Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    64s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12-10-2022 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16a557d079ac9c060785b7660ff0898a26f28f216e97ed690ad5d1ff40ab3c9b.exe

  • Size

    295KB

  • MD5

    f935e1c897aa983688519dddc115e60b

  • SHA1

    a309872ca7c1ecb9d14ae450639d51ef8026e3c0

  • SHA256

    16a557d079ac9c060785b7660ff0898a26f28f216e97ed690ad5d1ff40ab3c9b

  • SHA512

    cb23c106648c3df3a07d8b9f3751a92a71fb774da07a27ca5183984a2cdbb7222c141717bf11173b03f8c97ccf5906f19279f309828a841577e224ae20d26167

  • SSDEEP

    6144:Q5HqU+UykCxG9Gre+5eoL8nqq5VEtzDIxVeigavwVf3:QsUbBCxvre+5eoYqq5MzDuT8

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16a557d079ac9c060785b7660ff0898a26f28f216e97ed690ad5d1ff40ab3c9b.exe
    "C:\Users\Admin\AppData\Local\Temp\16a557d079ac9c060785b7660ff0898a26f28f216e97ed690ad5d1ff40ab3c9b.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3504

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3504-117-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-118-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-119-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-120-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-121-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-122-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-123-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-124-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-125-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-126-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-127-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-128-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-129-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-130-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-131-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-132-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-133-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-134-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-135-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-136-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-137-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-138-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-139-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-140-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-142-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-143-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-144-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-145-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-146-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-147-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-148-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-149-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-151-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-154-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/3504-153-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-152-0x00000000001E0000-0x00000000001E9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3504-150-0x0000000000450000-0x00000000004FE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3504-155-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download