Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    103s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13/09/2022, 15:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fa94d6ee7a24a1dea25476fd585d371fb7fa39197aa8e48ef8cd933bb5ea08b.exe

  • Size

    249KB

  • MD5

    931c666a7bb9190f5dec8bed370e63d4

  • SHA1

    bf4a2198683d2472d7f71120435ff4ba2c344f6b

  • SHA256

    6fa94d6ee7a24a1dea25476fd585d371fb7fa39197aa8e48ef8cd933bb5ea08b

  • SHA512

    14d3347e87884efbd7abaed9230e915c9baa1945165c2a5a57b9559b3e00baed954d6aaf3428f84ddc4f6fbbc094241cd87f914eb9727dbf7ca87d1fae754be4

  • SSDEEP

    6144:R9zWRANS5rKSxDtCz78sfDQGcWM2QDn8l:TqAGrKSxDtUNDQCM

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fa94d6ee7a24a1dea25476fd585d371fb7fa39197aa8e48ef8cd933bb5ea08b.exe
    "C:\Users\Admin\AppData\Local\Temp\6fa94d6ee7a24a1dea25476fd585d371fb7fa39197aa8e48ef8cd933bb5ea08b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\6fa94d6ee7a24a1dea25476fd585d371fb7fa39197aa8e48ef8cd933bb5ea08b.exe
      "C:\Users\Admin\AppData\Local\Temp\6fa94d6ee7a24a1dea25476fd585d371fb7fa39197aa8e48ef8cd933bb5ea08b.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4684

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2976-116-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-117-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-118-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-119-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-120-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-121-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-122-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-123-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-124-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-125-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-126-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-127-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-128-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-129-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-130-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-132-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-133-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-134-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-135-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-136-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-137-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-138-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-140-0x00000000005A0000-0x000000000064E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/2976-139-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-141-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-142-0x00000000001D0000-0x00000000001D9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2976-143-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-144-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2976-145-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-146-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4684-148-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-149-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-150-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-151-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-152-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-153-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-154-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-155-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-156-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-157-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-159-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4684-158-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-160-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-161-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-162-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-163-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-164-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-165-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-166-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-167-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-168-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-169-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-170-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-171-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-172-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-173-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-174-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-175-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-176-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-177-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4684-178-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download