Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    67s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/09/2022, 01:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    90bcabce2aac7474901d763ae239d93c376fe1869aaf40c8242011fb077e8827.exe

  • Size

    280KB

  • MD5

    8fcad97aa3048165dc57ef91adb75ec5

  • SHA1

    1ef5d0d2df8c86f3288f243f9709bd49df5c7ac9

  • SHA256

    90bcabce2aac7474901d763ae239d93c376fe1869aaf40c8242011fb077e8827

  • SHA512

    17ca9e295d2de681657ba8c64f7597f4b1f8844fc300510871f130e16a8d06375b510baaa264f9a009cd20e2e204505a8352a131009a39fe723c4efe0d3f0f5f

  • SSDEEP

    6144:bdGiwkyYLjUMvitEu5NczriQYYfedI7ud5JV:bdkkyCjUMviVczriQYXdR7J

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90bcabce2aac7474901d763ae239d93c376fe1869aaf40c8242011fb077e8827.exe
    "C:\Users\Admin\AppData\Local\Temp\90bcabce2aac7474901d763ae239d93c376fe1869aaf40c8242011fb077e8827.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Users\Admin\AppData\Local\Temp\90bcabce2aac7474901d763ae239d93c376fe1869aaf40c8242011fb077e8827.exe
      "C:\Users\Admin\AppData\Local\Temp\90bcabce2aac7474901d763ae239d93c376fe1869aaf40c8242011fb077e8827.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:5052

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2744-120-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-121-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-122-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-123-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-124-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-125-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-126-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-127-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-128-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-129-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-130-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-131-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-132-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-133-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-134-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-135-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-136-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-137-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-139-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-138-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-140-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-143-0x0000000000766000-0x0000000000777000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2744-142-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-144-0x00000000001D0000-0x00000000001D9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2744-141-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-145-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-146-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-147-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-148-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2744-154-0x0000000000766000-0x0000000000777000-memory.dmp

          Filesize

          68KB

          Download

        • memory/5052-149-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/5052-151-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-152-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-153-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-155-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-156-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-157-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-158-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-160-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/5052-161-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-162-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-159-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-163-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-164-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-165-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-166-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-167-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-168-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-169-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-170-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-171-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-172-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-173-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-174-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-175-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-176-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-177-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-178-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-179-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-180-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-181-0x0000000077660000-0x00000000777EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5052-182-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download