Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2022, 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce.exe

  • Size

    232KB

  • MD5

    612690d2d2a6c5aec8e5b623e2c390cf

  • SHA1

    8f05ab45296839473b91afd9f4ad158f6bd1c2ba

  • SHA256

    f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce

  • SHA512

    894691078f834e5038c03ab32d46fee12719af18357c48cdd9b511c196828b9e64d8d10a563aac7693eb024fd968fcb2085af03b9072acf7eb58bb9f0888f88c

  • SSDEEP

    3072:sl8NLawRLUhJ5hX6YMnfaJJZ4s2/nIVzW+5SeAddxZtJ/SRLjw7RkxmJZs:tLFRLk7J/4BEW+ce6dxPJ/SZGymI

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce.exe
    "C:\Users\Admin\AppData\Local\Temp\f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1308
  • C:\Users\Admin\AppData\Local\Temp\DA38.exe
    C:\Users\Admin\AppData\Local\Temp\DA38.exe
    1⤵
    • Executes dropped EXE
    PID:4908
  • C:\Users\Admin\AppData\Local\Temp\DD75.exe
    C:\Users\Admin\AppData\Local\Temp\DD75.exe
    1⤵
    • Executes dropped EXE
    PID:3304
  • C:\Users\Admin\AppData\Local\Temp\E12F.exe
    C:\Users\Admin\AppData\Local\Temp\E12F.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:436
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
        PID:448
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
        2⤵
          PID:2828
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
          2⤵
            PID:4752
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
            2⤵
              PID:5088
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:920
            • C:\Windows\explorer.exe
              C:\Windows\explorer.exe
              1⤵
                PID:1244
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:4672
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:724
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:4356
                    • C:\Windows\SysWOW64\explorer.exe
                      C:\Windows\SysWOW64\explorer.exe
                      1⤵
                        PID:4664
                      • C:\Windows\SysWOW64\explorer.exe
                        C:\Windows\SysWOW64\explorer.exe
                        1⤵
                          PID:1600
                        • C:\Windows\explorer.exe
                          C:\Windows\explorer.exe
                          1⤵
                            PID:4228
                          • C:\Windows\SysWOW64\explorer.exe
                            C:\Windows\SysWOW64\explorer.exe
                            1⤵
                              PID:4984

                            Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Temp\DA38.exe
                              Filesize

                              4KB

                              MD5

                              9748489855d9dd82ab09da5e3e55b19e

                              SHA1

                              6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                              SHA256

                              05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                              SHA512

                              7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\DA38.exe
                              Filesize

                              4KB

                              MD5

                              9748489855d9dd82ab09da5e3e55b19e

                              SHA1

                              6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                              SHA256

                              05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                              SHA512

                              7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\DD75.exe
                              Filesize

                              4KB

                              MD5

                              9748489855d9dd82ab09da5e3e55b19e

                              SHA1

                              6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                              SHA256

                              05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                              SHA512

                              7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\DD75.exe
                              Filesize

                              4KB

                              MD5

                              9748489855d9dd82ab09da5e3e55b19e

                              SHA1

                              6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                              SHA256

                              05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                              SHA512

                              7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\E12F.exe
                              Filesize

                              67KB

                              MD5

                              666d8f33d37064fd5d14e2166c9bfa69

                              SHA1

                              3b27df9335a9b2efe9da1057e9f8312a72d1ca9d

                              SHA256

                              7fddf1b75f50d43214867f367223f2d241d62ae63deea334d051c0ee19d18157

                              SHA512

                              ac3c993f019bb402db474fda65d587ae7717725eea9b3a869acd3530543b7b94d354f19474f6b1c7fc760b5b22622328def2bef26e3900c186b16e8a3d3b90df

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\E12F.exe
                              Filesize

                              67KB

                              MD5

                              666d8f33d37064fd5d14e2166c9bfa69

                              SHA1

                              3b27df9335a9b2efe9da1057e9f8312a72d1ca9d

                              SHA256

                              7fddf1b75f50d43214867f367223f2d241d62ae63deea334d051c0ee19d18157

                              SHA512

                              ac3c993f019bb402db474fda65d587ae7717725eea9b3a869acd3530543b7b94d354f19474f6b1c7fc760b5b22622328def2bef26e3900c186b16e8a3d3b90df

