Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    68s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06/11/2022, 12:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88.exe

  • Size

    285KB

  • MD5

    aa2c8fe55e1902026dd62ae5080685a8

  • SHA1

    60be5aa666e26e9de0ee6dcbea45d0612e12f8c9

  • SHA256

    aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88

  • SHA512

    8d6cd4e4734d59bc51a3a786831c9fceae9ceb7c2505ec8c04eb41e062d65ed09e55ad231fb61907ff6b5bd0efc1e6a5d3a83c2720f85b46b6778b8f8c214b78

  • SSDEEP

    3072:KqZ5WYin2CHThT5bqhRjywexBkuKUNg8MgY3IMjK/Yl:7Vi5H9tIexBkuJNg8MpHW/Yl

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88.exe
    "C:\Users\Admin\AppData\Local\Temp\aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:5012
  • C:\Users\Admin\AppData\Roaming\chescig
    C:\Users\Admin\AppData\Roaming\chescig
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    PID:4060

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\chescig
          Filesize

          285KB

          MD5

          aa2c8fe55e1902026dd62ae5080685a8

          SHA1

          60be5aa666e26e9de0ee6dcbea45d0612e12f8c9

          SHA256

          aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88

          SHA512

          8d6cd4e4734d59bc51a3a786831c9fceae9ceb7c2505ec8c04eb41e062d65ed09e55ad231fb61907ff6b5bd0efc1e6a5d3a83c2720f85b46b6778b8f8c214b78

          Download Submit

        • C:\Users\Admin\AppData\Roaming\chescig
          Filesize

          285KB

          MD5

          aa2c8fe55e1902026dd62ae5080685a8

          SHA1

          60be5aa666e26e9de0ee6dcbea45d0612e12f8c9

          SHA256

          aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88

          SHA512

          8d6cd4e4734d59bc51a3a786831c9fceae9ceb7c2505ec8c04eb41e062d65ed09e55ad231fb61907ff6b5bd0efc1e6a5d3a83c2720f85b46b6778b8f8c214b78

          Download Submit

        • memory/4060-179-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-175-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-174-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-176-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-177-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-178-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-180-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-181-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-183-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-184-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-173-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-187-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-188-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-189-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-186-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-182-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-192-0x0000000000AFE000-0x0000000000B14000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4060-193-0x0000000000930000-0x0000000000939000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4060-185-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-172-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-171-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-170-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-169-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-168-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-167-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-166-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-164-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-194-0x0000000000400000-0x000000000084B000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/4060-163-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-162-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-161-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-160-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-159-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4060-158-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-138-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-120-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-155-0x0000000000400000-0x000000000084B000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/5012-154-0x0000000000850000-0x00000000008FE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/5012-153-0x0000000000ACF000-0x0000000000AE4000-memory.dmp

          Filesize

          84KB

          Download

        • memory/5012-152-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-151-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-150-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-149-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-148-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-147-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-146-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-145-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-144-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-143-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-142-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-141-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-139-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-140-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-156-0x0000000000400000-0x000000000084B000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/5012-137-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-136-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-135-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-134-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-133-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-132-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-131-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-130-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-129-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-128-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-127-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-126-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-125-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-124-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-123-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-122-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/5012-121-0x00000000779E0000-0x0000000077B6E000-memory.dmp

          Filesize

          1.6MB

          Download