Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11/10/2022, 16:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e258c2a25553f479516852e18fccb6a133b0ee8c5483050621a57ee3c1e0567.exe

  • Size

    216KB

  • MD5

    f2982bf127b5847ab407d0e997b577cb

  • SHA1

    d1dae5ac0e1794e9c3b122281bac43d5668accfb

  • SHA256

    2e258c2a25553f479516852e18fccb6a133b0ee8c5483050621a57ee3c1e0567

  • SHA512

    77483c5d24d13a5a2033008d20bde53cb77290b355b3e7cb536e53ae704afcb81bda468d176251015c79d3dff3bb94f31632bcc4b16532cda9b01252418f93aa

  • SSDEEP

    3072:1PaPlOZEEWcLJKzyWt8tKa2GfOhjZxUeCrJY4Y2gm6wdkO:1yCNLJIylKa7faMeClYbwi

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e258c2a25553f479516852e18fccb6a133b0ee8c5483050621a57ee3c1e0567.exe
    "C:\Users\Admin\AppData\Local\Temp\2e258c2a25553f479516852e18fccb6a133b0ee8c5483050621a57ee3c1e0567.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4792
  • C:\Users\Admin\AppData\Local\Temp\AEAA.exe
    C:\Users\Admin\AppData\Local\Temp\AEAA.exe
    1⤵
    • Executes dropped EXE
    PID:4848

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AEAA.exe
    Filesize

    1.3MB

    MD5

    eadb3be4d3aed537549aa7e4e1ede5db

    SHA1

    fc8064f80842090291840b04d7ef7551811e9af4

    SHA256

    bb18e42c700a649d3cecc2e21d679c0b46568b6da06303e01e6b196203536d06

    SHA512

    8ea649eea2960809b4465420670d214f5235533927cc334696eaa314f6d97fa162449979f4a1fd30c073dfc1c7cb116de408ad049dff9ad9c1ce48fcad588514

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AEAA.exe
    Filesize

    1.3MB

    MD5

    eadb3be4d3aed537549aa7e4e1ede5db

    SHA1

    fc8064f80842090291840b04d7ef7551811e9af4

    SHA256

    bb18e42c700a649d3cecc2e21d679c0b46568b6da06303e01e6b196203536d06

    SHA512

    8ea649eea2960809b4465420670d214f5235533927cc334696eaa314f6d97fa162449979f4a1fd30c073dfc1c7cb116de408ad049dff9ad9c1ce48fcad588514

    Download Submit

  • memory/4792-116-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-118-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-117-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-119-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-120-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-121-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-122-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-124-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-123-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-127-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-126-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-128-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-125-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-129-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-130-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-131-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-133-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-135-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-136-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-134-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-132-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-137-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-139-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-140-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-142-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-141-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-143-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-146-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-148-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-149-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-147-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-151-0x00000000022C0000-0x00000000022C9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4792-150-0x00000000005A0000-0x000000000064E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/4792-152-0x0000000000400000-0x0000000000594000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-145-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-144-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4792-153-0x0000000000400000-0x0000000000594000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-156-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-157-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-158-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-159-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-160-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-161-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-162-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-164-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-165-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-166-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-167-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-168-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-169-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-170-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-171-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-172-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-173-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-174-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-175-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-176-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-178-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-177-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-180-0x00000000777D0000-0x000000007795E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4848-181-0x0000000002580000-0x00000000026A2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4848-182-0x00000000026B0000-0x0000000002972000-memory.dmp

    Filesize

    2.8MB

    Download