Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    163s
  • max time network
    167s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/10/2022, 01:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ebe3afae5c1cad7421b5194ba49038a3f4f828f18764ecfd8137b78d57117d3f.exe

  • Size

    132KB

  • MD5

    5dc8fe5973f9663633518fd850a996c1

  • SHA1

    24c87757f1cc96c2f790946bf0348d81fd389ff4

  • SHA256

    ebe3afae5c1cad7421b5194ba49038a3f4f828f18764ecfd8137b78d57117d3f

  • SHA512

    3a2dc406c3ae7874d668207d0083deea467674d929a09f575c24ed88507ebcdcc61a58a595591ed8f5e92862a4b57ded623789860296d80e9cf225ef24982335

  • SSDEEP

    1536:HvEgLDfcMJTDORPlRor+w0/Hx7BSk5UdUtMsPOJOwy/st+hfBWGQHHwhZp:HvZntDORNRs0pRaUJ6hXtEf7sHwh

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 7 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebe3afae5c1cad7421b5194ba49038a3f4f828f18764ecfd8137b78d57117d3f.exe
    "C:\Users\Admin\AppData\Local\Temp\ebe3afae5c1cad7421b5194ba49038a3f4f828f18764ecfd8137b78d57117d3f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Users\Admin\AppData\Local\Temp\ebe3afae5c1cad7421b5194ba49038a3f4f828f18764ecfd8137b78d57117d3f.exe
      "C:\Users\Admin\AppData\Local\Temp\ebe3afae5c1cad7421b5194ba49038a3f4f828f18764ecfd8137b78d57117d3f.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:5100
  • C:\Users\Admin\AppData\Roaming\hidgrei
    C:\Users\Admin\AppData\Roaming\hidgrei
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4580
    • C:\Users\Admin\AppData\Roaming\hidgrei
      C:\Users\Admin\AppData\Roaming\hidgrei
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:1112

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\hidgrei
          Filesize

          132KB

          MD5

          5dc8fe5973f9663633518fd850a996c1

          SHA1

          24c87757f1cc96c2f790946bf0348d81fd389ff4

          SHA256

          ebe3afae5c1cad7421b5194ba49038a3f4f828f18764ecfd8137b78d57117d3f

          SHA512

          3a2dc406c3ae7874d668207d0083deea467674d929a09f575c24ed88507ebcdcc61a58a595591ed8f5e92862a4b57ded623789860296d80e9cf225ef24982335

          Download Submit

        • C:\Users\Admin\AppData\Roaming\hidgrei
          Filesize

          132KB

          MD5

          5dc8fe5973f9663633518fd850a996c1

          SHA1

          24c87757f1cc96c2f790946bf0348d81fd389ff4

          SHA256

          ebe3afae5c1cad7421b5194ba49038a3f4f828f18764ecfd8137b78d57117d3f

          SHA512

          3a2dc406c3ae7874d668207d0083deea467674d929a09f575c24ed88507ebcdcc61a58a595591ed8f5e92862a4b57ded623789860296d80e9cf225ef24982335

          Download Submit

        • C:\Users\Admin\AppData\Roaming\hidgrei
          Filesize

          132KB

          MD5

          5dc8fe5973f9663633518fd850a996c1

          SHA1

          24c87757f1cc96c2f790946bf0348d81fd389ff4

          SHA256

          ebe3afae5c1cad7421b5194ba49038a3f4f828f18764ecfd8137b78d57117d3f

          SHA512

          3a2dc406c3ae7874d668207d0083deea467674d929a09f575c24ed88507ebcdcc61a58a595591ed8f5e92862a4b57ded623789860296d80e9cf225ef24982335

          Download Submit

        • memory/1112-247-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1632-139-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-143-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-126-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-127-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-128-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-129-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-130-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-131-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-132-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-133-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-134-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-135-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-136-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-137-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-138-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-120-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-140-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-141-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-142-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-125-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-144-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-145-0x00000000007DA000-0x00000000007EB000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1632-146-0x00000000007B0000-0x00000000007B9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1632-147-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-148-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-149-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-155-0x00000000007DA000-0x00000000007EB000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1632-121-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-122-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-123-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1632-124-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4580-222-0x0000000000779000-0x0000000000789000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4580-187-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4580-186-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4580-185-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4580-188-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4580-190-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4580-189-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-153-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-161-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-162-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-160-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-163-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-164-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-166-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-165-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/5100-167-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-168-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-169-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-170-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-171-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-172-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-173-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-174-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-175-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-176-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-177-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-178-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-179-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-159-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-158-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-157-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-156-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-154-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-152-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-150-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/5100-180-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-181-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-182-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5100-183-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download