Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11/12/2023, 00:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eda566ec007f253857b4626219042328e21373a835254be942b77a5f47015d4c.exe

  • Size

    6.9MB

  • MD5

    c915f8f9a2a77bc5fabb4edd856c5364

  • SHA1

    44fb452f3059a31a607cbd24f42bacea2664f7ef

  • SHA256

    eda566ec007f253857b4626219042328e21373a835254be942b77a5f47015d4c

  • SHA512

    ad15c7e57bb41f4ab1137fd1786060116c2fb9834b96267c9fb587e2de2e945a2908dbf5e9a56828f6424966f6755de32b42de76b66910ac513485180d79489c

  • SSDEEP

    196608:GK2+nNevvWstwr2m5BmycyEbSfasepd5e4x6+AjZ6mjxzj:GDY6tiP3myRfzepXe4ny8gxzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eda566ec007f253857b4626219042328e21373a835254be942b77a5f47015d4c.exe
    "C:\Users\Admin\AppData\Local\Temp\eda566ec007f253857b4626219042328e21373a835254be942b77a5f47015d4c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:508
    • C:\Users\Admin\AppData\Local\Temp\is-JV74R.tmp\eda566ec007f253857b4626219042328e21373a835254be942b77a5f47015d4c.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JV74R.tmp\eda566ec007f253857b4626219042328e21373a835254be942b77a5f47015d4c.tmp" /SL5="$B006A,6991381,54272,C:\Users\Admin\AppData\Local\Temp\eda566ec007f253857b4626219042328e21373a835254be942b77a5f47015d4c.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:652
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:224
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
          3⤵
          • Executes dropped EXE
          PID:4576
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 10
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:656
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
          3⤵
          • Executes dropped EXE
          PID:3600
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:992

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        155KB

        MD5

        be641fbd4bb3d745c60a0e1fd7d1ca9a

        SHA1

        44715dd0441ebbd9f2cbda8b9e63794e706ba1de

        SHA256

        f3ef9bf05b20882afa098d1316d74d935e5d0c88181ba8bee36cba8195dafdd0

        SHA512

        4050e1251298ece956525b6314ef1e9b0a4bfc5db9d94e533a0e3a5e91ff709926b9e71e1cfdcdc318a4a1f1957e2c65ddab8b66e4c08769da700de2862893a8

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        100KB

        MD5

        fadc064ba9d0e62bfb897282a99bf8da

        SHA1

        3bb397c6a2702554908048be053312f3db3ca578

        SHA256

        d2207a05a0a94856e4d562931739cf4139a592bc45a81182a62450da2580d8b9

        SHA512

        ade56a33a79bb769785ed43627f8b2c7cbdca0c88a405aed5b98e5f0028c477eaa1eb96302d98d6016ba4c8123dd1498b348246548710fb6b62c9149308a7d05

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        120KB

        MD5

        278848a6a8bc16a967ad95ffe955f863

        SHA1

        ba1a6b777ab14a63c7af4bf8639f02f4dca10c54

        SHA256

        32d3642e163a7d832ad0f4f95a0eacb81d47d1d06bce32e6bd65b49c2b4ede39

        SHA512

        7e559b7a218080365d9cf3fe6c15495e22868eec40b413da7a6c5e7c66aa82b312b5980fdbb6f412ec7f5c738d3c1d7c186ff6ff787f1ce1b29d82cacfd61dfa

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-JV74R.tmp\eda566ec007f253857b4626219042328e21373a835254be942b77a5f47015d4c.tmp
        Filesize

        67KB

        MD5

        75efbfa0fa7da1102d4761f9444117aa

        SHA1

        5d5b0f0078b4815b5f468b2e84598d6836223956

        SHA256

        b0d4c05624a2a477eb1dc174baf9e23123c811c7bec8ccd9b2515c3f2414a2d5

        SHA512

        a5ee65b28c7a8fcd49a34cd5c484065cbfe7ebc1a0878cc30e2078cf396a5ce38fe3235c64844915c1e6b7c159f2cd6a0a702ad448d0d9fdb294125ee66d2079

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-JV74R.tmp\eda566ec007f253857b4626219042328e21373a835254be942b77a5f47015d4c.tmp
        Filesize

        83KB

        MD5

        c713aa790acfa011cdccde0911fe98a6

        SHA1

        1185a1854726a164d03ba23bc9b40d71f27c9bcf

        SHA256

        f110662a8703e43f9a4a97c68b553b4997fd646e70a7d7afac2b5c1288a8e1b9

        SHA512

        8e991e2df86a132e2b57be40d6d0379bcd612b2df971e309e72f5f3b0125fd6966f3fb7bb110ffd5148a84a77548d43781b174e2019add13a4061b69d15cb6c2

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-IBNCE.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • \Users\Admin\AppData\Local\Temp\is-IBNCE.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/508-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/508-160-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/508-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/652-163-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/652-13-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/652-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/3600-155-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3600-154-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3600-152-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3600-151-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-162-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-182-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-158-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-166-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-167-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-170-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-173-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-176-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-183-0x00000000008D0000-0x0000000000972000-memory.dmp

        Filesize

        648KB

        Download

      • memory/4576-159-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-178-0x00000000008D0000-0x0000000000972000-memory.dmp

        Filesize

        648KB

        Download

      • memory/4576-186-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-189-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-190-0x00000000008D0000-0x0000000000972000-memory.dmp

        Filesize

        648KB

        Download

      • memory/4576-193-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-196-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-199-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-203-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-206-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4576-209-0x0000000000400000-0x000000000061C000-memory.dmp

        Filesize

        2.1MB

        Download