Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    167s
  • max time network
    182s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/12/2022, 13:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5459597a1f70c7f0c270819a01daa8936c7e77933243af4483da9d24b36fc09b.exe

  • Size

    185KB

  • MD5

    44aab738d953bc07abfeefe4f792e8d5

  • SHA1

    910fe611dbaa840433ae7b6f67bb60b10680fba9

  • SHA256

    5459597a1f70c7f0c270819a01daa8936c7e77933243af4483da9d24b36fc09b

  • SHA512

    a0e8accd5429427ae66aaba1cf02a20c148c3e5974bf204d989f5f378982d81d00ed9906cc176096f4727ecc300c64fa6880ed058f2fe4146a7ceac6315c5d1a

  • SSDEEP

    3072:JAM4saQssUm5tRArs57xo8taOUiJNc0v8cPDAbEaYULCH:VssUWq+VhDJ60LMEaN6

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5459597a1f70c7f0c270819a01daa8936c7e77933243af4483da9d24b36fc09b.exe
    "C:\Users\Admin\AppData\Local\Temp\5459597a1f70c7f0c270819a01daa8936c7e77933243af4483da9d24b36fc09b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Users\Admin\AppData\Local\Temp\5459597a1f70c7f0c270819a01daa8936c7e77933243af4483da9d24b36fc09b.exe
      "C:\Users\Admin\AppData\Local\Temp\5459597a1f70c7f0c270819a01daa8936c7e77933243af4483da9d24b36fc09b.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:496

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/496-161-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-163-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-177-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/496-176-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-175-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-174-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-173-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-172-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-171-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-169-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-168-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-167-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-166-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-165-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-164-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-147-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-162-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-160-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/496-158-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-159-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-157-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-155-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-156-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-154-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-153-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-148-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-151-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-150-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-145-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/496-149-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-152-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/496-170-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-126-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-132-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-143-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-142-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-141-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-140-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-139-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-138-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-137-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-136-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-135-0x0000000000550000-0x0000000000559000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2672-134-0x0000000000570000-0x00000000006BA000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2672-115-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-116-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-144-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-129-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-133-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-128-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-127-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-124-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-125-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-131-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-123-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-122-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-120-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-121-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-119-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-118-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2672-117-0x0000000076EA0000-0x000000007702E000-memory.dmp

          Filesize

          1.6MB

          Download