Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dridex

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/12/2023, 07:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d03c40f0e4f82038352e1dc00bbe1961601f80cbf948e0674b607bf4f94239b.exe

  • Size

    7.7MB

  • MD5

    f262cf150afa894b64753a7bb1b44217

  • SHA1

    be801a24e6812dfaf10d5e8aa502feb347b3b54f

  • SHA256

    3d03c40f0e4f82038352e1dc00bbe1961601f80cbf948e0674b607bf4f94239b

  • SHA512

    723516699a3e0ab07e6ff58c87977b45aff6eb678ad11d7e000b9a0edc22b84a5cad6e83cfac14176b7a58ef48581c10b2df57a42c493fcef542b392636e3a6e

  • SSDEEP

    196608:kxm5ZY+LWEHHi/a055Uu5gLAj1DMWIuxurIfDnzj:7YKWEUl5JiAj1DMqumjzj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 3 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d03c40f0e4f82038352e1dc00bbe1961601f80cbf948e0674b607bf4f94239b.exe
    "C:\Users\Admin\AppData\Local\Temp\3d03c40f0e4f82038352e1dc00bbe1961601f80cbf948e0674b607bf4f94239b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Users\Admin\AppData\Local\Temp\is-ORU7I.tmp\3d03c40f0e4f82038352e1dc00bbe1961601f80cbf948e0674b607bf4f94239b.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-ORU7I.tmp\3d03c40f0e4f82038352e1dc00bbe1961601f80cbf948e0674b607bf4f94239b.tmp" /SL5="$C011E,7808387,121856,C:\Users\Admin\AppData\Local\Temp\3d03c40f0e4f82038352e1dc00bbe1961601f80cbf948e0674b607bf4f94239b.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1764
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /Query
        3⤵
          PID:4720
        • C:\Program Files (x86)\GIFMount\gifmon.exe
          "C:\Program Files (x86)\GIFMount\gifmon.exe" -i
          3⤵
          • Executes dropped EXE
          PID:2768
        • C:\Program Files (x86)\GIFMount\gifmon.exe
          "C:\Program Files (x86)\GIFMount\gifmon.exe" -s
          3⤵
          • Executes dropped EXE
          PID:2340
        • C:\Windows\SysWOW64\net.exe
          "C:\Windows\system32\net.exe" helpmsg 12
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3280
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 helpmsg 12
            4⤵
              PID:544

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\GIFMount\gifmon.exe
        Filesize

        1.5MB

        MD5

        c598048e1351353a60d651bd933c1c1d

        SHA1

        dc771f3dc77d885cfb61d5218d2e070ddb6e1796

        SHA256

        06c4a1044d85a22373e37384808f0614843c45e462770c59ec483c36e1fe7f13

        SHA512

        b3dd1560d6968dbfbaa39cb3dc71417cc06beab816b8f9b0982c2236cbec81f9be44fee69835555a784f71ab0ccb55ff9efe2c1a83549e45f23edf861a4810cf

        Download Submit

      • C:\Program Files (x86)\GIFMount\gifmon.exe
        Filesize

        1.7MB

        MD5

        bdcf8b7ad1e62d03b505bb42257fea68

        SHA1

        04e9e271cbc2624a2f94703e03c6b45968a88d3f

        SHA256

        430f65a11fe40bda39e4aaac159ed7d5923bc909bd61fa87ac42b0a4a653df11

        SHA512

        41230c6ff114200fde9491bb3feaf7ae6159e641938a0a9cf273c30f3b3824b08f90d3217321822782c4faf3ef1d44d1722a906d416d4975d9d1085666b4b7a0

        Download Submit

      • C:\Program Files (x86)\GIFMount\gifmon.exe
        Filesize

        747KB

        MD5

        2a854bec9ed970f4467d06d2daf5bb5b

        SHA1

        c70d3f605dd8559aae0baa049c00b13a7f0056ef

        SHA256

        b3b00faf4943827174c08ad3234a9f1d43f2db525c560f458f31d315f5ea6bb5

        SHA512

        299c05f488e77542923a86d161401e76697052cff31da0e6f7d6eea8b2b4c7459ab410e06aa96d27f6ac8e6f92e90bd5d155b5e35b320e68b53e06c49af76a72

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-LKUMP.tmp\_isetup\_iscrypt.dll
        Filesize

        2KB

        MD5

        a69559718ab506675e907fe49deb71e9

        SHA1

        bc8f404ffdb1960b50c12ff9413c893b56f2e36f

        SHA256

        2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

        SHA512

        e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-LKUMP.tmp\_isetup\_isdecmp.dll
        Filesize

        19KB

        MD5

        3adaa386b671c2df3bae5b39dc093008

        SHA1

        067cf95fbdb922d81db58432c46930f86d23dded

        SHA256

        71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

        SHA512

        bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\is-ORU7I.tmp\3d03c40f0e4f82038352e1dc00bbe1961601f80cbf948e0674b607bf4f94239b.tmp
        Filesize

        687KB

        MD5

        f448d7f4b76e5c9c3a4eaff16a8b9b73

        SHA1

        31808f1ffa84c954376975b7cdb0007e6b762488

        SHA256

        7233b85eb0f8b3aa5cae3811d727aa8742fec4d1091c120a0fe15006f424cc49

        SHA512

        f8197458cd2764c0b852dac34f9bf361110a7dc86903024a97c7bcd3f77b148342bf45e3c2b60f6af8198ae3b83938dbaad5e007d71a0f88006f3a0618cf36f4

        Download Submit

      • memory/1764-163-0x0000000000680000-0x0000000000681000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1764-10-0x0000000000680000-0x0000000000681000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1764-161-0x0000000000400000-0x00000000004BC000-memory.dmp

        Filesize

        752KB

        Download

      • memory/2340-179-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-189-0x00000000008F0000-0x000000000098E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/2340-207-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-204-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-159-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-157-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-201-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-198-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-162-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-195-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-166-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-167-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-170-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-173-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-176-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-192-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-180-0x00000000008F0000-0x000000000098E000-memory.dmp

        Filesize

        632KB

        Download

      • memory/2340-185-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2340-188-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2768-155-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2768-151-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2768-152-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/2768-153-0x0000000000400000-0x000000000069A000-memory.dmp

        Filesize

        2.6MB

        Download

      • memory/3012-0-0x0000000000400000-0x0000000000425000-memory.dmp

        Filesize

        148KB

        Download

      • memory/3012-2-0x0000000000400000-0x0000000000425000-memory.dmp

        Filesize

        148KB

        Download

      • memory/3012-160-0x0000000000400000-0x0000000000425000-memory.dmp

        Filesize

        148KB

        Download