Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    75s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22/11/2022, 11:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    95d1e48f0a9546ceca2c7e20f6be00339470e4c610db69707b1d15716a52e37a.exe

  • Size

    306KB

  • MD5

    7430f308cd858384ec4b1c94160a23b6

  • SHA1

    1528fca6cd399c7e89267d8ccc0e88ac9dd939ab

  • SHA256

    95d1e48f0a9546ceca2c7e20f6be00339470e4c610db69707b1d15716a52e37a

  • SHA512

    5a0c03b7fd0fc77d8f3e837da4bb619428b0b5b384677e51873d91524c4e3ea991ccf121eea42fed01ca1f2b5e0829380a2b91253f1b2abb5f59c36b1f384ddd

  • SSDEEP

    6144:N65vu0VPb5Wb/cSx0Jo22tThsIeGjY6x:yukPbcDcSxp22ZVEM

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95d1e48f0a9546ceca2c7e20f6be00339470e4c610db69707b1d15716a52e37a.exe
    "C:\Users\Admin\AppData\Local\Temp\95d1e48f0a9546ceca2c7e20f6be00339470e4c610db69707b1d15716a52e37a.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3540

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3540-118-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-119-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-120-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-121-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-122-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-123-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-124-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-125-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-126-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-127-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-128-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-129-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-130-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-131-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-132-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-133-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-134-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-135-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-136-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-137-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-138-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-139-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-140-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-141-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-142-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-143-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-144-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-145-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-146-0x00000000006AB000-0x00000000006C1000-memory.dmp

          Filesize

          88KB

          Download

        • memory/3540-147-0x0000000002030000-0x0000000002039000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3540-149-0x0000000000400000-0x0000000000452000-memory.dmp

          Filesize

          328KB

          Download

        • memory/3540-148-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-150-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-151-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-152-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-153-0x0000000077550000-0x00000000776DE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3540-154-0x00000000006AB000-0x00000000006C1000-memory.dmp

          Filesize

          88KB

          Download

        • memory/3540-155-0x0000000000400000-0x0000000000452000-memory.dmp

          Filesize

          328KB

          Download