Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    80s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05/10/2022, 00:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cc856aa9ca3f94b4445213010f46f1caf4ef4f2d63223d2514f05be2cdd452b7.exe

  • Size

    264KB

  • MD5

    215ef857fb9ffa2d691874c043bcf86d

  • SHA1

    9ab465e7be863abc423b25c62c33ec82b8db1dca

  • SHA256

    cc856aa9ca3f94b4445213010f46f1caf4ef4f2d63223d2514f05be2cdd452b7

  • SHA512

    663186c2203cfc57cf0de4dd8dca2e22224aeaaed7b2756354fa04f352491b071a3e7789d1392ea287c4d5dce56af4416046c4aa1f0da93605d70466df4bbed8

  • SSDEEP

    3072:8XhxtM0LXLHtdTMYzSU5c05OAOZFBm49gsqfWrxpzbgqruEsZWpZa9uD6VdyhkSm:42CL/MYc050Bm4GfuzbgwuEpwVf

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc856aa9ca3f94b4445213010f46f1caf4ef4f2d63223d2514f05be2cdd452b7.exe
    "C:\Users\Admin\AppData\Local\Temp\cc856aa9ca3f94b4445213010f46f1caf4ef4f2d63223d2514f05be2cdd452b7.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2680
  • C:\Users\Admin\AppData\Local\Temp\D798.exe
    C:\Users\Admin\AppData\Local\Temp\D798.exe
    1⤵
    • Executes dropped EXE
    PID:2068
  • C:\Users\Admin\AppData\Local\Temp\E0D0.exe
    C:\Users\Admin\AppData\Local\Temp\E0D0.exe
    1⤵
    • Executes dropped EXE
    PID:3560
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:1104
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:3644
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:5076
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:4044
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:4604
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:4948
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:164
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:2452
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:3856
                    • C:\Users\Admin\AppData\Roaming\jvcrsaw
                      C:\Users\Admin\AppData\Roaming\jvcrsaw
                      1⤵
                      • Executes dropped EXE
                      • Checks SCSI registry key(s)
                      • Suspicious behavior: MapViewOfSection
                      PID:5036

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\D798.exe
                      Filesize

                      315KB

                      MD5

                      02d6411763283f5cc619e5c34a8f2d6b

                      SHA1

                      c618bd0206e336c4e905cf32d1e05aa8773182df

                      SHA256

                      e9137cd3e56b2bfab60bf565ab8351c892ecb5a083865c0841090010788ba71c

                      SHA512

                      5943569e148e54967f1cb09173ab1086e6234cfa19742fe5671afe226053e750643d3ec6a384b695d24f3ebce33af01d778364fc8af75fe11ef9fd99b24ea3ff

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\D798.exe
                      Filesize

                      315KB

                      MD5

                      02d6411763283f5cc619e5c34a8f2d6b

                      SHA1

                      c618bd0206e336c4e905cf32d1e05aa8773182df

                      SHA256

                      e9137cd3e56b2bfab60bf565ab8351c892ecb5a083865c0841090010788ba71c

                      SHA512

                      5943569e148e54967f1cb09173ab1086e6234cfa19742fe5671afe226053e750643d3ec6a384b695d24f3ebce33af01d778364fc8af75fe11ef9fd99b24ea3ff

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\E0D0.exe
                      Filesize

                      363KB

                      MD5

                      b7faf4f240d48f8eabc891d7f7402739

                      SHA1

                      6bc97c56d5a05cb6255ebac9d711ae08284429ce

                      SHA256

                      5e8c3aff6ef73355cf0e754fec4ee20f25b930c5401e50e6d183b1434c5fa2c9

                      SHA512

                      9ad5a842bd379ad461265219beaa33b57df0e2488e5d73b9cf06cb016ab634b5f1ec764b146ac88ab8d8a475ae419b23f83c27ce5367dd13398ed3f67356cc5a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\E0D0.exe
                      Filesize

                      363KB

                      MD5

                      b7faf4f240d48f8eabc891d7f7402739

                      SHA1

                      6bc97c56d5a05cb6255ebac9d711ae08284429ce

                      SHA256

                      5e8c3aff6ef73355cf0e754fec4ee20f25b930c5401e50e6d183b1434c5fa2c9

                      SHA512

                      9ad5a842bd379ad461265219beaa33b57df0e2488e5d73b9cf06cb016ab634b5f1ec764b146ac88ab8d8a475ae419b23f83c27ce5367dd13398ed3f67356cc5a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\jvcrsaw
                      Filesize

