Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/10/2022, 07:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0acf8d08bfb9a634bb6c402606d75020d33825edb88f8d2825088b9d66903231.exe

  • Size

    260KB

  • MD5

    1207574805ab0ff6312808b32e75f8ef

  • SHA1

    b8238cb5e2d2690202cff0cb5cdf2918cbd089b6

  • SHA256

    0acf8d08bfb9a634bb6c402606d75020d33825edb88f8d2825088b9d66903231

  • SHA512

    8c7df0fe1a35d77002dcc3f599234125b251bf3c06c5be58d341e6917305b17a767a621579c15e3bd9386f9bd1e47a3bfd0f0da5fbb173a598e34cf031d77c2b

  • SSDEEP

    3072:9XhS4iecsJTjSMJzMw5LaDe7m2xc5yRFCKASZAhBuT7+M/h3qpZa9uD6VdyhkekP:5E4Du8r3S2QSAvTFrwVfeXO

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0acf8d08bfb9a634bb6c402606d75020d33825edb88f8d2825088b9d66903231.exe
    "C:\Users\Admin\AppData\Local\Temp\0acf8d08bfb9a634bb6c402606d75020d33825edb88f8d2825088b9d66903231.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:828
  • C:\Users\Admin\AppData\Roaming\wbgbred
    C:\Users\Admin\AppData\Roaming\wbgbred
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    • Suspicious behavior: MapViewOfSection
    PID:4400

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\wbgbred
          Filesize

          260KB

          MD5

          1207574805ab0ff6312808b32e75f8ef

          SHA1

          b8238cb5e2d2690202cff0cb5cdf2918cbd089b6

          SHA256

          0acf8d08bfb9a634bb6c402606d75020d33825edb88f8d2825088b9d66903231

          SHA512

          8c7df0fe1a35d77002dcc3f599234125b251bf3c06c5be58d341e6917305b17a767a621579c15e3bd9386f9bd1e47a3bfd0f0da5fbb173a598e34cf031d77c2b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\wbgbred
          Filesize

          260KB

          MD5

          1207574805ab0ff6312808b32e75f8ef

          SHA1

          b8238cb5e2d2690202cff0cb5cdf2918cbd089b6

          SHA256

          0acf8d08bfb9a634bb6c402606d75020d33825edb88f8d2825088b9d66903231

          SHA512

          8c7df0fe1a35d77002dcc3f599234125b251bf3c06c5be58d341e6917305b17a767a621579c15e3bd9386f9bd1e47a3bfd0f0da5fbb173a598e34cf031d77c2b

          Download Submit

        • memory/828-132-0x00000000007CD000-0x00000000007DD000-memory.dmp

          Filesize

          64KB

          Download

        • memory/828-133-0x0000000000590000-0x0000000000599000-memory.dmp

          Filesize

          36KB

          Download

        • memory/828-134-0x0000000000400000-0x0000000000445000-memory.dmp

          Filesize

          276KB

          Download

        • memory/828-135-0x0000000000400000-0x0000000000445000-memory.dmp

          Filesize

          276KB

          Download

        • memory/4400-138-0x000000000051D000-0x000000000052D000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4400-139-0x0000000000400000-0x0000000000445000-memory.dmp

          Filesize

          276KB

          Download

        • memory/4400-140-0x0000000000400000-0x0000000000445000-memory.dmp

          Filesize

          276KB

          Download