Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    174s
  • max time network
    171s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07/11/2022, 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a941cff99433b69e172af8c97d2738a4c4846cd2f7dcf769bfa20f2c2dc21d9.exe

  • Size

    213KB

  • MD5

    109b80dd2c58b3d11d2337a5b1e3c024

  • SHA1

    6c60111cb3e687f8144d80a68dc0040215d55677

  • SHA256

    9a941cff99433b69e172af8c97d2738a4c4846cd2f7dcf769bfa20f2c2dc21d9

  • SHA512

    696f7623830e9923fb49328cce44d04591e9c02481af18c16fe1c656a3a50cab081e527c07e18dd350353f092c87090387bb37ff4afc5d4bf4bd1caf32f4a505

  • SSDEEP

    3072:gaBNUcU5wjxV5LuWOjMrYN5QBPFv45ypI4N5aEWuThSY:guW6NLwMrxFv+4N5aEWuH

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a941cff99433b69e172af8c97d2738a4c4846cd2f7dcf769bfa20f2c2dc21d9.exe
    "C:\Users\Admin\AppData\Local\Temp\9a941cff99433b69e172af8c97d2738a4c4846cd2f7dcf769bfa20f2c2dc21d9.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1916-116-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-117-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-118-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-119-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-120-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-121-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-122-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-123-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-124-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-125-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-126-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-127-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-128-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-129-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-131-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-132-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-133-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-134-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-135-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-136-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-137-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-138-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-139-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-140-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-141-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-143-0x00000000006D0000-0x000000000081A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1916-142-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-145-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-144-0x00000000006B0000-0x00000000006B9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1916-146-0x0000000000400000-0x0000000000590000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-147-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-148-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-149-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-150-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-152-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-151-0x00000000778F0000-0x0000000077A7E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1916-153-0x0000000000400000-0x0000000000590000-memory.dmp

    Filesize

    1.6MB

    Download