Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    70s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/11/2022, 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6d1f211301156bfc4769e39ba62c6aae315edb6d125c21020407cd73b1c680f.exe

  • Size

    319KB

  • MD5

    80e10801b7c0b8cfaa4adc23b5ad3d96

  • SHA1

    d8397de0aef683e01080420ce7dc7dd7abeb19c7

  • SHA256

    f6d1f211301156bfc4769e39ba62c6aae315edb6d125c21020407cd73b1c680f

  • SHA512

    34cea6b7978ee1cfbd1341841da3d3223ac5bc198ef37d95d413871a6bf7ccb3f6008b1b04c76274f67e04cafaf5f7f9b3f8493ed84bde433d15f5ef41c70b2f

  • SSDEEP

    3072:z6cZQE8eoJreG5Cixdriv/g2JA01bOestanyQRKqwHusVggjcGkNIVqI8k:BZP87rLrinZA0oDtatRnwHJ7ITsqe

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6d1f211301156bfc4769e39ba62c6aae315edb6d125c21020407cd73b1c680f.exe
    "C:\Users\Admin\AppData\Local\Temp\f6d1f211301156bfc4769e39ba62c6aae315edb6d125c21020407cd73b1c680f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Users\Admin\AppData\Local\Temp\f6d1f211301156bfc4769e39ba62c6aae315edb6d125c21020407cd73b1c680f.exe
      "C:\Users\Admin\AppData\Local\Temp\f6d1f211301156bfc4769e39ba62c6aae315edb6d125c21020407cd73b1c680f.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4032

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2628-120-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-121-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-122-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-123-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-124-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-125-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-126-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-127-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-128-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-129-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-130-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-131-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-132-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-133-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-134-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-135-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-136-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-137-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-138-0x0000000002E21000-0x0000000002E36000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2628-139-0x00000000001D0000-0x00000000001D9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2628-140-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-141-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-142-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-143-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-144-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-145-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-146-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-147-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-148-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2628-153-0x0000000002E21000-0x0000000002E36000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4032-149-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4032-151-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-152-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-154-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-155-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-156-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-157-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-158-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-161-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-160-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4032-159-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-162-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-163-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-164-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-165-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-166-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-167-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-168-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-169-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-170-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-171-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-172-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-174-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-173-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-175-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-176-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-177-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-178-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-179-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-180-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-181-0x0000000077C80000-0x0000000077E0E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4032-182-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download