Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    72s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01-10-2022 12:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f93ba32f22e747dec19ebdf57fc8b1f775feca04f70a69d0660b905956b246f4.exe

  • Size

    144KB

  • MD5

    3508ff32f2a887c1e452f01d11e1646b

  • SHA1

    1b57b9527a6e7f76d4a532f98a0bf6cfa738e29f

  • SHA256

    f93ba32f22e747dec19ebdf57fc8b1f775feca04f70a69d0660b905956b246f4

  • SHA512

    0b64825535c0379179e00fe3fcb2ebb482af5fb182557aaffa4c3a1133bb7b41460a4747e6d20a757755b20f6f2c58f2c128e3d1ae00c09fa78c30c6f81bfc36

  • SSDEEP

    3072:h6rNR6+ZRRuQ4ed/ndZm0+YDVvM1jpvDhGuvF:QR6SR/y70v4pDNvF

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f93ba32f22e747dec19ebdf57fc8b1f775feca04f70a69d0660b905956b246f4.exe
    "C:\Users\Admin\AppData\Local\Temp\f93ba32f22e747dec19ebdf57fc8b1f775feca04f70a69d0660b905956b246f4.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3176
  • C:\Users\Admin\AppData\Roaming\sjestih
    C:\Users\Admin\AppData\Roaming\sjestih
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    • Suspicious behavior: MapViewOfSection
    PID:1636

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\sjestih
    Filesize

    144KB

    MD5

    3508ff32f2a887c1e452f01d11e1646b

    SHA1

    1b57b9527a6e7f76d4a532f98a0bf6cfa738e29f

    SHA256

    f93ba32f22e747dec19ebdf57fc8b1f775feca04f70a69d0660b905956b246f4

    SHA512

    0b64825535c0379179e00fe3fcb2ebb482af5fb182557aaffa4c3a1133bb7b41460a4747e6d20a757755b20f6f2c58f2c128e3d1ae00c09fa78c30c6f81bfc36

    Download Submit

  • C:\Users\Admin\AppData\Roaming\sjestih
    Filesize

    144KB

    MD5

    3508ff32f2a887c1e452f01d11e1646b

    SHA1

    1b57b9527a6e7f76d4a532f98a0bf6cfa738e29f

    SHA256

    f93ba32f22e747dec19ebdf57fc8b1f775feca04f70a69d0660b905956b246f4

    SHA512

    0b64825535c0379179e00fe3fcb2ebb482af5fb182557aaffa4c3a1133bb7b41460a4747e6d20a757755b20f6f2c58f2c128e3d1ae00c09fa78c30c6f81bfc36

    Download Submit

  • memory/1636-168-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-184-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-178-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-172-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-180-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-181-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-182-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-174-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-185-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-186-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-183-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-192-0x0000000000400000-0x0000000000580000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1636-164-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-176-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-193-0x0000000000400000-0x0000000000580000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1636-169-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-179-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-191-0x0000000000690000-0x00000000007DA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1636-166-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-175-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-173-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-171-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-170-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-167-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-165-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-163-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-161-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-160-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-159-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-158-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-157-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-156-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1636-155-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-133-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-134-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-153-0x0000000000400000-0x0000000000580000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3176-151-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-150-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-149-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-148-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-147-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-145-0x0000000000400000-0x0000000000580000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3176-146-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-141-0x0000000000580000-0x000000000062E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3176-144-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-143-0x0000000000690000-0x0000000000699000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3176-142-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-140-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-139-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-138-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-137-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-135-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-152-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-115-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-132-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-131-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-130-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-129-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-128-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-127-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-126-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-125-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-124-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-123-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-122-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-120-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-121-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-118-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-119-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-117-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3176-116-0x0000000077D30000-0x0000000077EBE000-memory.dmp

    Filesize

    1.6MB

    Download