Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    20s
  • max time network
    87s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29-10-2022 05:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ae685b47e90fb495ad242cdb489839a21cee0e98291d5bafe8744c2e35cd802.exe

  • Size

    260KB

  • MD5

    bd7c5203e413c9fb00714a58b2117817

  • SHA1

    26283ad1fc1fc3cc68a85e1f9ac5558828f18197

  • SHA256

    8ae685b47e90fb495ad242cdb489839a21cee0e98291d5bafe8744c2e35cd802

  • SHA512

    8446e9ab3a062b67fa264fd933c8dee93ebf5c2a0497b8a3e2caf7c3dbf7701c1602a69f6e7d544757c7717ff5b9c0f08209b8c52a7d8287dcc7b5e6e266509d

  • SSDEEP

    3072:P7yxBqEgLpf7xEz5HCq+WYMSK5CGRJVJ6lKG9WrdWx9ks6NJfMWSm7myM/h3:OxBPgLZ7B54P5NRJVJ6RU0ks6XnSmay

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ae685b47e90fb495ad242cdb489839a21cee0e98291d5bafe8744c2e35cd802.exe
    "C:\Users\Admin\AppData\Local\Temp\8ae685b47e90fb495ad242cdb489839a21cee0e98291d5bafe8744c2e35cd802.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Users\Admin\AppData\Local\Temp\8ae685b47e90fb495ad242cdb489839a21cee0e98291d5bafe8744c2e35cd802.exe
      "C:\Users\Admin\AppData\Local\Temp\8ae685b47e90fb495ad242cdb489839a21cee0e98291d5bafe8744c2e35cd802.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4716

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2692-119-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-122-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-125-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-130-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-132-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-131-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-129-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-128-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-127-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-126-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-124-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-123-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-121-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-120-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-135-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-140-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-141-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-143-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-144-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-142-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-148-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-149-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-147-0x0000000002D10000-0x0000000002D19000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2692-145-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-146-0x0000000002D30000-0x0000000002E7A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2692-139-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-138-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-134-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-136-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2692-137-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-170-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-163-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-176-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-179-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-180-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-178-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-177-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-175-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-174-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-172-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-171-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-169-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-168-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-167-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-181-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4716-165-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-164-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-173-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-162-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-160-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-159-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-158-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-156-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-155-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-166-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-161-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-157-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-154-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-153-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-152-0x0000000077840000-0x00000000779CE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4716-150-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4716-182-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download