Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    628b8f6c4d0b2152e417a4aded3a685c2f156625f3d04a9c109f5647b3cc5611.exe

  • Size

    6.9MB

  • MD5

    c7e5dcb8d9490eacff1e139b6e5a9100

  • SHA1

    42a82ee39bea98692c8894bfe4dc4deec74a466a

  • SHA256

    628b8f6c4d0b2152e417a4aded3a685c2f156625f3d04a9c109f5647b3cc5611

  • SHA512

    cdfeca3cd8c77f96ba39e569ef321e99591cc0711be024721990892a91140331b9d7887ac8dff0759a2c8ed2aa4c9a1c0a5d5496e4dbbf4950800b2f23cc2a7c

  • SSDEEP

    196608:qxnTNzjsOzc7TGHscDgcXbIdslX38dgFYJzj:SNztzQlcDPXus98d9Jzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\628b8f6c4d0b2152e417a4aded3a685c2f156625f3d04a9c109f5647b3cc5611.exe
    "C:\Users\Admin\AppData\Local\Temp\628b8f6c4d0b2152e417a4aded3a685c2f156625f3d04a9c109f5647b3cc5611.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Users\Admin\AppData\Local\Temp\is-500Q4.tmp\628b8f6c4d0b2152e417a4aded3a685c2f156625f3d04a9c109f5647b3cc5611.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-500Q4.tmp\628b8f6c4d0b2152e417a4aded3a685c2f156625f3d04a9c109f5647b3cc5611.tmp" /SL5="$401D8,7025884,54272,C:\Users\Admin\AppData\Local\Temp\628b8f6c4d0b2152e417a4aded3a685c2f156625f3d04a9c109f5647b3cc5611.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4804
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:4088
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
          3⤵
          • Executes dropped EXE
          PID:1696
        • C:\Program Files (x86)\CRTGame\crtgame.exe
          "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
          3⤵
          • Executes dropped EXE
          PID:3816
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 10
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4636
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 helpmsg 10
            4⤵
              PID:1376

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        907KB

        MD5

        4f2031c1f4739b1ba3b491c25186928b

        SHA1

        0ce5bf9940b5f9c0a73a4d3d2ed77588628eefe1

        SHA256

        289957f5b77be923c9c3c4e749d9253c996ec3c0c85bf64bbf298e1d8f0a38f5

        SHA512

        244373886c33ed506dae63927f6d924cfdb488b12bc60791e7c3fcfca3913702bfa2d6f1f9c13853713c307618b9fe19465e74789f1a2a1fb6b6a6b265f358a8

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        899KB

        MD5

        9588c9814c52d4304c467ba6d2717192

        SHA1

        5aaf89e870d919f1e7baa189a24c298ee725683f

        SHA256

        143d3850913fe9da3fa0c2111696e33f58cce89adf35b5019153b61a64284f6c

        SHA512

        1b16574fee2ab55e9270665fc5abac4bdcca3e6f5329695bef2cf0edfc0b01a9e1bbcad66fc6e2b4cfff66809a55421200783062c1d4861f0304769e93a1ed66

        Download Submit

      • C:\Program Files (x86)\CRTGame\crtgame.exe
        Filesize

        112KB

        MD5

        753828b733a23fabc277c7ba5f776699

        SHA1

        bf8bbf84322a74c8483e77aeef45e67c748a4fb5

        SHA256

        fff7436044a8c6f6381361b8d1262c4b86a9937961f5b27382faa479d687828e

        SHA512

        6150c56d6a8bb8fc02759459702375dee005d3c9694654e37aaf874ba2ea3fc7974e65c4911de149e622d93561af71999fe2e45af820cc2a63d8cad0f60aef3d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-500Q4.tmp\628b8f6c4d0b2152e417a4aded3a685c2f156625f3d04a9c109f5647b3cc5611.tmp
        Filesize

        603KB

        MD5

        5556e4e8320b34e2bf186597c36a2e8e

        SHA1

        79a55993ac82fb625246e24f23c062beffc4f42e

        SHA256

        fab002670bd5298361dba45da211d647bcbb151065d713a2258d6cae4f89beea

        SHA512

        b7f88e5d385febe407ce432f86b3afb4d1d33e2f3b38502900991f4b06ae4d0d322f54f2b1e8a5373da0ba03f689f266a6a0536781d55db2f084f2cca509032c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-500Q4.tmp\628b8f6c4d0b2152e417a4aded3a685c2f156625f3d04a9c109f5647b3cc5611.tmp
        Filesize

        384KB

        MD5

        e1e4ffcf9797667dc0833b55ba9259c7

        SHA1

        1902de5da3647202b716856252d199da3b0640db

        SHA256

        bc32f47efffda0757e4dc640fb647fa2279802e9f21a1b504f40ef2f1e58f32d

        SHA512

        c9ba94e9e1378b49ab0c64e1fa2010b09016450e3c7c316084780c174de693ff99466c7817c3e1e36efe6461823b0b0a329cf70ddaafe93403d99fbe6b3a5d06

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-C6B45.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-C6B45.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • memory/1696-151-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1696-152-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1696-154-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1696-155-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1872-0-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1872-2-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1872-160-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/3816-162-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-180-0x0000000000860000-0x0000000000902000-memory.dmp

        Filesize

        648KB

        Download

      • memory/3816-158-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-208-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-205-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-202-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-166-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-167-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-170-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-173-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-176-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-159-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-179-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-185-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-188-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-189-0x0000000000860000-0x0000000000902000-memory.dmp

        Filesize

        648KB

        Download

      • memory/3816-192-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-195-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3816-198-0x0000000000400000-0x000000000061E000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4804-163-0x00000000005D0000-0x00000000005D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4804-7-0x00000000005D0000-0x00000000005D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4804-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download