Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27/10/2022, 09:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b4612b12159303021938158e27b6f99c8539e14aa08f3b27e5c919ed9006775.exe

  • Size

    260KB

  • MD5

    708e7f2aaa80347c8813cab1e76d1599

  • SHA1

    20183660b5b67d2e60b77755a86ded4c493e5c1d

  • SHA256

    3b4612b12159303021938158e27b6f99c8539e14aa08f3b27e5c919ed9006775

  • SHA512

    7df8761dca9e8a08a19e60367a5a5b5f4c5a1c60d6395a822e2f8aef77214c44b965ccb2042c184248fadaf2b6e1d0182ce80be489e98028bb869f7d8babcc8f

  • SSDEEP

    3072:XXC0oW2YkQ0UOqXJbS5tDA45qnERjZFjM+r9EESLvVl7GUAFR/wjiW0Kc:Hlp22DOqXJM0MGsjnMaEJx1vuwiW0

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 7 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b4612b12159303021938158e27b6f99c8539e14aa08f3b27e5c919ed9006775.exe
    "C:\Users\Admin\AppData\Local\Temp\3b4612b12159303021938158e27b6f99c8539e14aa08f3b27e5c919ed9006775.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Users\Admin\AppData\Local\Temp\3b4612b12159303021938158e27b6f99c8539e14aa08f3b27e5c919ed9006775.exe
      "C:\Users\Admin\AppData\Local\Temp\3b4612b12159303021938158e27b6f99c8539e14aa08f3b27e5c919ed9006775.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:2716
  • C:\Users\Admin\AppData\Roaming\biwgwjt
    C:\Users\Admin\AppData\Roaming\biwgwjt
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5092
    • C:\Users\Admin\AppData\Roaming\biwgwjt
      C:\Users\Admin\AppData\Roaming\biwgwjt
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:1656

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\biwgwjt
    Filesize

    260KB

    MD5

    708e7f2aaa80347c8813cab1e76d1599

    SHA1

    20183660b5b67d2e60b77755a86ded4c493e5c1d

    SHA256

    3b4612b12159303021938158e27b6f99c8539e14aa08f3b27e5c919ed9006775

    SHA512

    7df8761dca9e8a08a19e60367a5a5b5f4c5a1c60d6395a822e2f8aef77214c44b965ccb2042c184248fadaf2b6e1d0182ce80be489e98028bb869f7d8babcc8f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\biwgwjt
    Filesize

    260KB

    MD5

    708e7f2aaa80347c8813cab1e76d1599

    SHA1

    20183660b5b67d2e60b77755a86ded4c493e5c1d

    SHA256

    3b4612b12159303021938158e27b6f99c8539e14aa08f3b27e5c919ed9006775

    SHA512

    7df8761dca9e8a08a19e60367a5a5b5f4c5a1c60d6395a822e2f8aef77214c44b965ccb2042c184248fadaf2b6e1d0182ce80be489e98028bb869f7d8babcc8f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\biwgwjt
    Filesize

    260KB

    MD5

    708e7f2aaa80347c8813cab1e76d1599

    SHA1

    20183660b5b67d2e60b77755a86ded4c493e5c1d

    SHA256

    3b4612b12159303021938158e27b6f99c8539e14aa08f3b27e5c919ed9006775

    SHA512

    7df8761dca9e8a08a19e60367a5a5b5f4c5a1c60d6395a822e2f8aef77214c44b965ccb2042c184248fadaf2b6e1d0182ce80be489e98028bb869f7d8babcc8f

    Download Submit

  • memory/1112-120-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-121-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-122-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-123-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-124-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-125-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-126-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-128-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-129-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-130-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-131-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-132-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-133-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-134-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-135-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-136-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-137-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-138-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-139-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-140-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-141-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-143-0x0000000002D70000-0x0000000002EBA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1112-145-0x0000000002D50000-0x0000000002D59000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1112-144-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-142-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-146-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-147-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-148-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1112-149-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1656-245-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2716-152-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-171-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-150-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2716-153-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-154-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-155-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-156-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-157-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-158-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-159-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-160-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-161-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-163-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-162-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2716-164-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-165-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-166-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-167-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-168-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-170-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-169-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-172-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-173-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-174-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-175-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-176-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-177-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-178-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-179-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-180-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-181-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2716-182-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/5092-184-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5092-185-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5092-186-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5092-187-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5092-188-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5092-189-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5092-190-0x0000000076FB0000-0x000000007713E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5092-222-0x0000000002E81000-0x0000000002E97000-memory.dmp

    Filesize

    88KB

    Download