Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    66s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-10-2022 20:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d559c37122df1e49c92d4feb41cfbfdba1b2879e809b825e47be39e98d2b9785.exe

  • Size

    229KB

  • MD5

    a7cd11aa0d6e09767473182818e2f91a

  • SHA1

    076c24fc71a472f81a38611e5d7b2586eae69425

  • SHA256

    d559c37122df1e49c92d4feb41cfbfdba1b2879e809b825e47be39e98d2b9785

  • SHA512

    005ed57595caf607310891e80163612889d1b47f5d87457a8d50c1db83259d9b1e49e49f11e124cef74bac4aba76c9a389f630308fd4ab680c6a103194383ef1

  • SSDEEP

    3072:XK2aDBjqCV+4pR+X8L0qcCAPoWcsIxgDUwFuSKrnHNU1nzpxOrk74h:XKhDBGVML0AAPoxsGn7HNoag74

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d559c37122df1e49c92d4feb41cfbfdba1b2879e809b825e47be39e98d2b9785.exe
    "C:\Users\Admin\AppData\Local\Temp\d559c37122df1e49c92d4feb41cfbfdba1b2879e809b825e47be39e98d2b9785.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4152
    • C:\Users\Admin\AppData\Local\Temp\d559c37122df1e49c92d4feb41cfbfdba1b2879e809b825e47be39e98d2b9785.exe
      "C:\Users\Admin\AppData\Local\Temp\d559c37122df1e49c92d4feb41cfbfdba1b2879e809b825e47be39e98d2b9785.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:2108

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2108-166-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-169-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-151-0x0000000000402DD8-mapping.dmp

    Download

  • memory/2108-182-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2108-153-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-181-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-180-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-179-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-152-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-177-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-176-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-175-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-174-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-173-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-172-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-171-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-170-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-154-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-168-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-167-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-161-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-165-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-164-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2108-163-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-162-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-159-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-160-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-158-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-157-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-150-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2108-156-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-178-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2108-155-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-137-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-124-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-122-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-149-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-148-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-147-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-144-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-146-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-145-0x00000000001F0000-0x00000000001F9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4152-142-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-143-0x00000000005A0000-0x00000000006EA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4152-141-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-120-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-140-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-139-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-138-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-121-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-136-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-135-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-134-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-133-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-132-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-131-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-130-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-129-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-128-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-126-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-125-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4152-123-0x0000000077DE0000-0x0000000077F6E000-memory.dmp

    Filesize

    1.6MB

    Download