Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/09/2022, 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f7ab2495325386f3535c0276c6211485d6359abb0971e63e17c62d9a21a385c.exe

  • Size

    271KB

  • MD5

    f7643597105d906ca1ce53c17522e90b

  • SHA1

    20bbd3fa0f1fed5427c6b4af0f15b8a6970be7d0

  • SHA256

    8f7ab2495325386f3535c0276c6211485d6359abb0971e63e17c62d9a21a385c

  • SHA512

    30c302452e84a9f378aeac53f7a5d580c9ad1611875fe2846d35ef19a9885d4bfbec6adfb1df5487a5c51c1859617a9911fdd3101aba939b6b2a0d9366682219

  • SSDEEP

    6144:XSf+YnC4vMN5FE+u3ONErX8KdwG0iga3wVfg:XcBMN5FE+AOir9xp

Score
10/10
danabotredlinesmokeloaderinsmixbackdoorbankerinfostealertrojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443
Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Extracted

Family

redline

Botnet

insmix

C2

jamesmillion2.xyz:9420

Attributes
  • auth_value

    f388a05524f756108c9e4b0f4c4bafb6

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Detects Smokeloader packer 1 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f7ab2495325386f3535c0276c6211485d6359abb0971e63e17c62d9a21a385c.exe
    "C:\Users\Admin\AppData\Local\Temp\8f7ab2495325386f3535c0276c6211485d6359abb0971e63e17c62d9a21a385c.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2696
  • C:\Users\Admin\AppData\Local\Temp\AED.exe
    C:\Users\Admin\AppData\Local\Temp\AED.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\SysWOW64\appidtel.exe
      C:\Windows\system32\appidtel.exe
      2⤵
        PID:3704
      • C:\Windows\syswow64\rundll32.exe
        "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
        2⤵
          PID:4588
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 608
          2⤵
          • Program crash
          PID:4580
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 640
          2⤵
          • Program crash
          PID:4832
      • C:\Users\Admin\AppData\Local\Temp\7B0D.exe
        C:\Users\Admin\AppData\Local\Temp\7B0D.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2212

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\7B0D.exe
        Filesize

        304KB

        MD5

        15f1517f0ceaaf9b6c78cf7625510c07

        SHA1

        8aabce20aff43476586a1b69b0b761a7f39d1e7e

        SHA256

        d0d47dec11c63b6fa1a2dcac89e5a7352220e371b728781de041bf42fa8965fb

        SHA512

        931a79a6e0d38c9b59b03a68d31e3c8fdb2b51e5eeed1df45790eba38f516f767ed67d9edd10bef16d169dc253c81ba6afb5d52738761cc2fa84f601f86b3516

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\7B0D.exe
        Filesize

        304KB

        MD5

        15f1517f0ceaaf9b6c78cf7625510c07

        SHA1

        8aabce20aff43476586a1b69b0b761a7f39d1e7e

        SHA256

        d0d47dec11c63b6fa1a2dcac89e5a7352220e371b728781de041bf42fa8965fb

        SHA512

        931a79a6e0d38c9b59b03a68d31e3c8fdb2b51e5eeed1df45790eba38f516f767ed67d9edd10bef16d169dc253c81ba6afb5d52738761cc2fa84f601f86b3516

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\AED.exe
        Filesize

        1.4MB

        MD5

        a7ed15ca1f03b199acb37a88b5f50b7a

        SHA1

        e5b3ce0f08dcf2b8f21e26f45daa0d08520fa26f

        SHA256

        9065017279b6bfecd76793ee8bbc3aead2a0e86d1da218f9be319ccc48522ac5

        SHA512

        fb7b68df93edb3b44fefa0461382ad01f42d1d666ad926e454a0e3e78d852b71c375023ef5bde9067311deb58cf214b5a42ab235db3e5b60e649089daf3895c1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\AED.exe
        Filesize

        1.4MB

        MD5

        a7ed15ca1f03b199acb37a88b5f50b7a

        SHA1

        e5b3ce0f08dcf2b8f21e26f45daa0d08520fa26f

        SHA256

        9065017279b6bfecd76793ee8bbc3aead2a0e86d1da218f9be319ccc48522ac5

        SHA512

        fb7b68df93edb3b44fefa0461382ad01f42d1d666ad926e454a0e3e78d852b71c375023ef5bde9067311deb58cf214b5a42ab235db3e5b60e649089daf3895c1

        Download Submit

      • memory/1952-190-0x0000000000A40000-0x0000000000B6F000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/1952-161-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-312-0x0000000000400000-0x00000000006E8000-memory.dmp

        Filesize

        2.9MB

        Download

      • memory/1952-297-0x0000000000400000-0x00000000006E8000-memory.dmp

        Filesize

        2.9MB

        Download

      • memory/1952-174-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-173-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-172-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-175-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-179-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-176-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-168-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-177-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-165-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-164-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-163-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-162-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-171-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-160-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-205-0x0000000000400000-0x00000000006E8000-memory.dmp

        Filesize

        2.9MB

        Download

      • memory/1952-193-0x0000000000400000-0x00000000006E8000-memory.dmp

        Filesize

        2.9MB

        Download

      • memory/1952-192-0x0000000002510000-0x00000000027EB000-memory.dmp

        Filesize

        2.9MB

        Download

      • memory/1952-189-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-188-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-187-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-186-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-185-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-169-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-184-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-183-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-182-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-180-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-181-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-170-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-178-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1952-159-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2212-260-0x0000000002590000-0x00000000025BE000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2212-294-0x0000000000630000-0x000000000077A000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/2212-245-0x0000000000630000-0x000000000077A000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/2212-247-0x0000000000400000-0x00000000005A5000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2212-253-0x0000000002490000-0x00000000024C0000-memory.dmp

        Filesize

        192KB

        Download

      • memory/2212-258-0x0000000004E30000-0x000000000532E000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/2212-272-0x0000000004D30000-0x0000000004D42000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2212-244-0x0000000000630000-0x000000000077A000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/2212-273-0x0000000005940000-0x0000000005A4A000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2212-276-0x0000000004D70000-0x0000000004DAE000-memory.dmp

        Filesize

        248KB

        Download

      • memory/2212-284-0x0000000005B50000-0x0000000005B9B000-memory.dmp

        Filesize

        300KB

        Download

      • memory/2212-271-0x0000000005330000-0x0000000005936000-memory.dmp

        Filesize

        6.0MB

        Download

      • memory/2212-295-0x0000000000630000-0x000000000077A000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/2696-148-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-137-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-122-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-123-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-156-0x0000000000400000-0x0000000000449000-memory.dmp

        Filesize

        292KB

        Download

      • memory/2696-155-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-154-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-153-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-152-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-151-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-147-0x00000000004A0000-0x00000000004A9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/2696-149-0x0000000000400000-0x0000000000449000-memory.dmp

        Filesize

        292KB

        Download

      • memory/2696-124-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-146-0x00000000004C0000-0x000000000060A000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/2696-145-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-119-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-125-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-144-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-127-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-128-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-143-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-142-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-121-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-141-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-120-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-140-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-139-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-138-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-150-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-136-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-135-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-134-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-133-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-132-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-131-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-130-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-129-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3704-195-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3704-194-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download