Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/12/2022, 18:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    34c4d594923fa863fc0d7e35b917e4e3158f34d6b20bfbca561dbb52c4b5d158.exe

  • Size

    214KB

  • MD5

    3f2ef86f68141bdeedb120135efd9d59

  • SHA1

    5fcd7fc6fb3c7472d666bcca7380f4c2e446a3f8

  • SHA256

    34c4d594923fa863fc0d7e35b917e4e3158f34d6b20bfbca561dbb52c4b5d158

  • SHA512

    2f8eaf927a64bfb598b0a6747c8df67d2108d96fa5da81afd0030d0037eca90843ceb31a789ad6745eb0cdc0418045967ba09f056f34cf4112b2e0f5bacb77cc

  • SSDEEP

    6144:nUBNL+x21jWFtfi0UVZZ+Pq0r0zVzepjcbXF:nUBNSxA6FY8Pq0mKYbXF

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34c4d594923fa863fc0d7e35b917e4e3158f34d6b20bfbca561dbb52c4b5d158.exe
    "C:\Users\Admin\AppData\Local\Temp\34c4d594923fa863fc0d7e35b917e4e3158f34d6b20bfbca561dbb52c4b5d158.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Users\Admin\AppData\Local\Temp\34c4d594923fa863fc0d7e35b917e4e3158f34d6b20bfbca561dbb52c4b5d158.exe
      "C:\Users\Admin\AppData\Local\Temp\34c4d594923fa863fc0d7e35b917e4e3158f34d6b20bfbca561dbb52c4b5d158.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4040

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2336-118-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-119-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-120-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-121-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-122-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-123-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-124-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-125-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-126-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-127-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-128-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-129-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-130-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-131-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-132-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-133-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-134-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-135-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-136-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-138-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-137-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-139-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-140-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-141-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-142-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-143-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-145-0x00000000005C0000-0x00000000005C9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2336-146-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2336-144-0x0000000000786000-0x0000000000796000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2336-151-0x0000000000786000-0x0000000000796000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4040-147-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4040-149-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-150-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-152-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-154-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-155-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-153-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-156-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-158-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-157-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-159-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-160-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-161-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-163-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4040-162-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-164-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-165-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-166-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-167-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-168-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-169-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-170-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-171-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-172-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-173-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-174-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-175-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-176-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-177-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-178-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-179-0x00000000770E0000-0x000000007726E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4040-180-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download