Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    140s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11/12/2023, 00:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    22d408a42ee6f48bc2f39dbc03ae4c47643fb3849e918d1dca6c3ce03a34fa51.exe

  • Size

    6.9MB

  • MD5

    c5a4c04864914ae19865e6878e57c190

  • SHA1

    b562c037ee8b6b09c5a707351824b2dc60ac24f6

  • SHA256

    22d408a42ee6f48bc2f39dbc03ae4c47643fb3849e918d1dca6c3ce03a34fa51

  • SHA512

    d9857de4c9222afc76228bdd812c760679d87ba7821f43fb15692896339d7bb2b3a876fb0c9e15e2a0a007a8a2dc9241e8e2bb1d894a1c06a3a533448d61841e

  • SSDEEP

    98304:u+koiRLFdsODKUdFxQ8k618KzAYYC9z3Bbgtev25o40nsZJjNw5MQNiEU4P5EKHl:Tz25G6bV1yYDuZxCWQNhUU2uNzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22d408a42ee6f48bc2f39dbc03ae4c47643fb3849e918d1dca6c3ce03a34fa51.exe
    "C:\Users\Admin\AppData\Local\Temp\22d408a42ee6f48bc2f39dbc03ae4c47643fb3849e918d1dca6c3ce03a34fa51.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Users\Admin\AppData\Local\Temp\is-A8SDJ.tmp\22d408a42ee6f48bc2f39dbc03ae4c47643fb3849e918d1dca6c3ce03a34fa51.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-A8SDJ.tmp\22d408a42ee6f48bc2f39dbc03ae4c47643fb3849e918d1dca6c3ce03a34fa51.tmp" /SL5="$8022A,6985375,54272,C:\Users\Admin\AppData\Local\Temp\22d408a42ee6f48bc2f39dbc03ae4c47643fb3849e918d1dca6c3ce03a34fa51.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4432
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:4832
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
        3⤵
        • Executes dropped EXE
        PID:3116
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        3⤵
          PID:2192
        • C:\Windows\SysWOW64\schtasks.exe
          "C:\Windows\system32\schtasks.exe" /Query
          3⤵
            PID:224
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 helpmsg 10
        1⤵
          PID:2944

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\CRTGame\crtgame.exe
                Filesize

                37KB

                MD5

                d7bced2c84172e6b21e720a5bc54258b

                SHA1

                84db7abfa4180742df3b1a31b8a0641491a802b6

                SHA256

                efc39ce91f743ab5ea03ce0a7827f17414b08e79593d07377d0aaf4bc18ae4b7

                SHA512

                d4847d659406a34a371b597c673ad23f603847072bea7642ed65d85e72cee6aace34c4823c0aaf0dc6c74501ee625131db222e28721c5982338c835bfed055bd

                Download Submit

              • C:\Program Files (x86)\CRTGame\crtgame.exe
                Filesize

                9KB

                MD5

                de5ee1941fa4e4daef95a916f6ab82d0

                SHA1

                d5fa7b7e493257627646e11715bbeee9df5658c7

                SHA256

                a515ca26bde1319aa099c0f465c7a369527e186ee3da7f8747e2c81c549a1dd3

                SHA512

                759d71c92fede5f98d0917e8ded2d045d5caa1aeb6caef085c148d9d4ec234ce7195348dbcc0effdfc3f1360d624c35c33a15a3c3e379db758c2d80a619aaa05

                Download Submit

              • C:\Program Files (x86)\CRTGame\crtgame.exe
                Filesize

                36KB

                MD5

                43042573e4b16a7aab3f876ab2775455

                SHA1

                4d1b9e7c8e085fa17efdaf06ea75cfde0ee5dbe9

                SHA256

                dc24bac138e0ae4e6d8eabef642a796c5756f916005de23d39146ccc61acf84d

                SHA512

                66e770bc0d2496a85bbb03db78768dd06f2226e0b831917d7cdefd9028d889bdd17d53042c1b8016ab902cbf5f5636c897900c9ea4a115ca90f6034677d2f96c

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\is-A8SDJ.tmp\22d408a42ee6f48bc2f39dbc03ae4c47643fb3849e918d1dca6c3ce03a34fa51.tmp
                Filesize

