Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    160s
  • max time network
    173s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/10/2022, 13:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d0ed763ee108686d8b358f89a65c45ee932755a3b2ceabb55282e2618e90aba2.exe

  • Size

    133KB

  • MD5

    e874a1fe90698daeb8d0faa9d3b92027

  • SHA1

    aa6ce148e834043cf6d2bed8e4e1bfc7e7e8a01c

  • SHA256

    d0ed763ee108686d8b358f89a65c45ee932755a3b2ceabb55282e2618e90aba2

  • SHA512

    fabbd04a0b85831fa5ed7ff00a30cec4c7b6735e166a8fdc6f81ed3299ee5bfcf51b0efe9e517b296e45ee119c7b7c241a0a9f962631f9a19a4bfdf5e8fdece5

  • SSDEEP

    3072:IHzVnRR7Zh7zeOe8uH/096mxoJQEXnLBS:u7DzeKuH89XQB3LB

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0ed763ee108686d8b358f89a65c45ee932755a3b2ceabb55282e2618e90aba2.exe
    "C:\Users\Admin\AppData\Local\Temp\d0ed763ee108686d8b358f89a65c45ee932755a3b2ceabb55282e2618e90aba2.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4056

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4056-118-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-119-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-120-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-121-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-122-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-123-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-124-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-125-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-126-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-127-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-128-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-129-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-130-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-131-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-132-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-133-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-134-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-135-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-136-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-137-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-138-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-139-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-140-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-141-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-142-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-143-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-144-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-145-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-146-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-149-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-148-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-147-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-150-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-151-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-154-0x0000000000400000-0x000000000057E000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4056-153-0x00000000006E0000-0x00000000006E9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4056-152-0x000000000081A000-0x000000000082A000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-155-0x0000000000400000-0x000000000057E000-memory.dmp

    Filesize

    1.5MB

    Download