Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/11/2022, 18:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    35ce4d706d9538bd6355d1909c929846b93a850c5d66289aa4ab56e13ea0a336.exe

  • Size

    303KB

  • MD5

    b58a7a90f9f508a634b37b40966b57b4

  • SHA1

    65c072cdf92ee4b9274fc1af1205f5570ff46d59

  • SHA256

    35ce4d706d9538bd6355d1909c929846b93a850c5d66289aa4ab56e13ea0a336

  • SHA512

    f1a8f99969f47434eb3aff0f45d676408d3307262df7d9b1fc25eaa519256f14d1415a4625d3fe0c175153568d447ef0e7598b4a02d66b7472fc0a5dbf035223

  • SSDEEP

    3072:5IXTGYAsRxP5FSVjCYtFZMf//GdMhhH+FzHamld1XjSfed3T:mXT/BSVmtGehG7lPX/j

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 7 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35ce4d706d9538bd6355d1909c929846b93a850c5d66289aa4ab56e13ea0a336.exe
    "C:\Users\Admin\AppData\Local\Temp\35ce4d706d9538bd6355d1909c929846b93a850c5d66289aa4ab56e13ea0a336.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1460
    • C:\Users\Admin\AppData\Local\Temp\35ce4d706d9538bd6355d1909c929846b93a850c5d66289aa4ab56e13ea0a336.exe
      "C:\Users\Admin\AppData\Local\Temp\35ce4d706d9538bd6355d1909c929846b93a850c5d66289aa4ab56e13ea0a336.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:964
  • C:\Users\Admin\AppData\Roaming\tchbrvi
    C:\Users\Admin\AppData\Roaming\tchbrvi
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1188
    • C:\Users\Admin\AppData\Roaming\tchbrvi
      C:\Users\Admin\AppData\Roaming\tchbrvi
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:4248

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\tchbrvi
          Filesize

          303KB

          MD5

          b58a7a90f9f508a634b37b40966b57b4

          SHA1

          65c072cdf92ee4b9274fc1af1205f5570ff46d59

          SHA256

          35ce4d706d9538bd6355d1909c929846b93a850c5d66289aa4ab56e13ea0a336

          SHA512

          f1a8f99969f47434eb3aff0f45d676408d3307262df7d9b1fc25eaa519256f14d1415a4625d3fe0c175153568d447ef0e7598b4a02d66b7472fc0a5dbf035223

          Download Submit

        • C:\Users\Admin\AppData\Roaming\tchbrvi
          Filesize

          303KB

          MD5

          b58a7a90f9f508a634b37b40966b57b4

          SHA1

          65c072cdf92ee4b9274fc1af1205f5570ff46d59

          SHA256

          35ce4d706d9538bd6355d1909c929846b93a850c5d66289aa4ab56e13ea0a336

          SHA512

          f1a8f99969f47434eb3aff0f45d676408d3307262df7d9b1fc25eaa519256f14d1415a4625d3fe0c175153568d447ef0e7598b4a02d66b7472fc0a5dbf035223

          Download Submit

        • C:\Users\Admin\AppData\Roaming\tchbrvi
          Filesize

          303KB

          MD5

          b58a7a90f9f508a634b37b40966b57b4

          SHA1

          65c072cdf92ee4b9274fc1af1205f5570ff46d59

          SHA256

          35ce4d706d9538bd6355d1909c929846b93a850c5d66289aa4ab56e13ea0a336

          SHA512

          f1a8f99969f47434eb3aff0f45d676408d3307262df7d9b1fc25eaa519256f14d1415a4625d3fe0c175153568d447ef0e7598b4a02d66b7472fc0a5dbf035223

          Download Submit

        • memory/964-175-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-171-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-164-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-163-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-162-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-159-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-166-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-160-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/964-158-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-167-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-157-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-182-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/964-180-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-181-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-179-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-178-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-177-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-176-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-174-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-173-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-172-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-165-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-170-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-169-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-168-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-161-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-150-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/964-152-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-153-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-154-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-155-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/964-156-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1188-184-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1188-185-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1188-186-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1188-187-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1188-189-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1188-190-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1188-188-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1188-222-0x0000000004710000-0x0000000004719000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1460-145-0x0000000002C40000-0x0000000002CEE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/1460-137-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-131-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-148-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-147-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-142-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-143-0x0000000002D00000-0x0000000002E4A000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1460-146-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-144-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-124-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-120-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-141-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-140-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-139-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-138-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-149-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-136-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-134-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-123-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-133-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-132-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-130-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-129-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-128-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-127-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-122-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-126-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-125-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1460-121-0x0000000077AA0000-0x0000000077C2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4248-246-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download