Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/09/2022, 13:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c38db571f68ad5e579b6638f344da22b733eafaca91d82f88bfd4545cab2204.exe

  • Size

    291KB

  • MD5

    2858c95b4eda85dd9b715caa11325486

  • SHA1

    9e6c401da9cfbd632fcb234c5d2b8075bba32fa6

  • SHA256

    3c38db571f68ad5e579b6638f344da22b733eafaca91d82f88bfd4545cab2204

  • SHA512

    b7a7691d44fdd4eb655180666fb931da55ee2cebfb1543b191ddce2512d1d3f75b17f266ee5432037c02074091ed9e1af9b00ef0b32deaa24a254f5ff08b5ba0

  • SSDEEP

    6144:AI2YdHLLr7xi9tHmugciU6ah00tQ+4nigabwVf:AST7xUtZsz0aFi

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 7 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c38db571f68ad5e579b6638f344da22b733eafaca91d82f88bfd4545cab2204.exe
    "C:\Users\Admin\AppData\Local\Temp\3c38db571f68ad5e579b6638f344da22b733eafaca91d82f88bfd4545cab2204.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Users\Admin\AppData\Local\Temp\3c38db571f68ad5e579b6638f344da22b733eafaca91d82f88bfd4545cab2204.exe
      "C:\Users\Admin\AppData\Local\Temp\3c38db571f68ad5e579b6638f344da22b733eafaca91d82f88bfd4545cab2204.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4544
  • C:\Users\Admin\AppData\Roaming\fhatwag
    C:\Users\Admin\AppData\Roaming\fhatwag
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4872
    • C:\Users\Admin\AppData\Roaming\fhatwag
      C:\Users\Admin\AppData\Roaming\fhatwag
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:956

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\fhatwag
    Filesize

    291KB

    MD5

    2858c95b4eda85dd9b715caa11325486

    SHA1

    9e6c401da9cfbd632fcb234c5d2b8075bba32fa6

    SHA256

    3c38db571f68ad5e579b6638f344da22b733eafaca91d82f88bfd4545cab2204

    SHA512

    b7a7691d44fdd4eb655180666fb931da55ee2cebfb1543b191ddce2512d1d3f75b17f266ee5432037c02074091ed9e1af9b00ef0b32deaa24a254f5ff08b5ba0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\fhatwag
    Filesize

    291KB

    MD5

    2858c95b4eda85dd9b715caa11325486

    SHA1

    9e6c401da9cfbd632fcb234c5d2b8075bba32fa6

    SHA256

    3c38db571f68ad5e579b6638f344da22b733eafaca91d82f88bfd4545cab2204

    SHA512

    b7a7691d44fdd4eb655180666fb931da55ee2cebfb1543b191ddce2512d1d3f75b17f266ee5432037c02074091ed9e1af9b00ef0b32deaa24a254f5ff08b5ba0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\fhatwag
    Filesize

    291KB

    MD5

    2858c95b4eda85dd9b715caa11325486

    SHA1

    9e6c401da9cfbd632fcb234c5d2b8075bba32fa6

    SHA256

    3c38db571f68ad5e579b6638f344da22b733eafaca91d82f88bfd4545cab2204

    SHA512

    b7a7691d44fdd4eb655180666fb931da55ee2cebfb1543b191ddce2512d1d3f75b17f266ee5432037c02074091ed9e1af9b00ef0b32deaa24a254f5ff08b5ba0

    Download Submit

  • memory/956-240-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2688-127-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-131-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-118-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-119-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-120-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-121-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-122-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-123-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-124-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-125-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-126-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-116-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-128-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-129-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-130-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-117-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-132-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-133-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-134-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-135-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-136-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-137-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-138-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-139-0x0000000000728000-0x0000000000738000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-140-0x0000000000570000-0x0000000000579000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2688-141-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-142-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-143-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2688-149-0x0000000000728000-0x0000000000738000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-115-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-148-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-167-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-147-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-144-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4544-150-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-151-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-152-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-153-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-154-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-155-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-158-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4544-156-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-159-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-157-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-160-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-161-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-162-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-164-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-163-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-165-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-166-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-146-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-168-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-169-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-170-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-171-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-172-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-173-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-174-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-175-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-176-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4544-177-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4872-180-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-181-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-182-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-183-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-184-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-185-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-215-0x0000000000747000-0x0000000000758000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4872-179-0x00000000774C0000-0x000000007764E000-memory.dmp

    Filesize

    1.6MB

    Download