Overview

overview

7

Static

static

3

dridex

windows10-1703-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11/12/2023, 01:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7cc0ebd12af9e85eb0d2a136aac5eb8002a56182cd9ec5982d5bc421c86c53c0.exe

  • Size

    6.9MB

  • MD5

    54bf6e365c98aab28979904e0fd34c30

  • SHA1

    5d24c26525328a34ad3ef07d16426df90ea0fbe0

  • SHA256

    7cc0ebd12af9e85eb0d2a136aac5eb8002a56182cd9ec5982d5bc421c86c53c0

  • SHA512

    5313cd7b30a5f8487450495cd7bd3feaeda19426c4c044a8b6d1538fc436412af863306a7c824f40ec3b82bffd4ea10ad5d2635ea6a4fd57b6774f1ef4c343ac

  • SSDEEP

    196608:0xnTNzjsOzc7TGHscDgcXbIdslX38dgFYJzj:8NztzQlcDPXus98d9Jzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7cc0ebd12af9e85eb0d2a136aac5eb8002a56182cd9ec5982d5bc421c86c53c0.exe
    "C:\Users\Admin\AppData\Local\Temp\7cc0ebd12af9e85eb0d2a136aac5eb8002a56182cd9ec5982d5bc421c86c53c0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3868
    • C:\Users\Admin\AppData\Local\Temp\is-8AIOL.tmp\7cc0ebd12af9e85eb0d2a136aac5eb8002a56182cd9ec5982d5bc421c86c53c0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8AIOL.tmp\7cc0ebd12af9e85eb0d2a136aac5eb8002a56182cd9ec5982d5bc421c86c53c0.tmp" /SL5="$6022A,7025884,54272,C:\Users\Admin\AppData\Local\Temp\7cc0ebd12af9e85eb0d2a136aac5eb8002a56182cd9ec5982d5bc421c86c53c0.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4988
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:4764
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
          3⤵
          • Executes dropped EXE
          PID:3896
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
          3⤵
          • Executes dropped EXE
          PID:2184
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 10
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4960
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 helpmsg 10
            4⤵
              PID:4528

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              465KB

              MD5

              0c4b84fcd28ab3e773d2fa00c5f9dad8

              SHA1

              92ae221fe480f16c27c72d0fffbd5c386cdfe20a

              SHA256

              282b1506ba8e34aaedcb4a69b7faa5e9b99e28ea81637646e172264143374b14

              SHA512

              22a8987d31d17e9e6a9c694fb95d27da65ac177a94643077c8bb6901595dd4dbb1181c9eb1109f1d49d5c6a972714c3aae4ae61f12444e126604e9e9bbb96f6d

              Download Submit

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              401KB

              MD5

              ae41dbe72544ee56a6f228fdee577612

              SHA1

              b8e41872fe011eabfb48af9a50ce549f92372d2e

              SHA256

              6527d547f028a3ac83b270f8148f0166cb41ce04e280e92df4e8146d00cdd4d9

              SHA512

              d015b5e3b0d4c6b397de8b326853d5dbd7ccd136a64f43642ef15aecd6b9fa2e2607c60f4b1cee53dfcf4fb14c4913d5bc26152d901204d3ab95986b9ddb8567

              Download Submit

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              340KB

              MD5

              00dcbaee762612449138ecb0dafb52aa

              SHA1

              865795fb70709c365858e123069fdc8ac837e21b

              SHA256

              813c7c8b1ce49ad93d4ec6f09c52eceb123626928c9df8bf2e71bf04385428d6

              SHA512

              b6ee2ecc620818ca24529d121ec11ede1548efcde48ed325f68e1e777df5a528cb983ef5ae3dd1309d756df1e05d69a9b4bf352a2ce06a6c71665e480ee7aef5

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\is-8AIOL.tmp\7cc0ebd12af9e85eb0d2a136aac5eb8002a56182cd9ec5982d5bc421c86c53c0.tmp
              Filesize

              687KB

              MD5

              f448d7f4b76e5c9c3a4eaff16a8b9b73

              SHA1

              31808f1ffa84c954376975b7cdb0007e6b762488

              SHA256

              7233b85eb0f8b3aa5cae3811d727aa8742fec4d1091c120a0fe15006f424cc49

              SHA512

              f8197458cd2764c0b852dac34f9bf361110a7dc86903024a97c7bcd3f77b148342bf45e3c2b60f6af8198ae3b83938dbaad5e007d71a0f88006f3a0618cf36f4

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-5MUO1.tmp\_isetup\_iscrypt.dll
              Filesize

              2KB

              MD5

              a69559718ab506675e907fe49deb71e9

              SHA1

              bc8f404ffdb1960b50c12ff9413c893b56f2e36f

              SHA256

              2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

              SHA512

              e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-5MUO1.tmp\_isetup\_isdecmp.dll
              Filesize

              19KB

              MD5

              3adaa386b671c2df3bae5b39dc093008

              SHA1

              067cf95fbdb922d81db58432c46930f86d23dded

              SHA256

              71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

              SHA512

              bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

              Download Submit

            • memory/2184-186-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-189-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-209-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-206-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-156-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-202-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-199-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-158-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-196-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-193-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-161-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-190-0x0000000000910000-0x00000000009B2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/2184-177-0x0000000000910000-0x00000000009B2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/2184-166-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-167-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-170-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-173-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-176-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2184-183-0x0000000000910000-0x00000000009B2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/2184-182-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3868-0-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/3868-159-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/3868-2-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/3896-163-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3896-151-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3896-152-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3896-154-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4988-10-0x00000000001F0000-0x00000000001F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4988-162-0x00000000001F0000-0x00000000001F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4988-160-0x0000000000400000-0x00000000004BC000-memory.dmp

              Filesize

              752KB

              Download