Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27-11-2022 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf.exe

  • Size

    151KB

  • MD5

    fdf4e34e1dec16cf394670450b605506

  • SHA1

    310d15fe6b60c675d77bf255f51d4723738bef67

  • SHA256

    8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf

  • SHA512

    abcca97aca7007e60b9ded9c5565d89b757ac8ac1f4317475a553d6795137a424f44fdd62d8de565e512ac52482af090465e9a590689e3f156be54ed32a26edb

  • SSDEEP

    3072:25dPwqg43yjc8eFaCWw5XT25K2+C9ggR6bgraahtN4i:Kz3n8QaC+5K1CGgR6WaahtGi

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 20 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf.exe
    "C:\Users\Admin\AppData\Local\Temp\8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3876
  • C:\Users\Admin\AppData\Roaming\erbfwgi
    C:\Users\Admin\AppData\Roaming\erbfwgi
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    • Suspicious behavior: MapViewOfSection
    PID:4136
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:1968
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:4208
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:2072
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:4644
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:4892
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:4840
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:1164
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:356
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:2584

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\erbfwgi
                      Filesize

                      151KB

                      MD5

                      fdf4e34e1dec16cf394670450b605506

                      SHA1

                      310d15fe6b60c675d77bf255f51d4723738bef67

                      SHA256

                      8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf

                      SHA512

                      abcca97aca7007e60b9ded9c5565d89b757ac8ac1f4317475a553d6795137a424f44fdd62d8de565e512ac52482af090465e9a590689e3f156be54ed32a26edb

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\erbfwgi
                      Filesize

                      151KB

                      MD5

                      fdf4e34e1dec16cf394670450b605506

                      SHA1

                      310d15fe6b60c675d77bf255f51d4723738bef67

                      SHA256

                      8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf

                      SHA512

                      abcca97aca7007e60b9ded9c5565d89b757ac8ac1f4317475a553d6795137a424f44fdd62d8de565e512ac52482af090465e9a590689e3f156be54ed32a26edb

                      Download Submit

                    • memory/356-491-0x00000000008D0000-0x00000000008D7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/356-557-0x00000000008D0000-0x00000000008D7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/356-489-0x0000000000000000-mapping.dmp

                      Download

                    • memory/356-492-0x00000000008C0000-0x00000000008CD000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/1164-432-0x0000000000000000-mapping.dmp

                      Download

                    • memory/1164-484-0x0000000000670000-0x0000000000676000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/1164-490-0x0000000000660000-0x000000000066B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/1968-194-0x0000000000000000-mapping.dmp

                      Download

                    • memory/1968-251-0x0000000000110000-0x000000000011B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/1968-250-0x0000000000120000-0x0000000000127000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/1968-551-0x0000000000120000-0x0000000000127000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/2072-311-0x0000000003060000-0x0000000003065000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/2072-312-0x0000000003050000-0x0000000003059000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/2072-255-0x0000000000000000-mapping.dmp

                      Download

                    • memory/2072-553-0x0000000003060000-0x0000000003065000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/2584-493-0x0000000000000000-mapping.dmp

                      Download

                    • memory/2584-549-0x0000000003060000-0x0000000003068000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/2584-550-0x0000000003050000-0x000000000305B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/2584-558-0x0000000003060000-0x0000000003068000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/3876-142-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-135-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-138-0x000000000074A000-0x000000000075A000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/3876-140-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-139-0x00000000005C0000-0x00000000005C9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3876-141-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-115-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-143-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-144-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-145-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-146-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-147-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-148-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-150-0x0000000000400000-0x000000000045B000-memory.dmp

                      Filesize

                      364KB

                      Download

                    • memory/3876-149-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-151-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-152-0x0000000000400000-0x000000000045B000-memory.dmp

                      Filesize

                      364KB

                      Download

                    • memory/3876-153-0x000000000074A000-0x000000000075A000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/3876-136-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-116-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-117-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-118-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-119-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-120-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-121-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-122-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-123-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-124-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-125-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-126-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-127-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-128-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-129-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-130-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-131-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-132-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-133-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-134-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3876-137-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-185-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-163-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-180-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-186-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-166-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-184-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-183-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-182-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-181-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-179-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-178-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-191-0x00000000004D0000-0x000000000057E000-memory.dmp

                      Filesize

                      696KB

                      Download

                    • memory/4136-192-0x0000000000400000-0x000000000045B000-memory.dmp

                      Filesize

                      364KB

                      Download

                    • memory/4136-193-0x0000000000400000-0x000000000045B000-memory.dmp

                      Filesize

                      364KB

                      Download

                    • memory/4136-168-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-170-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-171-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-155-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-156-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-157-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-173-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-174-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-175-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-158-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-159-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-160-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-161-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-164-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-165-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-167-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-169-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-172-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4136-176-0x0000000076EC0000-0x000000007704E000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4208-252-0x0000000000000000-mapping.dmp

                      Download

                    • memory/4208-253-0x0000000000960000-0x0000000000969000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4208-552-0x0000000000960000-0x0000000000969000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4208-254-0x0000000000950000-0x000000000095F000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/4644-315-0x0000000000E90000-0x0000000000E9C000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/4644-314-0x0000000000EA0000-0x0000000000EA6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4644-313-0x0000000000000000-mapping.dmp

                      Download

                    • memory/4644-554-0x0000000000EA0000-0x0000000000EA6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4840-556-0x0000000003050000-0x0000000003059000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4840-430-0x0000000003060000-0x0000000003065000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4840-374-0x0000000000000000-mapping.dmp

                      Download

                    • memory/4840-431-0x0000000003050000-0x0000000003059000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4892-372-0x0000000003080000-0x00000000030A2000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4892-555-0x0000000003080000-0x00000000030A2000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4892-316-0x0000000000000000-mapping.dmp

                      Download

                    • memory/4892-373-0x0000000003050000-0x0000000003077000-memory.dmp

                      Filesize

                      156KB

                      Download