Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    176s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/09/2022, 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffdbc622f7d18e41b2865d08163d93331eaee12c52d5cef4efb3897dc23ffa32.exe

  • Size

    146KB

  • MD5

    779edc74c2d8626172496c85b05c47d9

  • SHA1

    1b87f878cf74a13aba1017e3fdccf98b6a72b687

  • SHA256

    ffdbc622f7d18e41b2865d08163d93331eaee12c52d5cef4efb3897dc23ffa32

  • SHA512

    4f8160dc3d807f60d03058d20a41fcb4772789a828a474a152b1514931704ab28cafec7e2591c8a9708b535ec543c1cfcce70d7b73ca1abe9ab4e54a69ff09ed

  • SSDEEP

    3072:zD3kiLsz5Yb3utwYLv8P3xeyVs3fQZiBDMpLx:FLs63uqYs+vK2

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 7 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffdbc622f7d18e41b2865d08163d93331eaee12c52d5cef4efb3897dc23ffa32.exe
    "C:\Users\Admin\AppData\Local\Temp\ffdbc622f7d18e41b2865d08163d93331eaee12c52d5cef4efb3897dc23ffa32.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Users\Admin\AppData\Local\Temp\ffdbc622f7d18e41b2865d08163d93331eaee12c52d5cef4efb3897dc23ffa32.exe
      "C:\Users\Admin\AppData\Local\Temp\ffdbc622f7d18e41b2865d08163d93331eaee12c52d5cef4efb3897dc23ffa32.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:3772
  • C:\Users\Admin\AppData\Roaming\wvfdaiw
    C:\Users\Admin\AppData\Roaming\wvfdaiw
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4220
    • C:\Users\Admin\AppData\Roaming\wvfdaiw
      C:\Users\Admin\AppData\Roaming\wvfdaiw
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:2712

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\wvfdaiw
    Filesize

    146KB

    MD5

    779edc74c2d8626172496c85b05c47d9

    SHA1

    1b87f878cf74a13aba1017e3fdccf98b6a72b687

    SHA256

    ffdbc622f7d18e41b2865d08163d93331eaee12c52d5cef4efb3897dc23ffa32

    SHA512

    4f8160dc3d807f60d03058d20a41fcb4772789a828a474a152b1514931704ab28cafec7e2591c8a9708b535ec543c1cfcce70d7b73ca1abe9ab4e54a69ff09ed

    Download Submit

  • C:\Users\Admin\AppData\Roaming\wvfdaiw
    Filesize

    146KB

    MD5

    779edc74c2d8626172496c85b05c47d9

    SHA1

    1b87f878cf74a13aba1017e3fdccf98b6a72b687

    SHA256

    ffdbc622f7d18e41b2865d08163d93331eaee12c52d5cef4efb3897dc23ffa32

    SHA512

    4f8160dc3d807f60d03058d20a41fcb4772789a828a474a152b1514931704ab28cafec7e2591c8a9708b535ec543c1cfcce70d7b73ca1abe9ab4e54a69ff09ed

    Download Submit

  • C:\Users\Admin\AppData\Roaming\wvfdaiw
    Filesize

    146KB

    MD5

    779edc74c2d8626172496c85b05c47d9

    SHA1

    1b87f878cf74a13aba1017e3fdccf98b6a72b687

    SHA256

    ffdbc622f7d18e41b2865d08163d93331eaee12c52d5cef4efb3897dc23ffa32

    SHA512

    4f8160dc3d807f60d03058d20a41fcb4772789a828a474a152b1514931704ab28cafec7e2591c8a9708b535ec543c1cfcce70d7b73ca1abe9ab4e54a69ff09ed

    Download Submit

  • memory/1744-116-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-117-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-118-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-119-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-120-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-121-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-122-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-123-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-124-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-125-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-126-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-127-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-128-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-129-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-130-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-132-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-133-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-134-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-136-0x0000000000710000-0x0000000000719000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1744-135-0x0000000000580000-0x000000000062E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/1744-137-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-138-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-139-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-140-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-141-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-142-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-143-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-144-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1744-145-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2712-241-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3772-148-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-166-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-146-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3772-149-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-150-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-151-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-152-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-154-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-153-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-155-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-156-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-157-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-158-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-159-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-160-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-161-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3772-162-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-163-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-164-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-165-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-167-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-168-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-169-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-170-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-171-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-172-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-173-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-174-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-175-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-176-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-177-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3772-178-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4220-180-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4220-181-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4220-182-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4220-183-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4220-184-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4220-185-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4220-186-0x00000000770F0000-0x000000007727E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4220-216-0x0000000000916000-0x0000000000926000-memory.dmp

    Filesize

    64KB

    Download