Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    112s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/10/2022, 18:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ee276cb28ae867d0225ada849dcd6ca8844e67cd95b28bb3eeb4dd89f8879790.exe

  • Size

    219KB

  • MD5

    74943a65af0692560119905d31403d0a

  • SHA1

    8b65f7d4759c8a0db1440cd70bd444781e1128b8

  • SHA256

    ee276cb28ae867d0225ada849dcd6ca8844e67cd95b28bb3eeb4dd89f8879790

  • SHA512

    1278997bcead49f6260c2550f67bd61fd85a27eddeb8c0c094ca795886ea351799ee9d30d39e775e9115884212a0da2930ec8d7ab97ee8dc66704e01a4cd2501

  • SSDEEP

    3072:YXpRKH9wLSCQ4o3M5yiID7ItbLreHqg/4fjS0KWEeVef:s6H9wLe3lDuIp4bS0xEd

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee276cb28ae867d0225ada849dcd6ca8844e67cd95b28bb3eeb4dd89f8879790.exe
    "C:\Users\Admin\AppData\Local\Temp\ee276cb28ae867d0225ada849dcd6ca8844e67cd95b28bb3eeb4dd89f8879790.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Users\Admin\AppData\Local\Temp\ee276cb28ae867d0225ada849dcd6ca8844e67cd95b28bb3eeb4dd89f8879790.exe
      "C:\Users\Admin\AppData\Local\Temp\ee276cb28ae867d0225ada849dcd6ca8844e67cd95b28bb3eeb4dd89f8879790.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:376

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/376-165-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-169-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-182-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/376-181-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-180-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-179-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-178-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-177-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-176-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-175-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-174-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-173-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-172-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-171-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-170-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-154-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-155-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-168-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-167-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-166-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-164-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-162-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/376-163-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-161-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-160-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-159-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-151-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-158-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-149-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/376-157-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-156-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/376-152-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-136-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-135-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-153-0x0000000000631000-0x0000000000642000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2300-121-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-148-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-147-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-146-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-145-0x00000000001E0000-0x00000000001E9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2300-144-0x0000000000631000-0x0000000000642000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2300-143-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-141-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-142-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-120-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-140-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-139-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-138-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-137-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-134-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-133-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-132-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-131-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-130-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-129-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-128-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-127-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-126-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-125-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-124-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-123-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2300-122-0x0000000077A00000-0x0000000077B8E000-memory.dmp

          Filesize

          1.6MB

          Download