Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231201-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231201-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-12-2023 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd223c979e99ea574fe81270de91ad883bf8ec18be2b2e508b28f86ba935f5ba.exe

  • Size

    6.9MB

  • MD5

    ae198d9f304686abab3643b46f813aea

  • SHA1

    38f64a16200f40d70934982519824217048c67f3

  • SHA256

    bd223c979e99ea574fe81270de91ad883bf8ec18be2b2e508b28f86ba935f5ba

  • SHA512

    e76890d77a2b17d2e76c7dde0af3c26d0ab2b7e4fdae754f558cc248b9a2deaef06c04f950bde5eff98e2bbe4c34d40aab42c9b4a06146cc0c2be2a6a59dd84a

  • SSDEEP

    98304:O+koiRLFdsODKUdFxQ8k618KzAYYC9z3Bbgtev25o40nsZJjNw5MQNiEU4P5EKHl:zz25G6bV1yYDuZxCWQNhUU2uNzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd223c979e99ea574fe81270de91ad883bf8ec18be2b2e508b28f86ba935f5ba.exe
    "C:\Users\Admin\AppData\Local\Temp\bd223c979e99ea574fe81270de91ad883bf8ec18be2b2e508b28f86ba935f5ba.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\is-PUMMU.tmp\bd223c979e99ea574fe81270de91ad883bf8ec18be2b2e508b28f86ba935f5ba.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-PUMMU.tmp\bd223c979e99ea574fe81270de91ad883bf8ec18be2b2e508b28f86ba935f5ba.tmp" /SL5="$60070,6985375,54272,C:\Users\Admin\AppData\Local\Temp\bd223c979e99ea574fe81270de91ad883bf8ec18be2b2e508b28f86ba935f5ba.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        3⤵
        • Executes dropped EXE
        PID:1000
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
        3⤵
        • Executes dropped EXE
        PID:2232
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1764
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:3372
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:3060

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        41KB

        MD5

        8646cbc6401c1b1527cca336263ae24b

        SHA1

        bfdcfc4c0f83c05fc2ff4951141e2e62a45a8d39

        SHA256

        18922d9ded31796541dc3180829ebe6bdf7aed6c94d2b711db51a70082d29f85

        SHA512

        bfb5f34c54ee080df285cf6619809588ed37c9e9e696126f437f96051e94ef8afd0653960891bcb9bd56dbb610fe9b99cddafb797c1c22d4243adfb56754f93f

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        74KB

        MD5

        dca5260ed6d0e9afd3e5a1fc5b8acfa2

        SHA1

        da03f60801ce6bc66e6dfca47184655370887c44

        SHA256

        a020300be6d9a0d9d750b8a13d4804e6ac5aa81e6ec5ce655af6627c98025453

        SHA512

        c2780cd562cc04df1996b10950f9a33f56e4a9a8e92fdb20321d3316f3bb0a86ee7094e6d3f08382e4544ac74ded2714152c1e37387813177017b28106ea180f

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        130KB

        MD5

        07eab11593396699013a4eed2f8064be

        SHA1

        3d86bf536af4869b57f0821913a604eef2702878

        SHA256

        25835834529473b35d2fd6ae7f774b3adfb9c89302106ca37d58121a05fdc8c0

        SHA512

        4685322f190c2a3706b3a7f76896fa01ffa909fa06f8f0fc6f4795452566ff40b9a27e7ff205be7090dbca2b09f56e6aa5c66e205d423d97935bb30a3d347de6

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-NFAUB.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-NFAUB.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-PUMMU.tmp\bd223c979e99ea574fe81270de91ad883bf8ec18be2b2e508b28f86ba935f5ba.tmp
        Filesize

        149KB

        MD5

        dfe451f832e84558eb81c75c3e54f491

        SHA1

        d77c7e2198e7d57e928920b5fb7ae11ab23de8ed

        SHA256

        2923b317dfe81489e50f85eee44627439d2a88ccc484090efbffd2af8a8d7823

        SHA512

        2c38ea07df25cc37750d35bdf6507b9f3e9fb973991a6793c555c2b6de7520e2c604b35c52c9198e8687b985e40fea959e93901ca78d7f29a4d001df10e81335

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-PUMMU.tmp\bd223c979e99ea574fe81270de91ad883bf8ec18be2b2e508b28f86ba935f5ba.tmp
        Filesize

        39KB

        MD5

        8efd3a0b86dcdc400a08ac411dc65de7

        SHA1

        17e14f16fdeb44181e73683c18c61e6d255f8088

        SHA256

        f7df5988385e0762e091bc7e3d969804fe93879d798f478db56e085f47d8e53a

        SHA512

        da41447057bcd3bbb393cedee288c7108cc27f8ec8175380268ae305bf13f35697578520345fc825a349884855eef14b7daa5d6ef2f634b8ad4a220025e51196

        Download Submit

      • memory/1000-155-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1000-151-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1000-154-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1000-152-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2148-160-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2148-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2148-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2192-163-0x0000000000640000-0x0000000000641000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2192-7-0x0000000000640000-0x0000000000641000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2192-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/2232-162-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-183-0x0000000000880000-0x0000000000921000-memory.dmp

        Filesize

        644KB

        Download

      • memory/2232-157-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-167-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-166-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-170-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-173-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-176-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-177-0x0000000000880000-0x0000000000921000-memory.dmp

        Filesize

        644KB

        Download

      • memory/2232-159-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-182-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-186-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-189-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-190-0x0000000000880000-0x0000000000921000-memory.dmp

        Filesize

        644KB

        Download

      • memory/2232-193-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-196-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-199-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-203-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-206-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2232-209-0x0000000000400000-0x000000000061B000-memory.dmp

        Filesize

        2.1MB

        Download