Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2022, 10:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3e36c51cb6a259e9ad0e4653ec29a22e885b8de969d5702ec64f1df75b760621.exe

  • Size

    268KB

  • MD5

    0d556d4346d55126a6d9e5a2c7b47971

  • SHA1

    d5ee967bfc358fb8611dd4d3f098a876c8b50c1d

  • SHA256

    3e36c51cb6a259e9ad0e4653ec29a22e885b8de969d5702ec64f1df75b760621

  • SHA512

    58891754ce0dc7078e438ca175cb1813c1a8ac7e662cf11137dd24f0d03e070211ea55a224747901e3544e7a73df9a72d5bad16241624c42b378157161a05438

  • SSDEEP

    3072:WXKt1zH/CfkZAi5eL0+iI8fCo53magj2vCyFjIRvIOX0DuiM/h3qpZa9uD6VdyhX:+m+YAc+iI87maS2vFjIRiyirwVfquSl

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 4 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e36c51cb6a259e9ad0e4653ec29a22e885b8de969d5702ec64f1df75b760621.exe
    "C:\Users\Admin\AppData\Local\Temp\3e36c51cb6a259e9ad0e4653ec29a22e885b8de969d5702ec64f1df75b760621.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1004
  • C:\Users\Admin\AppData\Local\Temp\2AF8.exe
    C:\Users\Admin\AppData\Local\Temp\2AF8.exe
    1⤵
    • Executes dropped EXE
    PID:4392
  • C:\Users\Admin\AppData\Local\Temp\321D.exe
    C:\Users\Admin\AppData\Local\Temp\321D.exe
    1⤵
    • Executes dropped EXE
    PID:1732
  • C:\Users\Admin\AppData\Local\Temp\3848.exe
    C:\Users\Admin\AppData\Local\Temp\3848.exe
    1⤵
    • Executes dropped EXE
    PID:5068
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:5048
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:2904
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:4108
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:4072
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:4988
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:3676
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:3672
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:2032
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:4616
                    • C:\Users\Admin\AppData\Roaming\euwjbfe
                      C:\Users\Admin\AppData\Roaming\euwjbfe
                      1⤵
                      • Executes dropped EXE
                      • Checks SCSI registry key(s)
                      • Suspicious behavior: MapViewOfSection
                      PID:3812

                    Network

                          MITRE ATT&CK Enterprise v6

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Temp\2AF8.exe
                            Filesize

                            720KB

                            MD5

                            93f7131afac711322ee65741c1a53b0c

                            SHA1

                            d6b753c0ffc5c5013227c289bdeb8b32d897f97f

                            SHA256

                            5c36010677019b2afa717ca73c958e336a6f857e6b2036e3fb5fbd5da9553c2c

                            SHA512

                            4e9405dd3600856144f845fa2ceecf80a00bec3e096f6b13f5fe5edbb32561b335c412f387730f9b92a6bc02ea4a04405f2d36c78dfa496224f5993c0b8010e6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\2AF8.exe
                            Filesize

                            720KB

                            MD5

                            93f7131afac711322ee65741c1a53b0c

                            SHA1

                            d6b753c0ffc5c5013227c289bdeb8b32d897f97f

                            SHA256

                            5c36010677019b2afa717ca73c958e336a6f857e6b2036e3fb5fbd5da9553c2c

                            SHA512

                            4e9405dd3600856144f845fa2ceecf80a00bec3e096f6b13f5fe5edbb32561b335c412f387730f9b92a6bc02ea4a04405f2d36c78dfa496224f5993c0b8010e6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\321D.exe
                            Filesize

                            783KB

                            MD5

                            24b8bff74481e0adc58c78be3a7235df

                            SHA1

                            6dd8a890031d1b6d50a044083dc3b37329602e48

                            SHA256

                            caca9c1b017d7168afbd290311741734a1b0bbeb9f339bfc46bf068e68d0b845

                            SHA512

                            bdc3abd91cca6b94efa47a4816af4b2877b9b5a63185884f026f8bcdb7b06134cd4b84b4c65cb5d7368349de07f0596360029b15fc505a419bf6e70cae13dde4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\321D.exe
                            Filesize

                            783KB

                            MD5

                            24b8bff74481e0adc58c78be3a7235df

                            SHA1

                            6dd8a890031d1b6d50a044083dc3b37329602e48

                            SHA256

                            caca9c1b017d7168afbd290311741734a1b0bbeb9f339bfc46bf068e68d0b845

                            SHA512

                            bdc3abd91cca6b94efa47a4816af4b2877b9b5a63185884f026f8bcdb7b06134cd4b84b4c65cb5d7368349de07f0596360029b15fc505a419bf6e70cae13dde4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\3848.exe
                            Filesize

                            720KB

                            MD5

                            ce73f9e8803583ddad380ed911b405f6

                            SHA1

                            29c26c6355b2788015744172913365642991a800

                            SHA256

                            b1c4b4ee2303af593e3c79f3f0b2323fc183e17d1524b91366c8d4528edfac54

                            SHA512

                            42a26f13440a71139f8b6a2fe6901dc8104a79ab217d18a6cf628bea60f3fb7a0641fe291b40cfc381d75efc90a33cab9b17eeea2a99101f0063386b36097ad9

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\3848.exe
                            Filesize

                            720KB

                            MD5

                            ce73f9e8803583ddad380ed911b405f6

                            SHA1

                            29c26c6355b2788015744172913365642991a800

                            SHA256

                            b1c4b4ee2303af593e3c79f3f0b2323fc183e17d1524b91366c8d4528edfac54

                            SHA512

                            42a26f13440a71139f8b6a2fe6901dc8104a79ab217d18a6cf628bea60f3fb7a0641fe291b40cfc381d75efc90a33cab9b17eeea2a99101f0063386b36097ad9

