d972ba437859cc53b2aca462f5859f3c7ea60e624b57ac411e3092762fab950364e8118221da103ce71ea1a2c4008e2aba914a67bc8c006

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        180KB

        MD5

        44d34cb00da103e0feb3420e9b0c5e38

        SHA1

        c62f1bce70bee7d97f93e4676ad076c6b08cc12e

        SHA256

        d3bfa210b2f20941a6e784fe0141617ca832e04308c14f301f51da0fb4f00332

        SHA512

        0d50918b07a4459842d0f276861ff83092d3993f65194a8d4fc90819f22cd07ba3f39c82ccf3dd4c4806911355944f6d101a94494cc2eec324926f1d35212fc6

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        63KB

        MD5

        e05131d7ed64269a3645b4d061f251ab

        SHA1

        e0816452dfd1a1474cda45d96a9d07aecc5b8095

        SHA256

        94edbf7e0c44544833f274aa66b3a5a0a39cd3514f97f0fe6829236d72e2a201

        SHA512

        274907c4345d18fd72c1a9071b09e961a735e55056f16625a34dacda4ae755476aa6cb832d5704195643dfb9f8a3306959f8e60c2eb12eb1db1214d245171cd2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-B97M0.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-B97M0.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-DOJEJ.tmp\08115ea90224f85403b0b13c118ce61b242b5a14ee338e2e09a93f3f4d5d4c23.tmp
        Filesize

        193KB

        MD5

        1fb97aa32abe8da1c07af0137ffc2769

        SHA1

        452cf5fe4d91258a7929f3088770704dac371ee5

        SHA256

        5992bcdc4311e69eac20499a91136d9ff6e68d205ab022f4dba1f6c625267c72

        SHA512

        74a14edc998244a50d9b75dc06df7fe57d79de10de63fd958d63c3e4f0cad1ceb66fa8509f7545095e17418c841b7f4760a6b9c0a174931a114776ab75ce8afd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-DOJEJ.tmp\08115ea90224f85403b0b13c118ce61b242b5a14ee338e2e09a93f3f4d5d4c23.tmp
        Filesize

        40KB

        MD5

        1242a0847703232bbd420976993e2469

        SHA1

        745431adba7b67059f9fa33987f5058b46ede5c5

        SHA256

        6cff3c28e8eb01ba404d8d4ffda58254e2ef10019848b3b2d068809827c7bdf9

        SHA512

        e664b33cd8cbb0bc8018f9cff5ddf783c4bb6b456a7ccb6f36383704578f97ee1ccf11a2cdf44453f606924f957584114caf83fcefb9038795c8673bb60ff38d

        Download Submit

      • memory/776-150-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/776-152-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/776-155-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/920-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/920-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/920-159-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4076-13-0x0000000002230000-0x0000000002231000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4076-162-0x0000000002230000-0x0000000002231000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4076-160-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/4180-161-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-178-0x00000000022E0000-0x0000000002382000-memory.dmp

        Filesize

        648KB

        Download

      • memory/4180-166-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-165-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-169-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-172-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-175-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-182-0x00000000022E0000-0x0000000002382000-memory.dmp

        Filesize

        648KB

        Download

      • memory/4180-179-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-158-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-185-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-188-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-189-0x00000000022E0000-0x0000000002382000-memory.dmp

        Filesize

        648KB

        Download

      • memory/4180-192-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-195-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-198-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-202-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-205-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4180-208-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download