Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    56s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/10/2022, 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9e7d227f4d95470c0b632b95522c8926e5367f444ac05163ddb135d04d7773e.exe

  • Size

    270KB

  • MD5

    efd11a9bee9bca070b4a31af8db91c77

  • SHA1

    5924eeaf3329ed517d624cef0f0ac96a3575df68

  • SHA256

    e9e7d227f4d95470c0b632b95522c8926e5367f444ac05163ddb135d04d7773e

  • SHA512

    d73b3414fffd92db3aa8c21161edf6dd510bab9bc954fce074b79855632b6f748d09c1261d868316c99bf03a47b24bb066339a3e859fdef4ed5ba08ef55fa448

  • SSDEEP

    6144:1bLcy7wznz5/NOA43I6CXwzsTrwVfquS:1LMnz5FzBwKd

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9e7d227f4d95470c0b632b95522c8926e5367f444ac05163ddb135d04d7773e.exe
    "C:\Users\Admin\AppData\Local\Temp\e9e7d227f4d95470c0b632b95522c8926e5367f444ac05163ddb135d04d7773e.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:388

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/388-120-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-121-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-122-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-123-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-124-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-125-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-126-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-127-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-128-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-129-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-130-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-131-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-132-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-133-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-134-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-135-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-136-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-137-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-138-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-139-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-140-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-141-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-143-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-144-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-145-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-147-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-149-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/388-148-0x0000000000530000-0x0000000000539000-memory.dmp

    Filesize

    36KB

    Download

  • memory/388-146-0x0000000000560000-0x00000000006AA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/388-150-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-151-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-152-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-153-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-154-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-155-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-156-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/388-157-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download