Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    171s
  • max time network
    179s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23-11-2022 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c8f44a3c1d28496af209d24a68d30ff72a5b8cd7cc625a8739812d37fbe0671.exe

  • Size

    187KB

  • MD5

    52f1b8b893671ec39ff07a984ae86021

  • SHA1

    85ad4789e4f450336dee3597751ef6f0605fa409

  • SHA256

    1c8f44a3c1d28496af209d24a68d30ff72a5b8cd7cc625a8739812d37fbe0671

  • SHA512

    05c23ed6c63f223365715143296ee82dc524643447074c373bda06201abce9f076d980384e45bb286ad40db73d5caf3972551aa52e87b86ccd101e8a82a67b90

  • SSDEEP

    3072:lehtfACnxTzLLSDWmns5N0XHq9ybRgCPNxP/b8Do+:EhxxLLSDVX3sc7FD0

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c8f44a3c1d28496af209d24a68d30ff72a5b8cd7cc625a8739812d37fbe0671.exe
    "C:\Users\Admin\AppData\Local\Temp\1c8f44a3c1d28496af209d24a68d30ff72a5b8cd7cc625a8739812d37fbe0671.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2640

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2640-115-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-116-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-117-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-118-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-119-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-120-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-121-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-122-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-123-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-124-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-125-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-126-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-127-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-128-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-129-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-130-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-131-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-132-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-133-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-134-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-136-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-135-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-137-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-138-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-139-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-140-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-141-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-143-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-142-0x000000000095A000-0x000000000096A000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2640-144-0x00000000007B0000-0x00000000007B9000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2640-145-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-147-0x0000000000400000-0x000000000064C000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/2640-146-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-148-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-149-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-150-0x0000000077A00000-0x0000000077B8E000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2640-151-0x000000000095A000-0x000000000096A000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2640-152-0x0000000000400000-0x000000000064C000-memory.dmp
    Filesize

    2.3MB

    Download