Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    63s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25/10/2022, 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ac6cdf5bc860699cadafbd51d599b6a5525528172b19ab7a30c46ddae657c07.exe

  • Size

    255KB

  • MD5

    08d9393dcd344de4de3cc1756f6ae080

  • SHA1

    6f9ac1c9ed9eb2d6834c69b365046c42afd0c8de

  • SHA256

    8ac6cdf5bc860699cadafbd51d599b6a5525528172b19ab7a30c46ddae657c07

  • SHA512

    41ec28fbb45bb1f8a4494464f0abf0b886beb375341783a4b55b01968d7f7fe04507e3a7b881c6cbd62cbed038a2a703b932ea86c8c4343cd2c50c6189a6b230

  • SSDEEP

    6144:OyQBLe8rMT7A8VR79NV0L6orwrzN1cn73t:OnK8rMTs8f7AWzXc73t

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ac6cdf5bc860699cadafbd51d599b6a5525528172b19ab7a30c46ddae657c07.exe
    "C:\Users\Admin\AppData\Local\Temp\8ac6cdf5bc860699cadafbd51d599b6a5525528172b19ab7a30c46ddae657c07.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Users\Admin\AppData\Local\Temp\8ac6cdf5bc860699cadafbd51d599b6a5525528172b19ab7a30c46ddae657c07.exe
      "C:\Users\Admin\AppData\Local\Temp\8ac6cdf5bc860699cadafbd51d599b6a5525528172b19ab7a30c46ddae657c07.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:3868

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2916-120-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-121-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-122-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-123-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-124-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-125-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-126-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-127-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-128-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-129-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-130-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-131-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-132-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-133-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-134-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-135-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-136-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-137-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-138-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-140-0x0000000002E60000-0x0000000002E69000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2916-141-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-139-0x0000000002E81000-0x0000000002E96000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2916-143-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-142-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-144-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-145-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-146-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-147-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-148-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2916-152-0x0000000002E81000-0x0000000002E96000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3868-149-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3868-151-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-153-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-154-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-155-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-156-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-157-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-158-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-159-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-160-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-161-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-162-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-163-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-165-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-164-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3868-166-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-167-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-169-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-170-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-171-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-172-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-168-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-173-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-174-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-175-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-176-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-177-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-178-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-179-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-180-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-181-0x0000000077570000-0x00000000776FE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3868-182-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download