Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/11/2022, 09:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61e3dc82e6d3f350fc2e55ed6d9457df3d390739900590d1fc5a9a37b0a567f3.exe

  • Size

    210KB

  • MD5

    a3cd4d285e2898716379a0ed56731d66

  • SHA1

    57beae1d27f0b3ca9bfd4b4e89bd42fedaee02cd

  • SHA256

    61e3dc82e6d3f350fc2e55ed6d9457df3d390739900590d1fc5a9a37b0a567f3

  • SHA512

    893949310c7d122d969fd372cbb76f555cb1927e645fea99e68ab271c6ea3da50e5d7484b7bbcbdee37c9f896d73ba507caedbb8b16f669e5337dc52b23e89ce

  • SSDEEP

    3072:bNR0iwq7fJyEuLN1d6qf5xqbvq4lYzBWfY2+7GwpEFq6x:bNGK7By3Lfd5EhoWQVGwpEFq6

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 48 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61e3dc82e6d3f350fc2e55ed6d9457df3d390739900590d1fc5a9a37b0a567f3.exe
    "C:\Users\Admin\AppData\Local\Temp\61e3dc82e6d3f350fc2e55ed6d9457df3d390739900590d1fc5a9a37b0a567f3.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2704
  • C:\Users\Admin\AppData\Local\Temp\FEC7.exe
    C:\Users\Admin\AppData\Local\Temp\FEC7.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:4736
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 804
      2⤵
      • Program crash
      PID:1940
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 872
      2⤵
      • Program crash
      PID:1868
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 924
      2⤵
      • Program crash
      PID:4912
    • C:\Windows\syswow64\rundll32.exe
      "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      PID:3748

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\EGWSITJI-20220812-1714a.log
    Filesize

    184KB

    MD5

    384945b12fabe9c145800dc481c00434

    SHA1

    0ca7225e05df93ec9186e3e57cef53bbe090a3a8

    SHA256

    65ef1e544f629377a857cc642d685741ae75df21c3f888dffbfabc0354697f6d

    SHA512

    1403e4e872ba91b3063eb6b6ada26e8ada8ffbe7d2e00ca9579802149171ceec187c1f0c97330f194d005e05b5c46aecb9a6dca18fecafbc219c1bde2ce4e213

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FEC7.exe
    Filesize

    4.8MB

    MD5

    1978c3f95a69f561649e64958e9cd24d

    SHA1

    cd55c2784dd29b5d37d9c0fcd274842f9d0ed744

    SHA256

    95b3ddb1881a56f9ebbfd9d673c87b8667735111c26846ceffbc9eec15ed57b8

    SHA512

    feacb1591695d78eaa0c9d368cacae39aafb87fd5b13a4b944ed96994587e1186061d91b25ed61531db1f57463604ccbe61f8bef776377a597c0ca6d5b741319

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FEC7.exe
    Filesize

    4.8MB

    MD5

    1978c3f95a69f561649e64958e9cd24d

    SHA1

    cd55c2784dd29b5d37d9c0fcd274842f9d0ed744

    SHA256

    95b3ddb1881a56f9ebbfd9d673c87b8667735111c26846ceffbc9eec15ed57b8

    SHA512

    feacb1591695d78eaa0c9d368cacae39aafb87fd5b13a4b944ed96994587e1186061d91b25ed61531db1f57463604ccbe61f8bef776377a597c0ca6d5b741319

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Rpiidpytrto.tmp
    Filesize

    3.5MB

    MD5

    c597ca48af580cb2755914474a787ddf

    SHA1

    427cdbd19eadb94f1f89b51a7c3647a3ff7d3925

    SHA256

    8c67a70fe070595fda6ec977af7da0085d40df299f04cdd5669156752fee3f31

    SHA512

    c41ab851b712c484184934b2dab7015d329ec485b454b645411f69a97ef4a46351fe892f86522abf19c08cf1b7b6a5212954053b8218046cdfab24ef734e47ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI6D25.txt
    Filesize

    11KB

    MD5

    9730438734d7a1acaaccddaf4f997d38

    SHA1

    dc561cf4bc9e31991064c0093626625b41996042

    SHA256

    a49efe69e6f393b6ce42db06b6ee866d82d69b2358fcdf3f4069d3d952f5c2a5

    SHA512

    b595c241c2066aa91a1055a254747712557468e53883c2fb9ffe11769c4d7d88ac0f9e7ba95e555f7c6d4c2d6ee143026afb6507d16bbde10b98d1f91023539f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\sa.9PHNB71MKR4J_0_0010_.Public.InstallAgent.dat
    Filesize

    64KB

    MD5

    efd344e33c47f0c6058aa188e07b50d0

    SHA1

    46af7722495b1926acf3fbb758c27f68a613d4bd

    SHA256

    605f40d42b2e7a9d0698999609dca21bebd1d97a91a8bb4b97b228bbdc472b53

    SHA512

    f0ff57f6065a931a2a0967062fa76485fe9fde3cbb53a2125a29656053ba49c5b8b30bd1714603da1da32c94e433429c0d79d78c010dcf26e913acc54ab2d6bd

    Download Submit

  • memory/2704-137-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-140-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-121-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-122-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-123-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-124-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-125-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-126-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-127-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-128-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-129-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-130-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-132-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-131-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-133-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-134-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-135-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-136-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-119-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-138-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-139-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-120-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-141-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-142-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-143-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-144-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-145-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-146-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-147-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-148-0x00000000008CA000-0x00000000008DA000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-149-0x0000000000770000-0x0000000000779000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2704-150-0x0000000000400000-0x0000000000590000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-151-0x00000000008CA000-0x00000000008DA000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-152-0x0000000000400000-0x0000000000590000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-115-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-116-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-117-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2704-118-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3748-349-0x0000000005020000-0x0000000005B89000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/3748-302-0x0000000005020000-0x0000000005B89000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/3748-299-0x0000000002C40000-0x000000000368A000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/4736-155-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-160-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-161-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-163-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-164-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-165-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-166-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-167-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-168-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-169-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-170-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-171-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-172-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-173-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-175-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-174-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-176-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-177-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-179-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-180-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-181-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-182-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-183-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-184-0x0000000002740000-0x0000000002BF6000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/4736-185-0x0000000002C00000-0x0000000003255000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/4736-186-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-187-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-188-0x0000000000400000-0x0000000000A61000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/4736-159-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-158-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-156-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-157-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-189-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-190-0x0000000077960000-0x0000000077AEE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4736-223-0x00000000037E0000-0x0000000004349000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/4736-343-0x0000000002740000-0x0000000002BF6000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/4736-344-0x0000000002C00000-0x0000000003255000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/4736-350-0x0000000000400000-0x0000000000A61000-memory.dmp

    Filesize

    6.4MB

    Download

  • memory/4736-351-0x00000000037E0000-0x0000000004349000-memory.dmp

    Filesize

    11.4MB

    Download