Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    31/01/2023, 17:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8b4e8c2d8b4e9876d6e4dcea91200191b45e9240dc630dca1501263c206811d5.exe

  • Size

    297KB

  • MD5

    c6f4d7972d271013dd2588644330d0bf

  • SHA1

    e8d1cd3b32942f269d931ab54549cdacc20169af

  • SHA256

    8b4e8c2d8b4e9876d6e4dcea91200191b45e9240dc630dca1501263c206811d5

  • SHA512

    856d91cc688c6e85b3fa4a508bd87ee5827b816d3accebc5e0bc280aa6ce02a402d92239e1cda9b8c36d4019dfb4db4de6f4debae8843da496bf9e3a80969641

  • SSDEEP

    3072:E5ubJmLBdRAfCJ0O65BoibDMuNn6Os0vk6gVx/atmqPUx6WfQz86vE3MMo:dbJmLB0fIdkBgDytmqMoIWE8M

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 8 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b4e8c2d8b4e9876d6e4dcea91200191b45e9240dc630dca1501263c206811d5.exe
    "C:\Users\Admin\AppData\Local\Temp\8b4e8c2d8b4e9876d6e4dcea91200191b45e9240dc630dca1501263c206811d5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:328
    • C:\Users\Admin\AppData\Local\Temp\8b4e8c2d8b4e9876d6e4dcea91200191b45e9240dc630dca1501263c206811d5.exe
      "C:\Users\Admin\AppData\Local\Temp\8b4e8c2d8b4e9876d6e4dcea91200191b45e9240dc630dca1501263c206811d5.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:3080
  • C:\Users\Admin\AppData\Roaming\bvjrhwg
    C:\Users\Admin\AppData\Roaming\bvjrhwg
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3980
    • C:\Users\Admin\AppData\Roaming\bvjrhwg
      C:\Users\Admin\AppData\Roaming\bvjrhwg
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:4860

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\bvjrhwg
          Filesize

          297KB

          MD5

          c6f4d7972d271013dd2588644330d0bf

          SHA1

          e8d1cd3b32942f269d931ab54549cdacc20169af

          SHA256

          8b4e8c2d8b4e9876d6e4dcea91200191b45e9240dc630dca1501263c206811d5

          SHA512

          856d91cc688c6e85b3fa4a508bd87ee5827b816d3accebc5e0bc280aa6ce02a402d92239e1cda9b8c36d4019dfb4db4de6f4debae8843da496bf9e3a80969641

          Download Submit

        • C:\Users\Admin\AppData\Roaming\bvjrhwg
          Filesize

          297KB

          MD5

          c6f4d7972d271013dd2588644330d0bf

          SHA1

          e8d1cd3b32942f269d931ab54549cdacc20169af

          SHA256

          8b4e8c2d8b4e9876d6e4dcea91200191b45e9240dc630dca1501263c206811d5

          SHA512

          856d91cc688c6e85b3fa4a508bd87ee5827b816d3accebc5e0bc280aa6ce02a402d92239e1cda9b8c36d4019dfb4db4de6f4debae8843da496bf9e3a80969641

          Download Submit

        • C:\Users\Admin\AppData\Roaming\bvjrhwg
          Filesize

          297KB

          MD5

          c6f4d7972d271013dd2588644330d0bf

          SHA1

          e8d1cd3b32942f269d931ab54549cdacc20169af

          SHA256

          8b4e8c2d8b4e9876d6e4dcea91200191b45e9240dc630dca1501263c206811d5

          SHA512

          856d91cc688c6e85b3fa4a508bd87ee5827b816d3accebc5e0bc280aa6ce02a402d92239e1cda9b8c36d4019dfb4db4de6f4debae8843da496bf9e3a80969641

          Download Submit

        • memory/328-120-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-121-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-122-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-123-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-124-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-125-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-126-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-127-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-128-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-129-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-130-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-131-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-132-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-133-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-134-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-135-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-136-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-137-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-138-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-139-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-140-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-142-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-143-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-144-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-146-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-145-0x0000000000590000-0x00000000006DA000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/328-147-0x0000000002180000-0x0000000002189000-memory.dmp

          Filesize

          36KB

          Download

        • memory/328-148-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-149-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/328-150-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-151-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3080-153-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-154-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-155-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-156-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-157-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-158-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-159-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-160-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-162-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3080-161-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-163-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-164-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-165-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-166-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-167-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-168-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-169-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-170-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-171-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-173-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-172-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-174-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-175-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-176-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-177-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-178-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-179-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-180-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-182-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-181-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3080-183-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3980-185-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3980-186-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3980-187-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3980-188-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3980-189-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3980-190-0x0000000077460000-0x00000000775EE000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3980-222-0x000000000073A000-0x0000000000750000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4860-247-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4860-248-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download