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\euwjbfe
                            Filesize

                            268KB

                            MD5

                            0d556d4346d55126a6d9e5a2c7b47971

                            SHA1

                            d5ee967bfc358fb8611dd4d3f098a876c8b50c1d

                            SHA256

                            3e36c51cb6a259e9ad0e4653ec29a22e885b8de969d5702ec64f1df75b760621

                            SHA512

                            58891754ce0dc7078e438ca175cb1813c1a8ac7e662cf11137dd24f0d03e070211ea55a224747901e3544e7a73df9a72d5bad16241624c42b378157161a05438

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\euwjbfe
                            Filesize

                            268KB

                            MD5

                            0d556d4346d55126a6d9e5a2c7b47971

                            SHA1

                            d5ee967bfc358fb8611dd4d3f098a876c8b50c1d

                            SHA256

                            3e36c51cb6a259e9ad0e4653ec29a22e885b8de969d5702ec64f1df75b760621

                            SHA512

                            58891754ce0dc7078e438ca175cb1813c1a8ac7e662cf11137dd24f0d03e070211ea55a224747901e3544e7a73df9a72d5bad16241624c42b378157161a05438

                            Download Submit

                          • memory/1004-132-0x00000000006AE000-0x00000000006BE000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/1004-133-0x00000000005E0000-0x00000000005E9000-memory.dmp

                            Filesize

                            36KB

                            Download

                          • memory/1004-135-0x0000000000400000-0x0000000000447000-memory.dmp

                            Filesize

                            284KB

                            Download

                          • memory/1004-134-0x0000000000400000-0x0000000000447000-memory.dmp

                            Filesize

                            284KB

                            Download

                          • memory/2032-167-0x00000000005E0000-0x00000000005E7000-memory.dmp

                            Filesize

                            28KB

                            Download

                          • memory/2032-168-0x00000000005D0000-0x00000000005DD000-memory.dmp

                            Filesize

                            52KB

                            Download

                          • memory/2032-179-0x00000000005E0000-0x00000000005E7000-memory.dmp

                            Filesize

                            28KB

                            Download

                          • memory/2904-149-0x0000000000720000-0x0000000000729000-memory.dmp

                            Filesize

                            36KB

                            Download

                          • memory/2904-150-0x0000000000710000-0x000000000071F000-memory.dmp

                            Filesize

                            60KB

                            Download

                          • memory/2904-173-0x0000000000720000-0x0000000000729000-memory.dmp

                            Filesize

                            36KB

                            Download

                          • memory/3672-165-0x0000000000760000-0x000000000076B000-memory.dmp

                            Filesize

                            44KB

                            Download

                          • memory/3672-178-0x0000000000770000-0x0000000000776000-memory.dmp

                            Filesize

                            24KB

                            Download

                          • memory/3672-164-0x0000000000770000-0x0000000000776000-memory.dmp

                            Filesize

                            24KB

                            Download

                          • memory/3676-161-0x0000000000930000-0x0000000000935000-memory.dmp

                            Filesize

                            20KB

                            Download

                          • memory/3676-162-0x0000000000920000-0x0000000000929000-memory.dmp

                            Filesize

                            36KB

                            Download

                          • memory/3676-177-0x0000000000930000-0x0000000000935000-memory.dmp

                            Filesize

                            20KB

                            Download

                          • memory/3812-184-0x0000000000400000-0x0000000000447000-memory.dmp

                            Filesize

                            284KB

                            Download

                          • memory/3812-185-0x0000000000400000-0x0000000000447000-memory.dmp

                            Filesize

                            284KB

                            Download

                          • memory/3812-183-0x000000000055D000-0x000000000056D000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/4072-175-0x0000000000CD0000-0x0000000000CD6000-memory.dmp

                            Filesize

                            24KB

                            Download

                          • memory/4072-156-0x0000000000CC0000-0x0000000000CCC000-memory.dmp

                            Filesize

                            48KB

                            Download

                          • memory/4072-155-0x0000000000CD0000-0x0000000000CD6000-memory.dmp

                            Filesize

                            24KB

                            Download

                          • memory/4108-152-0x0000000000390000-0x0000000000395000-memory.dmp

                            Filesize

                            20KB

                            Download

                          • memory/4108-174-0x0000000000390000-0x0000000000395000-memory.dmp

                            Filesize

                            20KB

                            Download

                          • memory/4108-153-0x0000000000380000-0x0000000000389000-memory.dmp

                            Filesize

                            36KB

                            Download

                          • memory/4616-180-0x0000000000CF0000-0x0000000000CF8000-memory.dmp

                            Filesize

                            32KB

                            Download

                          • memory/4616-171-0x0000000000CE0000-0x0000000000CEB000-memory.dmp

                            Filesize

                            44KB

                            Download

                          • memory/4616-170-0x0000000000CF0000-0x0000000000CF8000-memory.dmp

                            Filesize

                            32KB

                            Download

                          • memory/4988-158-0x0000000000AE0000-0x0000000000B02000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/4988-176-0x0000000000AE0000-0x0000000000B02000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/4988-159-0x0000000000AB0000-0x0000000000AD7000-memory.dmp

                            Filesize

                            156KB

                            Download

                          • memory/5048-172-0x0000000000BD0000-0x0000000000BD7000-memory.dmp

                            Filesize

                            28KB

                            Download

                          • memory/5048-147-0x0000000000BC0000-0x0000000000BCB000-memory.dmp

                            Filesize

                            44KB

                            Download

                          • memory/5048-146-0x0000000000BD0000-0x0000000000BD7000-memory.dmp

                            Filesize

                            28KB

                            Download