Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    101s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/01/2023, 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66a0d0f33e178ec233bc7661f36d4ab9e74cb56449fc2f459156909bf7bb7a52.exe

  • Size

    238KB

  • MD5

    c40fa573a4c8d8be4789ff752c2fa86a

  • SHA1

    02578b4dfb0cfeadb2db77f0c2805a4155b39b3f

  • SHA256

    66a0d0f33e178ec233bc7661f36d4ab9e74cb56449fc2f459156909bf7bb7a52

  • SHA512

    bb00aca6d0049debd61ab14e331f26e963ac9a5e7964413b9e0a05a841ef70af64636cf9228707dc21b225c582cb4849effee9c33033206be5077713c16cec71

  • SSDEEP

    3072:zXOit41LmHYBJa5GHtbK0kp1SKuNda1L8Zx4kb7WkETM2nvQGW7iSWt:rPiL1JnbJKodAbkATV4b7i

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 2 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66a0d0f33e178ec233bc7661f36d4ab9e74cb56449fc2f459156909bf7bb7a52.exe
    "C:\Users\Admin\AppData\Local\Temp\66a0d0f33e178ec233bc7661f36d4ab9e74cb56449fc2f459156909bf7bb7a52.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2760
  • C:\Users\Admin\AppData\Local\Temp\26F1.exe
    C:\Users\Admin\AppData\Local\Temp\26F1.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2264

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\26F1.exe
    Filesize

    1.4MB

    MD5

    86ccf28f3accb4eb7b6e2852cc39593d

    SHA1

    f31f4fc3a3c3396b61626fa8891c162bfba212a8

    SHA256

    4c61833e2f49634448a66566ef75b7ed04a3d83725d0a39594e35a366e5e4c66

    SHA512

    8e5d4663e4ca5ea509a05c8e176d39dfeb4f46bed6a78fff3cfb3c98aef1fc69dfb4ee2176ec1e4e9a40def78460b8e42ec47403a9b7c51bbe51b6c8ab13b984

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\26F1.exe
    Filesize

    1.4MB

    MD5

    86ccf28f3accb4eb7b6e2852cc39593d

    SHA1

    f31f4fc3a3c3396b61626fa8891c162bfba212a8

    SHA256

    4c61833e2f49634448a66566ef75b7ed04a3d83725d0a39594e35a366e5e4c66

    SHA512

    8e5d4663e4ca5ea509a05c8e176d39dfeb4f46bed6a78fff3cfb3c98aef1fc69dfb4ee2176ec1e4e9a40def78460b8e42ec47403a9b7c51bbe51b6c8ab13b984

    Download Submit

  • memory/2264-179-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-196-0x0000000002400000-0x0000000002555000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2264-194-0x0000000002260000-0x00000000023AA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2264-193-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-192-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-191-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-190-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-189-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-188-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-187-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-186-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-185-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-183-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-182-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-181-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-180-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-178-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-167-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-176-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-175-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-174-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-212-0x0000000000400000-0x0000000000589000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2264-173-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-172-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-171-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-170-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-169-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-177-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-166-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-165-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-164-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-163-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-162-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-161-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-213-0x0000000002400000-0x0000000002555000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2760-139-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-140-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-157-0x00000000004F0000-0x00000000004F9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2760-156-0x000000000065A000-0x000000000066A000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2760-155-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-153-0x0000000000400000-0x0000000000459000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2760-154-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-150-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-152-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-151-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-149-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-148-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-147-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-146-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-145-0x00000000004F0000-0x00000000004F9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2760-144-0x000000000065A000-0x000000000066A000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2760-143-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-142-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-141-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-158-0x0000000000400000-0x0000000000459000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2760-120-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-138-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-135-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-137-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-136-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-133-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-134-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-132-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-131-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-130-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-129-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-128-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-127-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-126-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-125-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-124-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-123-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-122-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2760-121-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download