                              Download Submit

                            • memory/436-152-0x0000000005500000-0x0000000005566000-memory.dmp

                              Filesize

                              408KB

                              Download

                            • memory/436-149-0x0000000000BB0000-0x0000000000BC6000-memory.dmp

                              Filesize

                              88KB

                              Download

                            • memory/724-165-0x0000000000FF0000-0x0000000000FFC000-memory.dmp

                              Filesize

                              48KB

                              Download

                            • memory/724-184-0x0000000001280000-0x0000000001286000-memory.dmp

                              Filesize

                              24KB

                              Download

                            • memory/724-164-0x0000000001280000-0x0000000001286000-memory.dmp

                              Filesize

                              24KB

                              Download

                            • memory/920-181-0x0000000000450000-0x0000000000457000-memory.dmp

                              Filesize

                              28KB

                              Download

                            • memory/920-150-0x0000000000450000-0x0000000000457000-memory.dmp

                              Filesize

                              28KB

                              Download

                            • memory/920-151-0x0000000000440000-0x000000000044B000-memory.dmp

                              Filesize

                              44KB

                              Download

                            • memory/1244-154-0x0000000000740000-0x0000000000749000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/1244-182-0x0000000000740000-0x0000000000749000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/1244-155-0x0000000000730000-0x000000000073F000-memory.dmp

                              Filesize

                              60KB

                              Download

                            • memory/1308-135-0x0000000000400000-0x000000000045E000-memory.dmp

                              Filesize

                              376KB

                              Download

                            • memory/1308-134-0x0000000000400000-0x000000000045E000-memory.dmp

                              Filesize

                              376KB

                              Download

                            • memory/1308-133-0x00000000005E0000-0x00000000005E9000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/1308-132-0x000000000071E000-0x000000000072F000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/1600-174-0x0000000001250000-0x000000000125B000-memory.dmp

                              Filesize

                              44KB

                              Download

                            • memory/1600-187-0x0000000001260000-0x0000000001266000-memory.dmp

                              Filesize

                              24KB

                              Download

                            • memory/1600-173-0x0000000001260000-0x0000000001266000-memory.dmp

                              Filesize

                              24KB

                              Download

                            • memory/3304-144-0x00007FFAD9570000-0x00007FFADA031000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/4228-188-0x0000000000A00000-0x0000000000A07000-memory.dmp

                              Filesize

                              28KB

                              Download

                            • memory/4228-177-0x00000000007F0000-0x00000000007FD000-memory.dmp

                              Filesize

                              52KB

                              Download

                            • memory/4228-176-0x0000000000A00000-0x0000000000A07000-memory.dmp

                              Filesize

                              28KB

                              Download

                            • memory/4356-168-0x00000000008C0000-0x00000000008E7000-memory.dmp

                              Filesize

                              156KB

                              Download

                            • memory/4356-185-0x00000000008F0000-0x0000000000912000-memory.dmp

                              Filesize

                              136KB

                              Download

                            • memory/4356-167-0x00000000008F0000-0x0000000000912000-memory.dmp

                              Filesize

                              136KB

                              Download

                            • memory/4664-186-0x0000000000A90000-0x0000000000A95000-memory.dmp

                              Filesize

                              20KB

                              Download

                            • memory/4664-171-0x0000000000A80000-0x0000000000A89000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/4664-170-0x0000000000A90000-0x0000000000A95000-memory.dmp

                              Filesize

                              20KB

                              Download

                            • memory/4672-162-0x0000000000430000-0x0000000000439000-memory.dmp

                              Filesize

                              36KB

                              Download

                            • memory/4672-161-0x0000000000440000-0x0000000000445000-memory.dmp

                              Filesize

                              20KB

                              Download

                            • memory/4672-183-0x0000000000440000-0x0000000000445000-memory.dmp

                              Filesize

                              20KB

                              Download

                            • memory/4908-140-0x00007FFAD9570000-0x00007FFADA031000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/4908-139-0x0000000000380000-0x0000000000388000-memory.dmp

                              Filesize

                              32KB

                              Download

                            • memory/4984-180-0x0000000000990000-0x000000000099B000-memory.dmp

                              Filesize

                              44KB

                              Download

                            • memory/4984-179-0x00000000009A0000-0x00000000009A8000-memory.dmp

                              Filesize

                              32KB

                              Download

                            • memory/4984-189-0x00000000009A0000-0x00000000009A8000-memory.dmp

                              Filesize

                              32KB

                              Download