Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-09-2022 18:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    461d005b1dfa92a781fea1bc3242f4fd94f3cadb105fbb45baf75ff728551378.exe

  • Size

    207KB

  • MD5

    803df6aa55e68949c44f10d2c4e75129

  • SHA1

    27a718129a9e61ec233a605013c3f62ec7945079

  • SHA256

    461d005b1dfa92a781fea1bc3242f4fd94f3cadb105fbb45baf75ff728551378

  • SHA512

    5d56c50c9b61ba4ec5fbf7185015771e1a88f8ac669c08e3c78977d442aec079bba3bb239c2781e44c411d74dee37b68d2a776fda659f24b417931abc758db6e

  • SSDEEP

    3072:k8HIIHFO2l5vlo2/573mRZZ/tvvkrteFkoqiURx:dHFtl5NomGpIjx

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 8 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\461d005b1dfa92a781fea1bc3242f4fd94f3cadb105fbb45baf75ff728551378.exe
    "C:\Users\Admin\AppData\Local\Temp\461d005b1dfa92a781fea1bc3242f4fd94f3cadb105fbb45baf75ff728551378.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Users\Admin\AppData\Local\Temp\461d005b1dfa92a781fea1bc3242f4fd94f3cadb105fbb45baf75ff728551378.exe
      "C:\Users\Admin\AppData\Local\Temp\461d005b1dfa92a781fea1bc3242f4fd94f3cadb105fbb45baf75ff728551378.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:3980
  • C:\Users\Admin\AppData\Roaming\gbsjhac
    C:\Users\Admin\AppData\Roaming\gbsjhac
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4672
    • C:\Users\Admin\AppData\Roaming\gbsjhac
      C:\Users\Admin\AppData\Roaming\gbsjhac
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:1156

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\gbsjhac
    Filesize

    207KB

    MD5

    803df6aa55e68949c44f10d2c4e75129

    SHA1

    27a718129a9e61ec233a605013c3f62ec7945079

    SHA256

    461d005b1dfa92a781fea1bc3242f4fd94f3cadb105fbb45baf75ff728551378

    SHA512

    5d56c50c9b61ba4ec5fbf7185015771e1a88f8ac669c08e3c78977d442aec079bba3bb239c2781e44c411d74dee37b68d2a776fda659f24b417931abc758db6e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\gbsjhac
    Filesize

    207KB

    MD5

    803df6aa55e68949c44f10d2c4e75129

    SHA1

    27a718129a9e61ec233a605013c3f62ec7945079

    SHA256

    461d005b1dfa92a781fea1bc3242f4fd94f3cadb105fbb45baf75ff728551378

    SHA512

    5d56c50c9b61ba4ec5fbf7185015771e1a88f8ac669c08e3c78977d442aec079bba3bb239c2781e44c411d74dee37b68d2a776fda659f24b417931abc758db6e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\gbsjhac
    Filesize

    207KB

    MD5

    803df6aa55e68949c44f10d2c4e75129

    SHA1

    27a718129a9e61ec233a605013c3f62ec7945079

    SHA256

    461d005b1dfa92a781fea1bc3242f4fd94f3cadb105fbb45baf75ff728551378

    SHA512

    5d56c50c9b61ba4ec5fbf7185015771e1a88f8ac669c08e3c78977d442aec079bba3bb239c2781e44c411d74dee37b68d2a776fda659f24b417931abc758db6e

    Download Submit

  • memory/1156-209-0x0000000000402DD8-mapping.dmp

    Download

  • memory/1156-240-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1156-241-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2656-129-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-132-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-119-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-120-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-121-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-122-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-123-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-124-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-125-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-126-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-127-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-128-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-117-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-130-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-131-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-118-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-133-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-134-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-135-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-136-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-137-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-138-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-139-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-140-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-141-0x0000000002E48000-0x0000000002E59000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2656-142-0x0000000002CE0000-0x0000000002CE9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2656-143-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-147-0x0000000002E48000-0x0000000002E59000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2656-116-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-115-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-149-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-166-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-146-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-150-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-151-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-152-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-153-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-154-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-155-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-156-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-158-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3980-159-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-160-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-157-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-161-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-162-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-163-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-164-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-165-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-148-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-167-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-168-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-169-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-170-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-171-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-172-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-173-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-174-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-175-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-176-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3980-177-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3980-145-0x0000000000402DD8-mapping.dmp

    Download

  • memory/3980-144-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4672-181-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4672-182-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4672-180-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4672-179-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4672-183-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4672-184-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4672-185-0x00000000775D0000-0x000000007775E000-memory.dmp

    Filesize

    1.6MB

    Download