Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/10/2022, 23:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    08c809ed20f14ce51e1b00217f3cc24d876942f40e34c679cd0e6da55dacb52a.exe

  • Size

    265KB

  • MD5

    1cb4d0e451b51966afbebd0fa56d3c57

  • SHA1

    499f395fefc03db77e4028982fdad0299ede7d0e

  • SHA256

    08c809ed20f14ce51e1b00217f3cc24d876942f40e34c679cd0e6da55dacb52a

  • SHA512

    626c7a40ca42869d4a02614f54eda7db882c7a1661883cdc73bbe99417e15b8ffe03a4af1d665a279a2a8ac0e4d2387692f05f30ad8208b40afc40f17af0b4a3

  • SSDEEP

    3072:TXhuDKXNLQwKL5AFdSU5ELay+vXmgYmS/3ETRuAS1WVb4Wrxpzbgqru9eLxrhpZO:L8mLaAFuDxQS/30a1c4uzbgwusllwVf

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 7 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08c809ed20f14ce51e1b00217f3cc24d876942f40e34c679cd0e6da55dacb52a.exe
    "C:\Users\Admin\AppData\Local\Temp\08c809ed20f14ce51e1b00217f3cc24d876942f40e34c679cd0e6da55dacb52a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Users\Admin\AppData\Local\Temp\08c809ed20f14ce51e1b00217f3cc24d876942f40e34c679cd0e6da55dacb52a.exe
      "C:\Users\Admin\AppData\Local\Temp\08c809ed20f14ce51e1b00217f3cc24d876942f40e34c679cd0e6da55dacb52a.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4992
  • C:\Users\Admin\AppData\Roaming\csugrww
    C:\Users\Admin\AppData\Roaming\csugrww
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5108
    • C:\Users\Admin\AppData\Roaming\csugrww
      C:\Users\Admin\AppData\Roaming\csugrww
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:2852

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\csugrww
          Filesize

          265KB

          MD5

          1cb4d0e451b51966afbebd0fa56d3c57

          SHA1

          499f395fefc03db77e4028982fdad0299ede7d0e

          SHA256

          08c809ed20f14ce51e1b00217f3cc24d876942f40e34c679cd0e6da55dacb52a

          SHA512

          626c7a40ca42869d4a02614f54eda7db882c7a1661883cdc73bbe99417e15b8ffe03a4af1d665a279a2a8ac0e4d2387692f05f30ad8208b40afc40f17af0b4a3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\csugrww
          Filesize

          265KB

          MD5

          1cb4d0e451b51966afbebd0fa56d3c57

          SHA1

          499f395fefc03db77e4028982fdad0299ede7d0e

          SHA256

          08c809ed20f14ce51e1b00217f3cc24d876942f40e34c679cd0e6da55dacb52a

          SHA512

          626c7a40ca42869d4a02614f54eda7db882c7a1661883cdc73bbe99417e15b8ffe03a4af1d665a279a2a8ac0e4d2387692f05f30ad8208b40afc40f17af0b4a3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\csugrww
          Filesize

          265KB

          MD5

          1cb4d0e451b51966afbebd0fa56d3c57

          SHA1

          499f395fefc03db77e4028982fdad0299ede7d0e

          SHA256

          08c809ed20f14ce51e1b00217f3cc24d876942f40e34c679cd0e6da55dacb52a

          SHA512

          626c7a40ca42869d4a02614f54eda7db882c7a1661883cdc73bbe99417e15b8ffe03a4af1d665a279a2a8ac0e4d2387692f05f30ad8208b40afc40f17af0b4a3

          Download Submit

        • memory/2684-115-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-116-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-117-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-118-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-119-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-120-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-121-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-122-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-123-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-125-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-126-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-127-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-128-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-129-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-130-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-131-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-132-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-133-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-134-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-135-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-136-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-124-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-138-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-139-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-140-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-141-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-142-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2684-143-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2852-241-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4992-148-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-167-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-147-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-146-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-149-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-150-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-151-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-152-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-153-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-154-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-155-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-156-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-157-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-158-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-159-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4992-160-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-161-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-163-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-164-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-165-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-166-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-168-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-169-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-162-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-170-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-171-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-172-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-174-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-173-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-175-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4992-176-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4992-144-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/5108-179-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5108-180-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5108-181-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5108-182-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5108-183-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5108-213-0x000000000064B000-0x000000000065C000-memory.dmp

          Filesize

          68KB

          Download

        • memory/5108-215-0x00000000004B0000-0x00000000004B9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/5108-178-0x0000000077C70000-0x0000000077DFE000-memory.dmp

          Filesize

          1.6MB

          Download