Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/10/2022, 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba4e96637214455b7a9df148f365b47630d09dfe2bb8257b924b2a6535dfc731.exe

  • Size

    197KB

  • MD5

    f9576d1cdb7ee25d5a2ceb8e82b963f4

  • SHA1

    0f34f84778607141712851868626dec957da6306

  • SHA256

    ba4e96637214455b7a9df148f365b47630d09dfe2bb8257b924b2a6535dfc731

  • SHA512

    fe1ab6baee890d66a4bf451a3f2f5c306e83845c9d81c16d0cc705a0644c1f7f73068c0dbd189b6f24c7cabe73e3803223e74f20554dae9777c3da34f7ca7098

  • SSDEEP

    3072:0XSzufLii+CC5j/O1Ey8wCb7lfx4IR7LR/BKtL0K2VAH6rk:wyufLXLAmf+7pxV7LFC0BVAHL

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 8 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba4e96637214455b7a9df148f365b47630d09dfe2bb8257b924b2a6535dfc731.exe
    "C:\Users\Admin\AppData\Local\Temp\ba4e96637214455b7a9df148f365b47630d09dfe2bb8257b924b2a6535dfc731.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Users\Admin\AppData\Local\Temp\ba4e96637214455b7a9df148f365b47630d09dfe2bb8257b924b2a6535dfc731.exe
      "C:\Users\Admin\AppData\Local\Temp\ba4e96637214455b7a9df148f365b47630d09dfe2bb8257b924b2a6535dfc731.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4788
  • C:\Users\Admin\AppData\Roaming\udtrbaf
    C:\Users\Admin\AppData\Roaming\udtrbaf
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4772
    • C:\Users\Admin\AppData\Roaming\udtrbaf
      C:\Users\Admin\AppData\Roaming\udtrbaf
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:4396

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\udtrbaf
    Filesize

    197KB

    MD5

    f9576d1cdb7ee25d5a2ceb8e82b963f4

    SHA1

    0f34f84778607141712851868626dec957da6306

    SHA256

    ba4e96637214455b7a9df148f365b47630d09dfe2bb8257b924b2a6535dfc731

    SHA512

    fe1ab6baee890d66a4bf451a3f2f5c306e83845c9d81c16d0cc705a0644c1f7f73068c0dbd189b6f24c7cabe73e3803223e74f20554dae9777c3da34f7ca7098

    Download Submit

  • C:\Users\Admin\AppData\Roaming\udtrbaf
    Filesize

    197KB

    MD5

    f9576d1cdb7ee25d5a2ceb8e82b963f4

    SHA1

    0f34f84778607141712851868626dec957da6306

    SHA256

    ba4e96637214455b7a9df148f365b47630d09dfe2bb8257b924b2a6535dfc731

    SHA512

    fe1ab6baee890d66a4bf451a3f2f5c306e83845c9d81c16d0cc705a0644c1f7f73068c0dbd189b6f24c7cabe73e3803223e74f20554dae9777c3da34f7ca7098

    Download Submit

  • C:\Users\Admin\AppData\Roaming\udtrbaf
    Filesize

    197KB

    MD5

    f9576d1cdb7ee25d5a2ceb8e82b963f4

    SHA1

    0f34f84778607141712851868626dec957da6306

    SHA256

    ba4e96637214455b7a9df148f365b47630d09dfe2bb8257b924b2a6535dfc731

    SHA512

    fe1ab6baee890d66a4bf451a3f2f5c306e83845c9d81c16d0cc705a0644c1f7f73068c0dbd189b6f24c7cabe73e3803223e74f20554dae9777c3da34f7ca7098

    Download Submit

  • memory/2716-137-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-139-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-120-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-121-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-122-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-123-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-124-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-125-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-127-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-126-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-128-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-129-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-130-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-131-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-132-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-133-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-134-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-135-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-136-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-116-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-119-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-140-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-138-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-141-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-142-0x0000000000696000-0x00000000006A7000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2716-143-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-144-0x00000000005B0000-0x00000000005B9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2716-147-0x0000000000696000-0x00000000006A7000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2716-117-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-118-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4396-242-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4396-241-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4772-182-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4772-218-0x0000000000736000-0x0000000000747000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4772-181-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4772-180-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4772-183-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4772-186-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4772-185-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4772-184-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-150-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-157-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-158-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4788-159-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-160-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-161-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-162-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-163-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-164-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-165-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-166-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-167-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-168-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-169-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-170-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-171-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-172-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-173-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-174-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-156-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-155-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-154-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-153-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-152-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-151-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-149-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-148-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-145-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4788-175-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-176-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-177-0x0000000077A60000-0x0000000077BEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4788-178-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download