Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26/10/2022, 23:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e785cb1ed3438760c311b66ebe467822838808ea8f6ff07c9a4fcc708b31b74d.exe

  • Size

    218KB

  • MD5

    ee84a9e9cc6ff7f200a85849c38b9db8

  • SHA1

    56cd517e6e9262269f4187729ac5b00b5e1ea5ef

  • SHA256

    e785cb1ed3438760c311b66ebe467822838808ea8f6ff07c9a4fcc708b31b74d

  • SHA512

    7b811e3e39b98a340b28ae99cc632c3c989b549a718ca1eb2f9a4974f385a7973e546ad39b4f454bbc338de645c0dc53e0759bacc4f597c78a84766ff735f506

  • SSDEEP

    3072:n4xJ/pwy90JAOULLoL43JXdbBtRK67xvf55xfSomA5ZKDkAGEv5/HRiC9J5nrx:4x/79fLJDRKUxvKkidRiC9J5r

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 8 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e785cb1ed3438760c311b66ebe467822838808ea8f6ff07c9a4fcc708b31b74d.exe
    "C:\Users\Admin\AppData\Local\Temp\e785cb1ed3438760c311b66ebe467822838808ea8f6ff07c9a4fcc708b31b74d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\AppData\Local\Temp\e785cb1ed3438760c311b66ebe467822838808ea8f6ff07c9a4fcc708b31b74d.exe
      "C:\Users\Admin\AppData\Local\Temp\e785cb1ed3438760c311b66ebe467822838808ea8f6ff07c9a4fcc708b31b74d.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4996
  • C:\Users\Admin\AppData\Roaming\cajesbg
    C:\Users\Admin\AppData\Roaming\cajesbg
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4260
    • C:\Users\Admin\AppData\Roaming\cajesbg
      C:\Users\Admin\AppData\Roaming\cajesbg
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:1812

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\cajesbg
          Filesize

          218KB

          MD5

          ee84a9e9cc6ff7f200a85849c38b9db8

          SHA1

          56cd517e6e9262269f4187729ac5b00b5e1ea5ef

          SHA256

          e785cb1ed3438760c311b66ebe467822838808ea8f6ff07c9a4fcc708b31b74d

          SHA512

          7b811e3e39b98a340b28ae99cc632c3c989b549a718ca1eb2f9a4974f385a7973e546ad39b4f454bbc338de645c0dc53e0759bacc4f597c78a84766ff735f506

          Download Submit

        • C:\Users\Admin\AppData\Roaming\cajesbg
          Filesize

          218KB

          MD5

          ee84a9e9cc6ff7f200a85849c38b9db8

          SHA1

          56cd517e6e9262269f4187729ac5b00b5e1ea5ef

          SHA256

          e785cb1ed3438760c311b66ebe467822838808ea8f6ff07c9a4fcc708b31b74d

          SHA512

          7b811e3e39b98a340b28ae99cc632c3c989b549a718ca1eb2f9a4974f385a7973e546ad39b4f454bbc338de645c0dc53e0759bacc4f597c78a84766ff735f506

          Download Submit

        • C:\Users\Admin\AppData\Roaming\cajesbg
          Filesize

          218KB

          MD5

          ee84a9e9cc6ff7f200a85849c38b9db8

          SHA1

          56cd517e6e9262269f4187729ac5b00b5e1ea5ef

          SHA256

          e785cb1ed3438760c311b66ebe467822838808ea8f6ff07c9a4fcc708b31b74d

          SHA512

          7b811e3e39b98a340b28ae99cc632c3c989b549a718ca1eb2f9a4974f385a7973e546ad39b4f454bbc338de645c0dc53e0759bacc4f597c78a84766ff735f506

          Download Submit

        • memory/1812-241-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1812-240-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2896-136-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-139-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-122-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-124-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-125-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-126-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-127-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-128-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-129-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-130-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-132-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-133-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-134-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-135-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-116-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-137-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-138-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-121-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-140-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-141-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-143-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-142-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-117-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-118-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-119-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-123-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2896-120-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4260-214-0x00000000001E0000-0x00000000001E9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4260-179-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4260-180-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4260-178-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4260-183-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4260-181-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4260-184-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4260-182-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-149-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-153-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-154-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-151-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-150-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-160-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-161-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-159-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-162-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-164-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-165-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-166-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-163-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4996-167-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-170-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-169-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-168-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-172-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-173-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-156-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-157-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-158-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-155-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-152-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-147-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-148-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-146-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-144-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4996-174-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-171-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-175-0x00000000779D0000-0x0000000077B5E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4996-176-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download