Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    67s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21/09/2022, 06:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96.exe

  • Size

    148KB

  • MD5

    32d71a468281fa6a54aba0344a65bb5b

  • SHA1

    f8a61d1cb293ba8a438c1d74afb3cabbe7f49b68

  • SHA256

    f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96

  • SHA512

    8cb2a11b3a00ea20a701323acc3cb5d1d01b42f27c12c13701454ceea978052dedf60d2602b4b5a6578940914d6d3161bab55ed6740acd8cf70a5e4315042172

  • SSDEEP

    3072:Fyxr5cpuNJcCxh9rqcZ0OHzZBgT8iL2In:rAJcCNrqAoTHL

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 8 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96.exe
    "C:\Users\Admin\AppData\Local\Temp\f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Users\Admin\AppData\Local\Temp\f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96.exe
      "C:\Users\Admin\AppData\Local\Temp\f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4728
  • C:\Users\Admin\AppData\Roaming\scwbhia
    C:\Users\Admin\AppData\Roaming\scwbhia
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1176
    • C:\Users\Admin\AppData\Roaming\scwbhia
      C:\Users\Admin\AppData\Roaming\scwbhia
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:4828

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\scwbhia
    Filesize

    148KB

    MD5

    32d71a468281fa6a54aba0344a65bb5b

    SHA1

    f8a61d1cb293ba8a438c1d74afb3cabbe7f49b68

    SHA256

    f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96

    SHA512

    8cb2a11b3a00ea20a701323acc3cb5d1d01b42f27c12c13701454ceea978052dedf60d2602b4b5a6578940914d6d3161bab55ed6740acd8cf70a5e4315042172

    Download Submit

  • C:\Users\Admin\AppData\Roaming\scwbhia
    Filesize

    148KB

    MD5

    32d71a468281fa6a54aba0344a65bb5b

    SHA1

    f8a61d1cb293ba8a438c1d74afb3cabbe7f49b68

    SHA256

    f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96

    SHA512

    8cb2a11b3a00ea20a701323acc3cb5d1d01b42f27c12c13701454ceea978052dedf60d2602b4b5a6578940914d6d3161bab55ed6740acd8cf70a5e4315042172

    Download Submit

  • C:\Users\Admin\AppData\Roaming\scwbhia
    Filesize

    148KB

    MD5

    32d71a468281fa6a54aba0344a65bb5b

    SHA1

    f8a61d1cb293ba8a438c1d74afb3cabbe7f49b68

    SHA256

    f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96

    SHA512

    8cb2a11b3a00ea20a701323acc3cb5d1d01b42f27c12c13701454ceea978052dedf60d2602b4b5a6578940914d6d3161bab55ed6740acd8cf70a5e4315042172

    Download Submit

  • memory/1176-188-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1176-184-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1176-185-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1176-186-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1176-187-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1176-189-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1176-190-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1176-222-0x00000000001D0000-0x00000000001D9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2660-136-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-142-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-128-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-129-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-130-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-131-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-132-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-133-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-134-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-126-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-137-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-138-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-139-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-140-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-141-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-127-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-143-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-145-0x00000000005D0000-0x000000000067E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/2660-144-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-146-0x00000000005D0000-0x000000000067E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/2660-147-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-148-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-149-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-125-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-124-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-123-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-122-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-121-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2660-120-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-155-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-173-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-158-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-159-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-160-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-162-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-161-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-164-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-163-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4728-165-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-166-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-167-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-168-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-169-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-170-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-171-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-172-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-157-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-174-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-175-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-176-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-177-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-154-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-156-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-153-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-178-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-179-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-180-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-181-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4728-182-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4728-150-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4728-152-0x00000000773D0000-0x000000007755E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4828-246-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4828-247-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download