Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 23:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68999e22da514a72ae6f55772a168d012fa7b7ba6c68d1c99bf17026f1430f93.exe

  • Size

    169KB

  • MD5

    e541470dd233559ad76a8519b084df01

  • SHA1

    7db808510728219adc28f95763bb7bb2c5cd0924

  • SHA256

    68999e22da514a72ae6f55772a168d012fa7b7ba6c68d1c99bf17026f1430f93

  • SHA512

    56605232493a4f3f0626a2f0f9461bb9223ab28ef5d692ed156fa1b478983de726c9c70b874cbeb0eee8367ebd8d2d37ea9dcb0e53613f7abd63b41d802e17f6

  • SSDEEP

    3072:EkdhKMqg/wC4Vu5vr0xyS3BN36/yUSLan6/5nd6eO4:E83wC4YCx97ndrO4

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 2 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68999e22da514a72ae6f55772a168d012fa7b7ba6c68d1c99bf17026f1430f93.exe
    "C:\Users\Admin\AppData\Local\Temp\68999e22da514a72ae6f55772a168d012fa7b7ba6c68d1c99bf17026f1430f93.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4572
  • C:\Users\Admin\AppData\Roaming\vwiefds
    C:\Users\Admin\AppData\Roaming\vwiefds
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    • Suspicious behavior: MapViewOfSection
    PID:3668

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\vwiefds
    Filesize

    169KB

    MD5

    e541470dd233559ad76a8519b084df01

    SHA1

    7db808510728219adc28f95763bb7bb2c5cd0924

    SHA256

    68999e22da514a72ae6f55772a168d012fa7b7ba6c68d1c99bf17026f1430f93

    SHA512

    56605232493a4f3f0626a2f0f9461bb9223ab28ef5d692ed156fa1b478983de726c9c70b874cbeb0eee8367ebd8d2d37ea9dcb0e53613f7abd63b41d802e17f6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vwiefds
    Filesize

    169KB

    MD5

    e541470dd233559ad76a8519b084df01

    SHA1

    7db808510728219adc28f95763bb7bb2c5cd0924

    SHA256

    68999e22da514a72ae6f55772a168d012fa7b7ba6c68d1c99bf17026f1430f93

    SHA512

    56605232493a4f3f0626a2f0f9461bb9223ab28ef5d692ed156fa1b478983de726c9c70b874cbeb0eee8367ebd8d2d37ea9dcb0e53613f7abd63b41d802e17f6

    Download Submit

  • memory/3668-140-0x00000000009ED000-0x00000000009FE000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3668-141-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/3668-142-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4572-132-0x000000000092E000-0x000000000093F000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4572-133-0x00000000008A0000-0x00000000008A9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4572-134-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4572-135-0x000000000092E000-0x000000000093F000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4572-136-0x00000000008A0000-0x00000000008A9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4572-137-0x0000000000400000-0x000000000070B000-memory.dmp

    Filesize

    3.0MB

    Download