Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2023, 07:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    954ccd603cc7080330653db9bc181388ca64b950f274265688e1b25c17762995.exe

  • Size

    327KB

  • MD5

    1b4116073b138b605adce42ef455caa0

  • SHA1

    8f6de98756b26eedd88d1e16a8a044feeae7842d

  • SHA256

    954ccd603cc7080330653db9bc181388ca64b950f274265688e1b25c17762995

  • SHA512

    3c6a167faaa209cd23d4ea9c4298a60abaaaf35a12ec2d4cdce209dc2779a4fb5a057fc75fd7ddbfcc2b9e530281efd3e5f88056e71d78045f8e07911bf07163

  • SSDEEP

    6144:tJsvE1NUHRpNf1iC/U9TL8UGXZyyDqCFfL3G9:t+8napNdf6EBXFOCd3G

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\954ccd603cc7080330653db9bc181388ca64b950f274265688e1b25c17762995.exe
    "C:\Users\Admin\AppData\Local\Temp\954ccd603cc7080330653db9bc181388ca64b950f274265688e1b25c17762995.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:964
  • C:\Users\Admin\AppData\Local\Temp\C35B.exe
    C:\Users\Admin\AppData\Local\Temp\C35B.exe
    1⤵
    • Executes dropped EXE
    PID:940

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\C35B.exe
    Filesize

    346KB

    MD5

    387217a16ac73d84d7d85e7c954db040

    SHA1

    971e8340ea42da31af7fdf752a4990fb8558b643

    SHA256

    fd8cd7be845f1373752fdeefccedf44c6bc855deaeac2e682f6b0d910301689e

    SHA512

    87dd035bc904495403522725b2100d1b3ed76e39275a384ff744e375bdc95fe17d19def761a211a6ed2cc2c0ff85e56b5db412caddb12ce5da7b7b9682665a0b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\C35B.exe
    Filesize

    346KB

    MD5

    387217a16ac73d84d7d85e7c954db040

    SHA1

    971e8340ea42da31af7fdf752a4990fb8558b643

    SHA256

    fd8cd7be845f1373752fdeefccedf44c6bc855deaeac2e682f6b0d910301689e

    SHA512

    87dd035bc904495403522725b2100d1b3ed76e39275a384ff744e375bdc95fe17d19def761a211a6ed2cc2c0ff85e56b5db412caddb12ce5da7b7b9682665a0b

    Download Submit

  • memory/964-132-0x00000000005FE000-0x0000000000613000-memory.dmp

    Filesize

    84KB

    Download

  • memory/964-133-0x0000000002190000-0x0000000002199000-memory.dmp

    Filesize

    36KB

    Download

  • memory/964-134-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download

  • memory/964-135-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

    Download