Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2022, 09:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24219cefc4c4ef9c8ab106a5e0c34939ad3aeeb02266a3210396d3cde3ee77c5.exe

  • Size

    147KB

  • MD5

    4a550b330463ef0bbf1c89b3d920bc8b

  • SHA1

    5024720813bdb71b2bc69d676ae4453eb08d3a37

  • SHA256

    24219cefc4c4ef9c8ab106a5e0c34939ad3aeeb02266a3210396d3cde3ee77c5

  • SHA512

    06ba1503bf73e3674afdfab9b612fbee6f5188675e622b68203a9f317089bcc9c6fa78d21ade9098dc7bd90cb9688ce5b3c7ad60b6c65540af6be9519f20ec9f

  • SSDEEP

    3072:MuxpJhF5l7yhHIYhGM5GzArbRRmZqDs6bBJNmpIn:V9WhIdzUlQZgm

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24219cefc4c4ef9c8ab106a5e0c34939ad3aeeb02266a3210396d3cde3ee77c5.exe
    "C:\Users\Admin\AppData\Local\Temp\24219cefc4c4ef9c8ab106a5e0c34939ad3aeeb02266a3210396d3cde3ee77c5.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3996
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:4412
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:4592
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:2460
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:2568
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:5088
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:2244
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:1188
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:3872
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:3340

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • memory/1188-170-0x0000000000E00000-0x0000000000E06000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/1188-157-0x0000000000BF0000-0x0000000000BFB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/1188-156-0x0000000000E00000-0x0000000000E06000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/2244-154-0x0000000000C00000-0x0000000000C09000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/2244-169-0x0000000000C10000-0x0000000000C15000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/2244-153-0x0000000000C10000-0x0000000000C15000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/2460-166-0x00000000003F0000-0x00000000003F5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/2460-144-0x00000000003F0000-0x00000000003F5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/2460-145-0x00000000003E0000-0x00000000003E9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/2568-148-0x00000000001E0000-0x00000000001EC000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/2568-167-0x00000000001F0000-0x00000000001F6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/2568-147-0x00000000001F0000-0x00000000001F6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/3340-162-0x00000000009E0000-0x00000000009E8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/3340-172-0x00000000009E0000-0x00000000009E8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/3340-163-0x00000000009D0000-0x00000000009DB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/3872-171-0x0000000000770000-0x0000000000777000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/3872-160-0x0000000000760000-0x000000000076D000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/3872-159-0x0000000000770000-0x0000000000777000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/3996-135-0x0000000000608000-0x0000000000619000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/3996-136-0x0000000000400000-0x000000000057F000-memory.dmp

                      Filesize

                      1.5MB

                      Download

                    • memory/3996-133-0x00000000005C0000-0x00000000005C9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3996-132-0x0000000000608000-0x0000000000619000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/3996-134-0x0000000000400000-0x000000000057F000-memory.dmp

                      Filesize

                      1.5MB

                      Download

                    • memory/4412-139-0x00000000009D0000-0x00000000009D7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4412-140-0x00000000009C0000-0x00000000009CB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4412-164-0x00000000009D0000-0x00000000009D7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4592-141-0x0000000000B50000-0x0000000000B59000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4592-165-0x0000000000B50000-0x0000000000B59000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4592-142-0x0000000000B40000-0x0000000000B4F000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/5088-168-0x0000000000E00000-0x0000000000E22000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/5088-151-0x0000000000BB0000-0x0000000000BD7000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/5088-150-0x0000000000E00000-0x0000000000E22000-memory.dmp

                      Filesize

                      136KB

                      Download