Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    64s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16-09-2022 13:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2373be5062b13474f20bfde76ec2066480254ac28611bf4745ae0baa76dfdf1.exe

  • Size

    301KB

  • MD5

    9c63eb402b40d9df82920de517a1dbf5

  • SHA1

    49a120eb17407e4b5763131c252d26b86bd4ce0b

  • SHA256

    d2373be5062b13474f20bfde76ec2066480254ac28611bf4745ae0baa76dfdf1

  • SHA512

    e03b301c17660b45c0b9c2d624b168595239ede08d9d07e9945eb0306bfd6e847e57e79ea64c92db39f2b2c8d2905c59b4d3f1b5d7e1b21fd5fd22679d508e68

  • SSDEEP

    3072:DVXokmOz7e9eXw2CzRTaCMbGTqixD+GjjE0K8jqGnH8FXM/h3BsxkgaBChU/pZaN:Nosjgdek+GjjE0Tp8FXnigabwVf

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 8 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2373be5062b13474f20bfde76ec2066480254ac28611bf4745ae0baa76dfdf1.exe
    "C:\Users\Admin\AppData\Local\Temp\d2373be5062b13474f20bfde76ec2066480254ac28611bf4745ae0baa76dfdf1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Users\Admin\AppData\Local\Temp\d2373be5062b13474f20bfde76ec2066480254ac28611bf4745ae0baa76dfdf1.exe
      "C:\Users\Admin\AppData\Local\Temp\d2373be5062b13474f20bfde76ec2066480254ac28611bf4745ae0baa76dfdf1.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4880
  • C:\Users\Admin\AppData\Roaming\javbrtw
    C:\Users\Admin\AppData\Roaming\javbrtw
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\Users\Admin\AppData\Roaming\javbrtw
      C:\Users\Admin\AppData\Roaming\javbrtw
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:2852

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\javbrtw
    Filesize

    301KB

    MD5

    9c63eb402b40d9df82920de517a1dbf5

    SHA1

    49a120eb17407e4b5763131c252d26b86bd4ce0b

    SHA256

    d2373be5062b13474f20bfde76ec2066480254ac28611bf4745ae0baa76dfdf1

    SHA512

    e03b301c17660b45c0b9c2d624b168595239ede08d9d07e9945eb0306bfd6e847e57e79ea64c92db39f2b2c8d2905c59b4d3f1b5d7e1b21fd5fd22679d508e68

    Download Submit

  • C:\Users\Admin\AppData\Roaming\javbrtw
    Filesize

    301KB

    MD5

    9c63eb402b40d9df82920de517a1dbf5

    SHA1

    49a120eb17407e4b5763131c252d26b86bd4ce0b

    SHA256

    d2373be5062b13474f20bfde76ec2066480254ac28611bf4745ae0baa76dfdf1

    SHA512

    e03b301c17660b45c0b9c2d624b168595239ede08d9d07e9945eb0306bfd6e847e57e79ea64c92db39f2b2c8d2905c59b4d3f1b5d7e1b21fd5fd22679d508e68

    Download Submit

  • C:\Users\Admin\AppData\Roaming\javbrtw
    Filesize

    301KB

    MD5

    9c63eb402b40d9df82920de517a1dbf5

    SHA1

    49a120eb17407e4b5763131c252d26b86bd4ce0b

    SHA256

    d2373be5062b13474f20bfde76ec2066480254ac28611bf4745ae0baa76dfdf1

    SHA512

    e03b301c17660b45c0b9c2d624b168595239ede08d9d07e9945eb0306bfd6e847e57e79ea64c92db39f2b2c8d2905c59b4d3f1b5d7e1b21fd5fd22679d508e68

    Download Submit

  • memory/2108-216-0x0000000003350000-0x0000000003360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-247-0x0000000003350000-0x0000000003360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-246-0x0000000003350000-0x0000000003360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-245-0x0000000003350000-0x0000000003360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-244-0x0000000003350000-0x0000000003360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-243-0x0000000003350000-0x0000000003360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-242-0x0000000003350000-0x0000000003360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-241-0x0000000002E20000-0x0000000002E30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-240-0x0000000001570000-0x0000000001580000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-185-0x0000000001570000-0x0000000001580000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-215-0x0000000003350000-0x0000000003360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-214-0x0000000003350000-0x0000000003360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-213-0x0000000003350000-0x0000000003360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-212-0x0000000002E60000-0x0000000002E70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-211-0x0000000002E20000-0x0000000002E30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-210-0x0000000001570000-0x0000000001580000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-195-0x0000000002E20000-0x0000000002E30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-194-0x0000000002E20000-0x0000000002E30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-193-0x0000000002E20000-0x0000000002E30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-192-0x0000000002E20000-0x0000000002E30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-190-0x0000000002E20000-0x0000000002E30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2108-187-0x0000000002E20000-0x0000000002E30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2744-143-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-136-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-147-0x0000000000570000-0x0000000000579000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2744-148-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-144-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-120-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-142-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-153-0x0000000000768000-0x0000000000778000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2744-121-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-141-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-122-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-123-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-124-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-125-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-126-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-127-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-128-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-146-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-129-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-131-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-130-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-132-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-133-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-134-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-135-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-145-0x0000000000768000-0x0000000000778000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2744-137-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-138-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-139-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2744-140-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2748-283-0x00000000006A7000-0x00000000006B7000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2852-278-0x0000000000402DD8-mapping.dmp

    Download

  • memory/2852-310-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2852-311-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4880-160-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-180-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-181-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-182-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4880-179-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-178-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-177-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-176-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-175-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-174-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-173-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-172-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-171-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-170-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-169-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-168-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-167-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-166-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-165-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-164-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-163-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-162-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-161-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4880-159-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-158-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-157-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-156-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-155-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-154-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-152-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-151-0x0000000076F80000-0x000000007710E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4880-150-0x0000000000402DD8-mapping.dmp

    Download

  • memory/4880-149-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download