Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08/01/2023, 13:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e715d06cd9ece98291cddf44f6d5d68b23f42d4118015b7dbcaa55bdd9d57bd.exe

  • Size

    264KB

  • MD5

    b3c5d6243ef1d617bb9d6b80de2b51a5

  • SHA1

    76dc85f4141b730a2b65905e9bfca1b4d20350f4

  • SHA256

    1e715d06cd9ece98291cddf44f6d5d68b23f42d4118015b7dbcaa55bdd9d57bd

  • SHA512

    b518aba574f4862333857d11e6c78c43b49492a6edd4bcecb5001163de1a4cdf7163db9faa6936a233cbdb5085401434108277dac823d6294c3de428d31a1b16

  • SSDEEP

    3072:VXhENMvtL7/BW/LV/0q/R5ZXQa1UJVqurtlSE4lpxOdUZNTKXWPr0sd6:R3L7/B2/0q/Cb7tllY3OuN

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 4 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e715d06cd9ece98291cddf44f6d5d68b23f42d4118015b7dbcaa55bdd9d57bd.exe
    "C:\Users\Admin\AppData\Local\Temp\1e715d06cd9ece98291cddf44f6d5d68b23f42d4118015b7dbcaa55bdd9d57bd.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Users\Admin\AppData\Local\Temp\1e715d06cd9ece98291cddf44f6d5d68b23f42d4118015b7dbcaa55bdd9d57bd.exe
      "C:\Users\Admin\AppData\Local\Temp\1e715d06cd9ece98291cddf44f6d5d68b23f42d4118015b7dbcaa55bdd9d57bd.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:5056

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4936-116-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-117-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-118-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-119-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-120-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-121-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-122-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-123-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-124-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-125-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-126-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-127-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-128-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-129-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-130-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-131-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-132-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-133-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-134-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-135-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-136-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-138-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-139-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-140-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-141-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-143-0x0000000002C70000-0x0000000002DBA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4936-142-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-144-0x0000000002BB0000-0x0000000002C5E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/4936-145-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4936-146-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-147-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/5056-149-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-150-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-151-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-152-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-153-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-154-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-155-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-156-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-158-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-157-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/5056-160-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-159-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-161-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-162-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-163-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-164-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-165-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-166-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-167-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-168-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-169-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-170-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-171-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-172-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-173-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-174-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-175-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-177-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-178-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-176-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5056-179-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download