Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    183s
  • max time network
    196s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24a8afd4826ccb99011101bb7610c99c29d82994765cc02647ce0ca1e280bfd7.exe

  • Size

    194KB

  • MD5

    2af7b8264bd70de210e6e2b05adad0f9

  • SHA1

    e31a656d392ac70916570a675de98c040a20d90f

  • SHA256

    24a8afd4826ccb99011101bb7610c99c29d82994765cc02647ce0ca1e280bfd7

  • SHA512

    abdade54943c5a76f6c552b634b9dd6e17546f6d283588941c3a0a35a59eeb443701ee173341d5fbcbd02d9a80ca530450819c268d82669b2a36987192fb135c

  • SSDEEP

    3072:aXS4kmLk10FsY58NpJDqmnXFgjHxaWfe20KJAQ1+:6tkmLBu1fJDtn1l80RQ1

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 2 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24a8afd4826ccb99011101bb7610c99c29d82994765cc02647ce0ca1e280bfd7.exe
    "C:\Users\Admin\AppData\Local\Temp\24a8afd4826ccb99011101bb7610c99c29d82994765cc02647ce0ca1e280bfd7.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:5080
  • C:\Users\Admin\AppData\Local\Temp\8102.exe
    C:\Users\Admin\AppData\Local\Temp\8102.exe
    1⤵
    • Executes dropped EXE
    PID:4344
  • C:\Users\Admin\AppData\Local\Temp\B9F5.exe
    C:\Users\Admin\AppData\Local\Temp\B9F5.exe
    1⤵
    • Executes dropped EXE
    PID:1200
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:4272
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:3736
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:4288
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:1824
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:4044
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:3236
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:3904
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:996
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:4936

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\8102.exe
                      Filesize

                      361KB

                      MD5

                      c8588b731592e0b048a0b181d09fe020

                      SHA1

                      c8ac824e74968b7e3cfc88890c1948c1f27cf298

                      SHA256

                      d10cb807f66c43ba55138c002a4d5a7203aa6e277d20165c4be570111c10a930

                      SHA512

                      042a181ad2dba229102e912eedb9f58aebdb6615a3b5314778e376e1fa3349bd5aa6c0657c7fdf5e174d7f5f625154b97160291a7ff5a280255e790108945922

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\8102.exe
                      Filesize

                      361KB

                      MD5

                      c8588b731592e0b048a0b181d09fe020

                      SHA1

                      c8ac824e74968b7e3cfc88890c1948c1f27cf298

                      SHA256

                      d10cb807f66c43ba55138c002a4d5a7203aa6e277d20165c4be570111c10a930

                      SHA512

                      042a181ad2dba229102e912eedb9f58aebdb6615a3b5314778e376e1fa3349bd5aa6c0657c7fdf5e174d7f5f625154b97160291a7ff5a280255e790108945922

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\B9F5.exe
                      Filesize

                      361KB

                      MD5

                      97363c84a5234bceaa765609a99ee8b7

                      SHA1

                      f02a8a68fd1414246073f685c232b895798a6f59

                      SHA256

                      8fd79179f0e8e72f7bbeff11d2bbcc42abed9baa1e48f6095580c48f2430b41f

                      SHA512

                      a752fa8019a5f74ae93de70578b26bda6680879a2294836f2e4e3184cdd884e7663f6b37615b4b96552e3cd414c544a8e221c9b3519dd2ff46211a0c74a3b121

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\B9F5.exe
                      Filesize

                      361KB

                      MD5

                      97363c84a5234bceaa765609a99ee8b7

                      SHA1

                      f02a8a68fd1414246073f685c232b895798a6f59

                      SHA256

                      8fd79179f0e8e72f7bbeff11d2bbcc42abed9baa1e48f6095580c48f2430b41f

                      SHA512

                      a752fa8019a5f74ae93de70578b26bda6680879a2294836f2e4e3184cdd884e7663f6b37615b4b96552e3cd414c544a8e221c9b3519dd2ff46211a0c74a3b121

                      Download Submit

                    • memory/996-177-0x0000000000DB0000-0x0000000000DB7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/996-167-0x0000000000DA0000-0x0000000000DAD000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/996-166-0x0000000000DB0000-0x0000000000DB7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/1824-154-0x0000000000A80000-0x0000000000A86000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/1824-155-0x00000000007F0000-0x00000000007FC000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/3236-176-0x00000000004A0000-0x00000000004A9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3236-164-0x00000000004A0000-0x00000000004A9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3236-163-0x00000000004B0000-0x00000000004B5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/3736-148-0x0000000000BA0000-0x0000000000BA9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3736-149-0x0000000000B90000-0x0000000000B9F000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/3736-172-0x0000000000BA0000-0x0000000000BA9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3904-175-0x00000000010F0000-0x00000000010F6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/3904-162-0x00000000010E0000-0x00000000010EB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/3904-161-0x00000000010F0000-0x00000000010F6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4044-158-0x0000000000DB0000-0x0000000000DD7000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/4044-157-0x0000000001000000-0x0000000001022000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4044-174-0x0000000001000000-0x0000000001022000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4272-146-0x00000000006D0000-0x00000000006DB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4272-145-0x00000000006E0000-0x00000000006E7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4272-169-0x00000000006E0000-0x00000000006E7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4288-152-0x0000000000DB0000-0x0000000000DB9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4288-173-0x0000000000DC0000-0x0000000000DC5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4288-151-0x0000000000DC0000-0x0000000000DC5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4936-170-0x0000000000F40000-0x0000000000F48000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/4936-171-0x0000000000F30000-0x0000000000F3B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4936-178-0x0000000000F40000-0x0000000000F48000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/5080-136-0x0000000002030000-0x0000000002039000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/5080-134-0x0000000000400000-0x0000000000435000-memory.dmp

                      Filesize

                      212KB

                      Download

                    • memory/5080-132-0x0000000000568000-0x0000000000579000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/5080-133-0x0000000002030000-0x0000000002039000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/5080-135-0x0000000000568000-0x0000000000579000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/5080-137-0x0000000000400000-0x0000000000435000-memory.dmp

                      Filesize

                      212KB

                      Download