Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/01/2023, 21:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    218096bae76e7aa27961fccb0d70e0bfc4b64f5ec40bd1b473d47751da9dc62a.exe

  • Size

    240KB

  • MD5

    3ae8f361f9afbb4244cff704e6066bc4

  • SHA1

    8bfb9bd78b1f406b272181e39d15a52966c21a37

  • SHA256

    218096bae76e7aa27961fccb0d70e0bfc4b64f5ec40bd1b473d47751da9dc62a

  • SHA512

    845dda82aad853c8ce8d864c946676f0868f85af91f4aa9585896c878a04a6cc70f902befa66d2ac40d8ae7f3abb720ccd507c187d96c69f55afc6326fb23ae3

  • SSDEEP

    3072:jXcG/GLcNsuKde5uS6fSmx8HLRgHJLwxw63B4QBWkx8YA5M2nvQGW7iSWO:bOLrdzSJmcKJkuIB4QodV4b7i

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 46 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 53 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\218096bae76e7aa27961fccb0d70e0bfc4b64f5ec40bd1b473d47751da9dc62a.exe
    "C:\Users\Admin\AppData\Local\Temp\218096bae76e7aa27961fccb0d70e0bfc4b64f5ec40bd1b473d47751da9dc62a.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1776
  • C:\Users\Admin\AppData\Local\Temp\E295.exe
    C:\Users\Admin\AppData\Local\Temp\E295.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:4824
    • C:\Users\Admin\AppData\Local\Temp\Proueehaoipr.exe
      "C:\Users\Admin\AppData\Local\Temp\Proueehaoipr.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4344
    • C:\Windows\syswow64\rundll32.exe
      "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
      2⤵
      • Suspicious use of SetThreadContext
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4964
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 22343
        3⤵
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        PID:4616
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:860

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\E295.exe
      Filesize

      5.6MB

      MD5

      4b1225a3c4237f29fdc16061c6a10c2b

      SHA1

      9772f9e328eead26a0e9d8fc99ccbba20de1c6a5

      SHA256

      c84afa0d999466a2e4f07e425f134de3a68d5fd9ef1a07a7e83407e78ceb4a61

      SHA512

      45f9224bec8ee222dcad06ec2131240cf01d55ab964deec5a48c6708766138fef1b1aa85c87eb834ef5e66240d6789193933e22e87823e4696742be027203ac3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E295.exe
      Filesize

      5.6MB

      MD5

      4b1225a3c4237f29fdc16061c6a10c2b

      SHA1

      9772f9e328eead26a0e9d8fc99ccbba20de1c6a5

      SHA256

      c84afa0d999466a2e4f07e425f134de3a68d5fd9ef1a07a7e83407e78ceb4a61

      SHA512

      45f9224bec8ee222dcad06ec2131240cf01d55ab964deec5a48c6708766138fef1b1aa85c87eb834ef5e66240d6789193933e22e87823e4696742be027203ac3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Proueehaoipr.exe
      Filesize

      1.4MB

      MD5

      0017e42192b6c10efb15d05157945f31

      SHA1

      fc32205f3153d4e98b5f1be1caf8545945307ae6

      SHA256

      11333749aa43d97da7da9a9f9589a50d8ec497aa931ed3c0cb6876f302be22e6

      SHA512

      cdaa5c1d28a4bc9d323c62a27a735f77a93b6218c806a189a1e0c4827268bf2d7727a630d2c4ddb2862cd670d2352cadc5cd4edaddce5c244c1517bf450db3d4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Proueehaoipr.exe
      Filesize

      1.4MB

      MD5

      0017e42192b6c10efb15d05157945f31

      SHA1

      fc32205f3153d4e98b5f1be1caf8545945307ae6

      SHA256

      11333749aa43d97da7da9a9f9589a50d8ec497aa931ed3c0cb6876f302be22e6

      SHA512

      cdaa5c1d28a4bc9d323c62a27a735f77a93b6218c806a189a1e0c4827268bf2d7727a630d2c4ddb2862cd670d2352cadc5cd4edaddce5c244c1517bf450db3d4

      Download Submit

    • memory/1776-137-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-131-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-118-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-119-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-120-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-121-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-122-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-123-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-124-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-125-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-126-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-127-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-128-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-129-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-130-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-139-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-132-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-133-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-135-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-136-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-116-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-134-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-117-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-138-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-140-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-141-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-142-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-143-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-144-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-145-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-146-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-147-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-148-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1776-150-0x00000000006D0000-0x00000000006D9000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1776-151-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

      Download

    • memory/1776-149-0x000000000076A000-0x000000000077A000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1776-152-0x000000000076A000-0x000000000077A000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1776-153-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

      Download

    • memory/4344-402-0x00000000022F0000-0x0000000002429000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4344-336-0x00000000022F0000-0x0000000002429000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4344-338-0x0000000000400000-0x000000000057B000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4344-337-0x0000000002430000-0x0000000002563000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4616-389-0x0000023EDD350000-0x0000023EDD5F3000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/4616-388-0x00000000000D0000-0x0000000000361000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/4824-159-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-185-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-165-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-166-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-167-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-168-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-169-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-170-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-171-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-172-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-173-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-174-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-175-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-176-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-178-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-177-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-180-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-181-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-182-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-183-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-184-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-164-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-186-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-187-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-188-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-193-0x00000000026F0000-0x0000000002C6A000-memory.dmp

      Filesize

      5.5MB

      Download

    • memory/4824-195-0x0000000002C70000-0x000000000322E000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4824-197-0x0000000000400000-0x00000000009C0000-memory.dmp

      Filesize

      5.8MB

      Download

    • memory/4824-264-0x0000000007280000-0x0000000007DD7000-memory.dmp

      Filesize

      11.3MB

      Download

    • memory/4824-162-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-161-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-160-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-401-0x0000000000400000-0x00000000009C0000-memory.dmp

      Filesize

      5.8MB

      Download

    • memory/4824-400-0x0000000007280000-0x0000000007DD7000-memory.dmp

      Filesize

      11.3MB

      Download

    • memory/4824-370-0x00000000026F0000-0x0000000002C6A000-memory.dmp

      Filesize

      5.5MB

      Download

    • memory/4824-371-0x0000000000400000-0x00000000009C0000-memory.dmp

      Filesize

      5.8MB

      Download

    • memory/4824-158-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-157-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4824-156-0x0000000077C40000-0x0000000077DCE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4964-399-0x00000000052A0000-0x0000000005DF7000-memory.dmp

      Filesize

      11.3MB

      Download

    • memory/4964-345-0x00000000052A0000-0x0000000005DF7000-memory.dmp

      Filesize

      11.3MB

      Download

    • memory/4964-342-0x0000000002E00000-0x0000000003837000-memory.dmp

      Filesize

      10.2MB

      Download