Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    248s
  • max time network
    250s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    832d5ec6e646621706bd90576de0f4d80ea722b50000416a2b9c97170d7a935d.exe

  • Size

    146KB

  • MD5

    8bb40ddb7b584f7250565039d47bf0f7

  • SHA1

    cd312c36e50eeccab467d353f3333074a236860f

  • SHA256

    832d5ec6e646621706bd90576de0f4d80ea722b50000416a2b9c97170d7a935d

  • SHA512

    e4dd309b5a78125962bf0bcc89aa23ea055b923294b160b51d3607579517ee84ac605147a7bfc041a6934c4b90a9601294446541117509cdbf42cef623a3a958

  • SSDEEP

    3072:/5CJpjhyN95v8GoZOqf5j+6fMs23QUhXythRQ:RCHgVDoQAC6fC3QO+hC

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\832d5ec6e646621706bd90576de0f4d80ea722b50000416a2b9c97170d7a935d.exe
    "C:\Users\Admin\AppData\Local\Temp\832d5ec6e646621706bd90576de0f4d80ea722b50000416a2b9c97170d7a935d.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4692

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2688-156-0x0000000002A20000-0x0000000002A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-142-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-179-0x0000000003340000-0x0000000003350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-178-0x0000000007B00000-0x0000000007B10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-136-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-137-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-138-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-139-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-140-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-177-0x0000000003340000-0x0000000003350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-155-0x0000000002A20000-0x0000000002A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-143-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-144-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-145-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-146-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-147-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-148-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-149-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-150-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-151-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-152-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-153-0x00000000029E0000-0x00000000029F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-176-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-154-0x0000000002A20000-0x0000000002A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-141-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-157-0x0000000002A20000-0x0000000002A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-158-0x0000000002A20000-0x0000000002A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-159-0x0000000002A20000-0x0000000002A30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-160-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-161-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-162-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-163-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-164-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-165-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-166-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-167-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-168-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-169-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-170-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-171-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-172-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-173-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-174-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2688-175-0x00000000029D0000-0x00000000029E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4692-133-0x00000000005F0000-0x00000000005F9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4692-132-0x00000000006AD000-0x00000000006BD000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4692-135-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/4692-134-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download