Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    282s
  • max time network
    324s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 16:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e0e0c829e98fe3cd056d18180642970ba09eaf5ebff49642553cd8e5143b9b8.exe

  • Size

    186KB

  • MD5

    b555df17b71f1d7b4f19fba3cbce3c99

  • SHA1

    dd688d1e12c50ff7565c80d9324c32b6643bd98c

  • SHA256

    3e0e0c829e98fe3cd056d18180642970ba09eaf5ebff49642553cd8e5143b9b8

  • SHA512

    e3f7e6c71b3d9884a840c2613ed984ea9350826d76c88dc47161e30e26b2566047b1393dab32b01e7e0516c54b68748637bcfbf5636f3be1679d59a925a02259

  • SSDEEP

    3072:PuukTcUYL8SBXdWRpo56ch0+flOgcHE07UPDqIEhgiVrS:2u7L/BXdqZch0+fc/QGI4hr

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 2 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 9 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e0e0c829e98fe3cd056d18180642970ba09eaf5ebff49642553cd8e5143b9b8.exe
    "C:\Users\Admin\AppData\Local\Temp\3e0e0c829e98fe3cd056d18180642970ba09eaf5ebff49642553cd8e5143b9b8.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4432
  • C:\Users\Admin\AppData\Local\Temp\3A6.exe
    C:\Users\Admin\AppData\Local\Temp\3A6.exe
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    • Suspicious behavior: MapViewOfSection
    PID:1832
  • C:\Users\Admin\AppData\Local\Temp\FCC.exe
    C:\Users\Admin\AppData\Local\Temp\FCC.exe
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    PID:3308

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3A6.exe
    Filesize

    186KB

    MD5

    75e60b6084c6716bba7f221ef5e0ccf3

    SHA1

    03b9529cdb1ef763dfad4e89e1f68d5fcb4ec4c2

    SHA256

    56b9bba4f6d51f0a1c21d62614d87f946ae7464629ef27abc48ecf14dd1e684e

    SHA512

    d1bc21b931f300c724d2bd0f1891deb656304fc0e77ee95b26d47e7020a000311b2aed9c33578607cac7a228147d3e6950e14d2a73bd1bca177a53074da315e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3A6.exe
    Filesize

    186KB

    MD5

    75e60b6084c6716bba7f221ef5e0ccf3

    SHA1

    03b9529cdb1ef763dfad4e89e1f68d5fcb4ec4c2

    SHA256

    56b9bba4f6d51f0a1c21d62614d87f946ae7464629ef27abc48ecf14dd1e684e

    SHA512

    d1bc21b931f300c724d2bd0f1891deb656304fc0e77ee95b26d47e7020a000311b2aed9c33578607cac7a228147d3e6950e14d2a73bd1bca177a53074da315e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FCC.exe
    Filesize

    186KB

    MD5

    b4b3c331cbf6fa5ad8cc37e1718a05e3

    SHA1

    812ccd9ebd7fa07689992b6bf062d10acd77222e

    SHA256

    316aac76c3849cea72da7c8e1e679673fc81a1a20582ac4e994452fc021603cc

    SHA512

    11bb4fb30dec201cb0353e095dde306fb151e9fab8e6f3ca60f94ca7d8ebff2d96d0cc7bb017c95cf7d640ae9fbd71d67a4f9eb01895eebefd9911421aee97ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FCC.exe
    Filesize

    186KB

    MD5

    b4b3c331cbf6fa5ad8cc37e1718a05e3

    SHA1

    812ccd9ebd7fa07689992b6bf062d10acd77222e

    SHA256

    316aac76c3849cea72da7c8e1e679673fc81a1a20582ac4e994452fc021603cc

    SHA512

    11bb4fb30dec201cb0353e095dde306fb151e9fab8e6f3ca60f94ca7d8ebff2d96d0cc7bb017c95cf7d640ae9fbd71d67a4f9eb01895eebefd9911421aee97ab

    Download Submit

  • memory/1832-136-0x0000000000000000-mapping.dmp

    Download

  • memory/1832-139-0x000000000071D000-0x000000000072E000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1832-140-0x00000000006D0000-0x00000000006D9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1832-141-0x0000000000400000-0x000000000064C000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1832-145-0x0000000000400000-0x000000000064C000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/3308-142-0x0000000000000000-mapping.dmp

    Download

  • memory/3308-146-0x000000000088D000-0x000000000089D000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-147-0x0000000000400000-0x000000000064C000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4432-132-0x000000000090D000-0x000000000091D000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4432-135-0x0000000000400000-0x000000000064C000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4432-134-0x0000000000400000-0x000000000064C000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4432-133-0x00000000006C0000-0x00000000006C9000-memory.dmp

    Filesize

    36KB

    Download