                34KB

                MD5

                afc4a140dd2dd5fc98a7a94c1d938d89

                SHA1

                ad286a988bfe0c1a4773edeae3d2dfe90f6c566e

                SHA256

                45a2442186ce9282e9777cc439aabc5d218cf7e4457b7b900ce935c33244a495

                SHA512

                6e2ce8a1244f3586095cffc48c6c5131b7d5c32fdc4b03962ce866349c4c7f6190cdac8f72dba3c6e764e7bb0b8532af67863046b47f7c80f08a1fc7d3d74d8e

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\is-A8SDJ.tmp\22d408a42ee6f48bc2f39dbc03ae4c47643fb3849e918d1dca6c3ce03a34fa51.tmp
                Filesize

                5KB

                MD5

                afc635b38fbdb0b29e6b8efa3b98cdb1

                SHA1

                7acd57a9c00ed89d1f4a4e60bc47b652ead6ca39

                SHA256

                8382a0a7622c7c9dade5f14df01afebc6b8036523d25da4fa052cab9bd11a965

                SHA512

                e8a728177ea90dee96b62dcf894c0aaa375477d1643d26cec83f55b78a9529bfae7d08f9597d05742cec4046aab079633a168c6a1216ed70817b3186932a78ee

                Download Submit

              • \Users\Admin\AppData\Local\Temp\is-OJ8H6.tmp\_isetup\_iscrypt.dll
                Filesize

                2KB

                MD5

                a69559718ab506675e907fe49deb71e9

                SHA1

                bc8f404ffdb1960b50c12ff9413c893b56f2e36f

                SHA256

                2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

                SHA512

                e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

                Download Submit

              • \Users\Admin\AppData\Local\Temp\is-OJ8H6.tmp\_isetup\_isdecmp.dll
                Filesize

                1KB

                MD5

                db6184777f072d8f3d28804aa99da162

                SHA1

                b62f98de6ac12318bb03da9a5329dc7930a474b4

                SHA256

                04d109206044de4c8c52eb3bf17bb335b195f181d7740d18e89b5deb3e0e48cf

                SHA512

                f530c401a202aab567d956a8ea40e76339421408ffbe663672736356e83de4e10992960a644097e4e9f20449be62be9eafa3cde50d6e8c7cd2026c7dde4baec7

                Download Submit

              • \Users\Admin\AppData\Local\Temp\is-OJ8H6.tmp\_isetup\_isdecmp.dll
                Filesize

                19KB

                MD5

                3adaa386b671c2df3bae5b39dc093008

                SHA1

                067cf95fbdb922d81db58432c46930f86d23dded

                SHA256

                71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

                SHA512

                bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

                Download Submit

              • memory/3116-193-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-190-0x00000000007C0000-0x0000000000861000-memory.dmp

                Filesize

                644KB

                Download

              • memory/3116-157-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-159-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-203-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-196-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-177-0x00000000007C0000-0x0000000000861000-memory.dmp

                Filesize

                644KB

                Download

              • memory/3116-206-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-209-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-199-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-189-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-162-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-186-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-167-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-166-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-170-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-173-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-176-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-182-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/3116-183-0x00000000007C0000-0x0000000000861000-memory.dmp

                Filesize

                644KB

                Download

              • memory/4432-161-0x0000000000400000-0x00000000004BC000-memory.dmp

                Filesize

                752KB

                Download

              • memory/4432-163-0x00000000001F0000-0x00000000001F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4432-10-0x00000000001F0000-0x00000000001F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4560-2-0x0000000000400000-0x0000000000414000-memory.dmp

                Filesize

                80KB

                Download

              • memory/4560-160-0x0000000000400000-0x0000000000414000-memory.dmp

                Filesize

                80KB

                Download

              • memory/4560-0-0x0000000000400000-0x0000000000414000-memory.dmp

                Filesize

                80KB

                Download

              • memory/4832-152-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/4832-154-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/4832-155-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download

              • memory/4832-151-0x0000000000400000-0x000000000061B000-memory.dmp

                Filesize

                2.1MB

                Download