Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05-10-2022 23:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6cded1d1e0f9c9f8f57f0daec8c0508151dafeac29b6917ab59d384fc91b1238.exe

  • Size

    146KB

  • MD5

    9099345d937851f322483af4fda9c6e2

  • SHA1

    e594905966b8873bf212e687e3920a6468700070

  • SHA256

    6cded1d1e0f9c9f8f57f0daec8c0508151dafeac29b6917ab59d384fc91b1238

  • SHA512

    6cd286a987fa80e496f4f2ab7e2043cf52e4e4377e3de74fd7ae1095034fa599cc1af7145eb548ace1b8792eb306c020f11acfcbfee516dd1c5288062df515f2

  • SSDEEP

    3072:65p/eeHhfjBcauJeEr2vcOsuqdQguxTaIgO:Ih1t/u0E2suqCxhg

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6cded1d1e0f9c9f8f57f0daec8c0508151dafeac29b6917ab59d384fc91b1238.exe
    "C:\Users\Admin\AppData\Local\Temp\6cded1d1e0f9c9f8f57f0daec8c0508151dafeac29b6917ab59d384fc91b1238.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4372
    • C:\Users\Admin\AppData\Local\Temp\6cded1d1e0f9c9f8f57f0daec8c0508151dafeac29b6917ab59d384fc91b1238.exe
      "C:\Users\Admin\AppData\Local\Temp\6cded1d1e0f9c9f8f57f0daec8c0508151dafeac29b6917ab59d384fc91b1238.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:5048

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4372-116-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-117-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-118-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-119-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-120-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-121-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-122-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-123-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-124-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-125-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-126-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-127-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-128-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-129-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-130-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-131-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-132-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-133-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-134-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-135-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-136-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-137-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-138-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-139-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-140-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-141-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-142-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-143-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4372-144-0x00000000007DA000-0x00000000007EA000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4372-145-0x00000000022A0000-0x00000000022A9000-memory.dmp
    Filesize

    36KB

    Download
  • memory/4372-148-0x00000000007DA000-0x00000000007EA000-memory.dmp
    Filesize

    64KB

    Download
  • memory/5048-146-0x0000000000400000-0x0000000000409000-memory.dmp
    Filesize

    36KB

    Download
  • memory/5048-149-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-147-0x0000000000402DD8-mapping.dmp
    Download
  • memory/5048-150-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-151-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-152-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-153-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-154-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-155-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-156-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-157-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-158-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-159-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-160-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-161-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-162-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-164-0x0000000000400000-0x0000000000409000-memory.dmp
    Filesize

    36KB

    Download
  • memory/5048-165-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-163-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-166-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-167-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-168-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-169-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-170-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-171-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-172-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-173-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-174-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-175-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-176-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-177-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-178-0x0000000077520000-0x00000000776AE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/5048-179-0x0000000000400000-0x0000000000409000-memory.dmp
    Filesize

    36KB

    Download