Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    209s
  • max time network
    214s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-11-2022 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65371eadc4901e9b09abd589f8a3825794e7660c99161ab97ec3b70314528a59.exe

  • Size

    213KB

  • MD5

    e50ffc6e31bbcfe345fdbc8f13680964

  • SHA1

    ff5ef3373971d87dbf57ccd08194e29864a3c80e

  • SHA256

    65371eadc4901e9b09abd589f8a3825794e7660c99161ab97ec3b70314528a59

  • SHA512

    bc3f5b9ebf9c3abf6be6199c42303ac18f5647e25581fb62be03b53e36648b5c64b2e42bac8c1d185354b9fb59cd21c2fbb06b36e7809ac63a1561ebe9bd89df

  • SSDEEP

    3072:u7BNL+50DvPwhOSLKd6RusIjN5FDst32t5DZIJpQfc:ulO0PoLFRusIxDYmJspQk

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65371eadc4901e9b09abd589f8a3825794e7660c99161ab97ec3b70314528a59.exe
    "C:\Users\Admin\AppData\Local\Temp\65371eadc4901e9b09abd589f8a3825794e7660c99161ab97ec3b70314528a59.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1684
  • C:\Users\Admin\AppData\Local\Temp\2B0E.exe
    C:\Users\Admin\AppData\Local\Temp\2B0E.exe
    1⤵
    • Executes dropped EXE
    PID:2336
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 572
      2⤵
      • Program crash
      PID:1520
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2336 -ip 2336
    1⤵
      PID:2020

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2B0E.exe
      Filesize

      4.8MB

      MD5

      9a36695d174a4088cb9b8a1e5c93cf93

      SHA1

      f18ca8c1f014506cccd892735c4b4bcc3af123af

      SHA256

      87c0adbd79908f108504bfaae266aefdcbb2dc1e7ed52b0213640f242bc4c1c7

      SHA512

      e142e8250aa1e0cf1efc64f3fa1d4e13a6fc2992b1471836ca4de1554522d31588cf902f75041e82e42c934dc1d1a3ee5cfc20e36920a9fd4d643bd553f2da13

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\2B0E.exe
      Filesize

      4.8MB

      MD5

      9a36695d174a4088cb9b8a1e5c93cf93

      SHA1

      f18ca8c1f014506cccd892735c4b4bcc3af123af

      SHA256

      87c0adbd79908f108504bfaae266aefdcbb2dc1e7ed52b0213640f242bc4c1c7

      SHA512

      e142e8250aa1e0cf1efc64f3fa1d4e13a6fc2992b1471836ca4de1554522d31588cf902f75041e82e42c934dc1d1a3ee5cfc20e36920a9fd4d643bd553f2da13

      Download Submit

    • memory/1684-135-0x00000000008B7000-0x00000000008C7000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1684-132-0x00000000008B7000-0x00000000008C7000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1684-136-0x0000000000400000-0x0000000000590000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1684-134-0x0000000000400000-0x0000000000590000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1684-133-0x00000000007F0000-0x00000000007F9000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2336-140-0x00000000027AF000-0x0000000002C64000-memory.dmp

      Filesize

      4.7MB

      Download

    • memory/2336-141-0x0000000002C70000-0x00000000032DF000-memory.dmp

      Filesize

      6.4MB

      Download

    • memory/2336-143-0x0000000000400000-0x0000000000A7C000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/2336-144-0x0000000000400000-0x0000000000A7C000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/2336-145-0x0000000000400000-0x0000000000A7C000-memory.dmp

      Filesize

      6.5MB

      Download