Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    75s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29-09-2022 09:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f28a604bee55882d1f62a99c0cbdcb58943e9e4682dd85c78f9c2256566f70f5.exe

  • Size

    292KB

  • MD5

    f0898df28bae43577f44131db4fc2eb4

  • SHA1

    3d51fde65e5ad3201bcee9f170e679b8903aea07

  • SHA256

    f28a604bee55882d1f62a99c0cbdcb58943e9e4682dd85c78f9c2256566f70f5

  • SHA512

    e2bed745bb87afb315f653161aa665f7c0871717da833f164bb72f6113a9d948fb02adb2b2c7a114cf7a5e218e818a8103a27028a4374de35d3ebcfb4277b87f

  • SSDEEP

    3072:JXhHyJTgN7umqow5V35QX6ey8zwnjz5KLhBQV3Y82F0nFV1AcoqS+0K4M/h3JpZz:thOTcqow58X6eCzk27r/1nj0RwwVfgt

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 4 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f28a604bee55882d1f62a99c0cbdcb58943e9e4682dd85c78f9c2256566f70f5.exe
    "C:\Users\Admin\AppData\Local\Temp\f28a604bee55882d1f62a99c0cbdcb58943e9e4682dd85c78f9c2256566f70f5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\f28a604bee55882d1f62a99c0cbdcb58943e9e4682dd85c78f9c2256566f70f5.exe
      "C:\Users\Admin\AppData\Local\Temp\f28a604bee55882d1f62a99c0cbdcb58943e9e4682dd85c78f9c2256566f70f5.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:3852

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2672-116-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-117-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-118-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-119-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-120-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-121-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-122-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-123-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-124-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-125-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-126-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-127-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-128-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-129-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-130-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-131-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-132-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-133-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-134-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-135-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-136-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-137-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-138-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-139-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-140-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-141-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-142-0x00000000007FC000-0x000000000080C000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2672-144-0x0000000000450000-0x000000000059A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2672-143-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-145-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-146-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2672-150-0x00000000007FC000-0x000000000080C000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3852-147-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3852-149-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-152-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-151-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-153-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-154-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-155-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-156-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-158-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-157-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-159-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-160-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-161-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-162-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-163-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-164-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-165-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-167-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-168-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-166-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-170-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3852-169-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-171-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-172-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-173-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-174-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-175-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-176-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-177-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-178-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-179-0x0000000077B40000-0x0000000077CCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3852-180-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download