                      264KB

                      MD5

                      215ef857fb9ffa2d691874c043bcf86d

                      SHA1

                      9ab465e7be863abc423b25c62c33ec82b8db1dca

                      SHA256

                      cc856aa9ca3f94b4445213010f46f1caf4ef4f2d63223d2514f05be2cdd452b7

                      SHA512

                      663186c2203cfc57cf0de4dd8dca2e22224aeaaed7b2756354fa04f352491b071a3e7789d1392ea287c4d5dce56af4416046c4aa1f0da93605d70466df4bbed8

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\jvcrsaw
                      Filesize

                      264KB

                      MD5

                      215ef857fb9ffa2d691874c043bcf86d

                      SHA1

                      9ab465e7be863abc423b25c62c33ec82b8db1dca

                      SHA256

                      cc856aa9ca3f94b4445213010f46f1caf4ef4f2d63223d2514f05be2cdd452b7

                      SHA512

                      663186c2203cfc57cf0de4dd8dca2e22224aeaaed7b2756354fa04f352491b071a3e7789d1392ea287c4d5dce56af4416046c4aa1f0da93605d70466df4bbed8

                      Download Submit

                    • memory/164-567-0x00000000030C0000-0x00000000030C6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/164-501-0x00000000030C0000-0x00000000030C6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/164-502-0x00000000030B0000-0x00000000030BB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/1104-561-0x00000000005A0000-0x00000000005A7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/1104-260-0x0000000000590000-0x000000000059B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/1104-259-0x00000000005A0000-0x00000000005A7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/2068-164-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-167-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-177-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-176-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-175-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-174-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-173-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-172-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-171-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-170-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-169-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-168-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-156-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-166-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-165-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-158-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-163-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-157-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-161-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-160-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2068-159-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2452-566-0x00000000001F0000-0x00000000001F7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/2452-500-0x00000000001E0000-0x00000000001ED000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/2452-499-0x00000000001F0000-0x00000000001F7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/2680-144-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-126-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-152-0x000000000064B000-0x000000000065B000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/2680-149-0x0000000000400000-0x0000000000447000-memory.dmp

                      Filesize

                      284KB

                      Download

                    • memory/2680-151-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-150-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-147-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-148-0x0000000000450000-0x000000000059A000-memory.dmp

                      Filesize

                      1.3MB

                      Download

                    • memory/2680-146-0x000000000064B000-0x000000000065B000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/2680-145-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-115-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-143-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-142-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-141-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-140-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-139-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-138-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-137-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-136-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-135-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-134-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-133-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-132-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-116-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-117-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-131-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-118-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-119-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-120-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-121-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-130-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-122-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-124-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-125-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-123-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-129-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-127-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-128-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2680-153-0x0000000000400000-0x0000000000447000-memory.dmp

                      Filesize

                      284KB

                      Download

                    • memory/3560-181-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3560-183-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3560-184-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3560-180-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3560-187-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3560-185-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3560-189-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3560-188-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3560-182-0x0000000076EA0000-0x000000007702E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3644-261-0x00000000006A0000-0x00000000006A9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3644-562-0x00000000006A0000-0x00000000006A9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3644-262-0x0000000000690000-0x000000000069F000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/3856-568-0x00000000032F0000-0x00000000032F8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/3856-559-0x00000000032F0000-0x00000000032F8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/3856-560-0x00000000032E0000-0x00000000032EB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4044-323-0x00000000008E0000-0x00000000008EC000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/4044-322-0x00000000008F0000-0x00000000008F6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4044-563-0x00000000008F0000-0x00000000008F6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4604-401-0x0000000000530000-0x0000000000557000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/4604-399-0x0000000000560000-0x0000000000582000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4604-564-0x0000000000560000-0x0000000000582000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4948-565-0x00000000030F0000-0x00000000030F5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4948-457-0x00000000030E0000-0x00000000030E9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4948-456-0x00000000030F0000-0x00000000030F5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/5036-611-0x000000000069B000-0x00000000006AC000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/5036-612-0x00000000004A0000-0x00000000004A9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/5036-613-0x0000000000400000-0x0000000000447000-memory.dmp

                      Filesize

                      284KB

                      Download

                    • memory/5036-614-0x0000000000400000-0x0000000000447000-memory.dmp

                      Filesize

                      284KB

                      Download

                    • memory/5076-321-0x0000000000850000-0x0000000000859000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/5076-320-0x0000000000860000-0x0000000000865000-memory.dmp

                      Filesize

                      20KB

                      Download