Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    148s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/12/2022, 18:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c52f8e9bab827f7703d0cc744998e16f826e43e313a43a103dcbf354da153ce4.exe

  • Size

    193KB

  • MD5

    9a897c5b7206c8d629428f06dc7e4266

  • SHA1

    398863d469e4d787a462095cd707a9b6c817a653

  • SHA256

    c52f8e9bab827f7703d0cc744998e16f826e43e313a43a103dcbf354da153ce4

  • SHA512

    43f4d4490d36a6ec68fb9c2dea5d68717f77b106cdc121cd6878b3dbae2341bf47e06f8c8fd47f28a2ac5846ca0113bd01144109c680478012288bce3f3a90b6

  • SSDEEP

    3072:Sw7sb0eYqRc5zGhcbtO+gzseQfd4m63G27777777BDAbEaif:xuYq7hcbtG2fem63G277777772Ea

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 8 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c52f8e9bab827f7703d0cc744998e16f826e43e313a43a103dcbf354da153ce4.exe
    "C:\Users\Admin\AppData\Local\Temp\c52f8e9bab827f7703d0cc744998e16f826e43e313a43a103dcbf354da153ce4.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\Users\Admin\AppData\Local\Temp\c52f8e9bab827f7703d0cc744998e16f826e43e313a43a103dcbf354da153ce4.exe
      "C:\Users\Admin\AppData\Local\Temp\c52f8e9bab827f7703d0cc744998e16f826e43e313a43a103dcbf354da153ce4.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4688
  • C:\Users\Admin\AppData\Roaming\ufsjsde
    C:\Users\Admin\AppData\Roaming\ufsjsde
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4596
    • C:\Users\Admin\AppData\Roaming\ufsjsde
      C:\Users\Admin\AppData\Roaming\ufsjsde
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:4364

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\ufsjsde
    Filesize

    193KB

    MD5

    9a897c5b7206c8d629428f06dc7e4266

    SHA1

    398863d469e4d787a462095cd707a9b6c817a653

    SHA256

    c52f8e9bab827f7703d0cc744998e16f826e43e313a43a103dcbf354da153ce4

    SHA512

    43f4d4490d36a6ec68fb9c2dea5d68717f77b106cdc121cd6878b3dbae2341bf47e06f8c8fd47f28a2ac5846ca0113bd01144109c680478012288bce3f3a90b6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ufsjsde
    Filesize

    193KB

    MD5

    9a897c5b7206c8d629428f06dc7e4266

    SHA1

    398863d469e4d787a462095cd707a9b6c817a653

    SHA256

    c52f8e9bab827f7703d0cc744998e16f826e43e313a43a103dcbf354da153ce4

    SHA512

    43f4d4490d36a6ec68fb9c2dea5d68717f77b106cdc121cd6878b3dbae2341bf47e06f8c8fd47f28a2ac5846ca0113bd01144109c680478012288bce3f3a90b6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ufsjsde
    Filesize

    193KB

    MD5

    9a897c5b7206c8d629428f06dc7e4266

    SHA1

    398863d469e4d787a462095cd707a9b6c817a653

    SHA256

    c52f8e9bab827f7703d0cc744998e16f826e43e313a43a103dcbf354da153ce4

    SHA512

    43f4d4490d36a6ec68fb9c2dea5d68717f77b106cdc121cd6878b3dbae2341bf47e06f8c8fd47f28a2ac5846ca0113bd01144109c680478012288bce3f3a90b6

    Download Submit

  • memory/1784-312-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-229-0x0000000000EF0000-0x0000000000F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-383-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-382-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-381-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-380-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-379-0x0000000000ED0000-0x0000000000EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-378-0x0000000000E90000-0x0000000000EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-352-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-351-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-350-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-349-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-348-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-347-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-346-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-345-0x0000000000ED0000-0x0000000000EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-324-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-321-0x0000000000ED0000-0x0000000000EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-320-0x0000000000E90000-0x0000000000EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-316-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-315-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-314-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-313-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-385-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-384-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-387-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-311-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-308-0x0000000000ED0000-0x0000000000EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-283-0x0000000000E90000-0x0000000000EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-281-0x0000000000EF0000-0x0000000000F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-280-0x0000000000EF0000-0x0000000000F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-279-0x0000000000EF0000-0x0000000000F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-310-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-205-0x0000000000E90000-0x0000000000EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-386-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-231-0x0000000000EF0000-0x0000000000F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-228-0x0000000000ED0000-0x0000000000EE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-309-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1784-230-0x0000000000EF0000-0x0000000000F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4364-277-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4364-278-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4596-191-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4596-189-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4596-188-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4596-187-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4596-186-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4596-185-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4596-184-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-177-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-155-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-175-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-173-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-151-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-176-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-179-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-178-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-181-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-180-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-182-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4688-172-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-171-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-170-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-167-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-169-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-168-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-166-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-165-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4688-149-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4688-159-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-163-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-164-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-162-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-160-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-161-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-157-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-158-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-152-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-156-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-174-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4688-154-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-136-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-130-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-148-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-147-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-146-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-145-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-144-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-143-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-142-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-140-0x0000000000656000-0x0000000000667000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4740-141-0x00000000001E0000-0x00000000001E9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4740-139-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-138-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-137-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-121-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-153-0x0000000000656000-0x0000000000667000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4740-128-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-133-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-132-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-131-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-135-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-129-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-134-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-127-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-126-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-125-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-124-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-123-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-122-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4740-120-0x0000000077850000-0x00000000779DE000-memory.dmp

    Filesize

    1.6MB

    Download