Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/09/2022, 22:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5d90a338072c509a7b40b56150aae3696d0795b7e14e169a2a9f0e88a52fde0d.exe

  • Size

    266KB

  • MD5

    acbc345e85eb0695842a02f5bc166f24

  • SHA1

    7e0bc482b73104529b36641c237dff8d05983b1c

  • SHA256

    5d90a338072c509a7b40b56150aae3696d0795b7e14e169a2a9f0e88a52fde0d

  • SHA512

    872677741c7b29da0643a25b02519d2576b75f27482a663f5fbe2990eac6fc3661f523632e11613c29615e66d00f893ad99cee0e293691ffc1fb4850d4d1826b

  • SSDEEP

    6144:+OYz1Eio8bZlvAFAQwwNvBw3mHtux6Ra6Ai:XUEio8lZAFAQwwN2WHw6

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d90a338072c509a7b40b56150aae3696d0795b7e14e169a2a9f0e88a52fde0d.exe
    "C:\Users\Admin\AppData\Local\Temp\5d90a338072c509a7b40b56150aae3696d0795b7e14e169a2a9f0e88a52fde0d.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1788
  • C:\Users\Admin\AppData\Local\Temp\80E3.exe
    C:\Users\Admin\AppData\Local\Temp\80E3.exe
    1⤵
    • Executes dropped EXE
    PID:3796

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\80E3.exe
          Filesize

          2.4MB

          MD5

          68112d6e256fb5eff29fba569ae9ad41

          SHA1

          4c4f51dd54068e5662e848f8ab47e4a4ef006118

          SHA256

          aa227a9c192107043d5ce66b6058adc5454dcc0100c7cc9da777ce97e2da6cc2

          SHA512

          a8a687b5c3dab33c15ffc29b8c4998168de3b39b62674550688bcde8be1df2e6fb7d4da7a3cc9a220e01b3c629deabf94e1aa910479a9f68db72c61390b25bc3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\80E3.exe
          Filesize

          2.4MB

          MD5

          68112d6e256fb5eff29fba569ae9ad41

          SHA1

          4c4f51dd54068e5662e848f8ab47e4a4ef006118

          SHA256

          aa227a9c192107043d5ce66b6058adc5454dcc0100c7cc9da777ce97e2da6cc2

          SHA512

          a8a687b5c3dab33c15ffc29b8c4998168de3b39b62674550688bcde8be1df2e6fb7d4da7a3cc9a220e01b3c629deabf94e1aa910479a9f68db72c61390b25bc3

          Download Submit

        • memory/1788-120-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-121-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-122-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-123-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-124-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-125-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-126-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-127-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-128-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-129-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-130-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-131-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-132-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-133-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-134-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-136-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-137-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-138-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-139-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-140-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-141-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-142-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-143-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-144-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-145-0x00000000008D0000-0x0000000000A1A000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1788-146-0x00000000001C0000-0x00000000001C9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1788-148-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-147-0x0000000000400000-0x00000000007E9000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/1788-149-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-150-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-151-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-152-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-153-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-154-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-155-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-156-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1788-157-0x0000000000400000-0x00000000007E9000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/3796-160-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-161-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-162-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-163-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-164-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-165-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-166-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-168-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-170-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-169-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-171-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-172-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-174-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-175-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3796-173-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

          Filesize

          1.6MB

          Download