Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21/09/2022, 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afa2bb3cff9920dcb6b0d92834637fba5f83d18b5dd3d1e671e27c0906ef30fb.exe

  • Size

    174KB

  • MD5

    c5eba2cf0f3c49b21c9bac7235dfc6ed

  • SHA1

    5c241e9c8fbd9947b844213e0d9104ac80f18f51

  • SHA256

    afa2bb3cff9920dcb6b0d92834637fba5f83d18b5dd3d1e671e27c0906ef30fb

  • SHA512

    2022b7a3f830c4acac2eca45d8200534a7570529dc59edfaff55314582b3742ad53d6f6fea4f5f276ce936aabfbc880c37c1998cbdfe115941feda43c03896d7

  • SSDEEP

    3072:jsOENJ5YAj+EBvEcSjZNpJPIfBW8wgi8jHiM/Pk8In:L0EYuNPHh8zi

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops startup file 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afa2bb3cff9920dcb6b0d92834637fba5f83d18b5dd3d1e671e27c0906ef30fb.exe
    "C:\Users\Admin\AppData\Local\Temp\afa2bb3cff9920dcb6b0d92834637fba5f83d18b5dd3d1e671e27c0906ef30fb.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1004
  • C:\Users\Admin\AppData\Local\Temp\EB3F.exe
    C:\Users\Admin\AppData\Local\Temp\EB3F.exe
    1⤵
    • Executes dropped EXE
    • Drops startup file
    PID:1608
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:4048
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:4320
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:4068
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:3276
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:4944
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:512
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:2092
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:2180
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:1076

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\EB3F.exe
                      Filesize

                      673KB

                      MD5

                      f5d8292d6fd8242ba4fca6e75a0bba6a

                      SHA1

                      e65340a69f4efe1968b1923d5a16b651b9521d54

                      SHA256

                      5169a264f46526a8332f6d13bfac8b7d7b5787be73401a66693213313c9af85f

                      SHA512

                      0962fd43e7eed93cf73a288340c6faa5ab4b4274cac7e86f125ed6f09d29c73043e223a311b21f09c29ea8f4bbfdf28eeeb75b08d948500aff980c2ffe5eb4a3

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\EB3F.exe
                      Filesize

                      673KB

                      MD5

                      f5d8292d6fd8242ba4fca6e75a0bba6a

                      SHA1

                      e65340a69f4efe1968b1923d5a16b651b9521d54

                      SHA256

                      5169a264f46526a8332f6d13bfac8b7d7b5787be73401a66693213313c9af85f

                      SHA512

                      0962fd43e7eed93cf73a288340c6faa5ab4b4274cac7e86f125ed6f09d29c73043e223a311b21f09c29ea8f4bbfdf28eeeb75b08d948500aff980c2ffe5eb4a3

                      Download Submit

                    • memory/512-413-0x0000000002D40000-0x0000000002D45000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/512-414-0x0000000002D30000-0x0000000002D39000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/512-539-0x0000000002D40000-0x0000000002D45000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/1004-149-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-121-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-123-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-124-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-125-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-126-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-127-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-128-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-129-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-130-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-131-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-132-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-133-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-134-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-135-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-136-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-137-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-138-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-139-0x00000000008A6000-0x00000000008B7000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/1004-140-0x0000000000800000-0x0000000000809000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/1004-141-0x0000000000400000-0x0000000000586000-memory.dmp

                      Filesize

                      1.5MB

                      Download

                    • memory/1004-142-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-143-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-144-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-145-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-146-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-147-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-148-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-116-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-150-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-122-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-151-0x00000000008A6000-0x00000000008B7000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/1004-115-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-152-0x0000000000400000-0x0000000000586000-memory.dmp

                      Filesize

                      1.5MB

                      Download

                    • memory/1004-117-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-118-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-119-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1004-120-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1076-533-0x0000000002EA0000-0x0000000002EAB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/1076-542-0x0000000002EB0000-0x0000000002EB8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/1076-532-0x0000000002EB0000-0x0000000002EB8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/1608-174-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-181-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-169-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-166-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-172-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-170-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-176-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-179-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-158-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-164-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-156-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-157-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/1608-155-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2092-540-0x0000000002EF0000-0x0000000002EF6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/2092-472-0x0000000002EE0000-0x0000000002EEB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/2092-471-0x0000000002EF0000-0x0000000002EF6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/2180-474-0x0000000000E00000-0x0000000000E07000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/2180-541-0x0000000000E00000-0x0000000000E07000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/2180-475-0x0000000000BF0000-0x0000000000BFD000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/3276-297-0x0000000000C00000-0x0000000000C06000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/3276-537-0x0000000000C00000-0x0000000000C06000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/3276-298-0x00000000009F0000-0x00000000009FC000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/4048-163-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-187-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-236-0x0000000003260000-0x0000000003267000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4048-237-0x0000000003250000-0x000000000325B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4048-167-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-165-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-171-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-160-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-185-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-182-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-178-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-161-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-535-0x0000000003260000-0x0000000003267000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4048-186-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-183-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-162-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-180-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-184-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-177-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-175-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4048-173-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4068-295-0x00000000027C0000-0x00000000027C9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4068-294-0x00000000027D0000-0x00000000027D5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4068-536-0x00000000027D0000-0x00000000027D5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4320-534-0x00000000003B0000-0x00000000003B9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4320-235-0x00000000003A0000-0x00000000003AF000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/4320-234-0x00000000003B0000-0x00000000003B9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4944-538-0x0000000002F60000-0x0000000002F82000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4944-356-0x0000000002F30000-0x0000000002F57000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/4944-355-0x0000000002F60000-0x0000000002F82000-memory.dmp

                      Filesize

                      136KB

                      Download