Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/02/2023, 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b833a65aa211e8c3d50245be670dee1326333c71d8f4d17cf108df28c3f4f9b.exe

  • Size

    225KB

  • MD5

    19b3bb5e1b49fae5683771a114eb2b54

  • SHA1

    0e090e04a3ec9b4617968193ab43f94f13fc80e1

  • SHA256

    8b833a65aa211e8c3d50245be670dee1326333c71d8f4d17cf108df28c3f4f9b

  • SHA512

    bce104e72a015b4c5ae7aa18f6d50ec1b013184a3a1fc17839e2950e2639be39de8343dba4c701101784b2b56324498a438dec6d7a2f7a1e10223c3aed3f0d63

  • SSDEEP

    6144:xmPx8X8hLNI/n9A93N5Ip0wTuRMbwrPn:xm5FxI/9A9wpFTu+bwrP

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b833a65aa211e8c3d50245be670dee1326333c71d8f4d17cf108df28c3f4f9b.exe
    "C:\Users\Admin\AppData\Local\Temp\8b833a65aa211e8c3d50245be670dee1326333c71d8f4d17cf108df28c3f4f9b.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3824
  • C:\Users\Admin\AppData\Local\Temp\AFC.exe
    C:\Users\Admin\AppData\Local\Temp\AFC.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Rqdarrhtrsoihy.dll,start
      2⤵
      • Loads dropped DLL
      PID:2404
  • C:\Users\Admin\AppData\Roaming\hudcwwf
    C:\Users\Admin\AppData\Roaming\hudcwwf
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    • Suspicious behavior: MapViewOfSection
    PID:3996

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AFC.exe
    Filesize

    3.2MB

    MD5

    c8db2328026625bc1a9cc5628fa0a36c

    SHA1

    1e52cdd8761a75f15746e0f84640544415ffcfe6

    SHA256

    9f24c13f6a9e99b702004259acc932a2cc0a4506b40274d64e92527e8e06b930

    SHA512

    aa2f3589e09cfb81a9c0c06cd897b3d83a044496ead22af5521ad06e9c269d84d228fa39fe3e370b3fdde1184a4b2d1d91d661e9a46d76b8a2446a11df551a67

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AFC.exe
    Filesize

    3.2MB

    MD5

    c8db2328026625bc1a9cc5628fa0a36c

    SHA1

    1e52cdd8761a75f15746e0f84640544415ffcfe6

    SHA256

    9f24c13f6a9e99b702004259acc932a2cc0a4506b40274d64e92527e8e06b930

    SHA512

    aa2f3589e09cfb81a9c0c06cd897b3d83a044496ead22af5521ad06e9c269d84d228fa39fe3e370b3fdde1184a4b2d1d91d661e9a46d76b8a2446a11df551a67

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Rqdarrhtrsoihy.dll
    Filesize

    4.3MB

    MD5

    e7d1b0006fff31b83f7cfa73c814242b

    SHA1

    d656de1ca21b9c3defbdd0bdd9d9e6206650d322

    SHA256

    cf0e140ed82af710d60752098c00666dadef7ff7f6f306ec1f34c7e2d7e42a54

    SHA512

    54b18c73a511eb16ea20aa86048cfb96e1f83fb55152f97eba8e9d57e2433ad64ddcc3dc8889d06b00ed7258436b25779cd04df9c0b9967027edd3bd0a7eceee

    Download Submit

  • C:\Users\Admin\AppData\Roaming\hudcwwf
    Filesize

    225KB

    MD5

    19b3bb5e1b49fae5683771a114eb2b54

    SHA1

    0e090e04a3ec9b4617968193ab43f94f13fc80e1

    SHA256

    8b833a65aa211e8c3d50245be670dee1326333c71d8f4d17cf108df28c3f4f9b

    SHA512

    bce104e72a015b4c5ae7aa18f6d50ec1b013184a3a1fc17839e2950e2639be39de8343dba4c701101784b2b56324498a438dec6d7a2f7a1e10223c3aed3f0d63

    Download Submit

  • C:\Users\Admin\AppData\Roaming\hudcwwf
    Filesize

    225KB

    MD5

    19b3bb5e1b49fae5683771a114eb2b54

    SHA1

    0e090e04a3ec9b4617968193ab43f94f13fc80e1

    SHA256

    8b833a65aa211e8c3d50245be670dee1326333c71d8f4d17cf108df28c3f4f9b

    SHA512

    bce104e72a015b4c5ae7aa18f6d50ec1b013184a3a1fc17839e2950e2639be39de8343dba4c701101784b2b56324498a438dec6d7a2f7a1e10223c3aed3f0d63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Rqdarrhtrsoihy.dll
    Filesize

    4.3MB

    MD5

    e7d1b0006fff31b83f7cfa73c814242b

    SHA1

    d656de1ca21b9c3defbdd0bdd9d9e6206650d322

    SHA256

    cf0e140ed82af710d60752098c00666dadef7ff7f6f306ec1f34c7e2d7e42a54

    SHA512

    54b18c73a511eb16ea20aa86048cfb96e1f83fb55152f97eba8e9d57e2433ad64ddcc3dc8889d06b00ed7258436b25779cd04df9c0b9967027edd3bd0a7eceee

    Download Submit

  • memory/2084-185-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-182-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-226-0x0000000000400000-0x0000000002E92000-memory.dmp

    Filesize

    42.6MB

    Download

  • memory/2084-168-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-206-0x0000000004E10000-0x00000000051C7000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2084-205-0x0000000004AF0000-0x0000000004E01000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2084-204-0x0000000000400000-0x0000000002E92000-memory.dmp

    Filesize

    42.6MB

    Download

  • memory/2084-194-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-193-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-191-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-169-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-190-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-189-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-188-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-187-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-186-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-183-0x0000000004E10000-0x00000000051C7000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2084-184-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-180-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-192-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-164-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-181-0x0000000004AF0000-0x0000000004E01000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2084-179-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-178-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-176-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-175-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-173-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-174-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-166-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-170-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-172-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-171-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-160-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-161-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-162-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-163-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2084-165-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-147-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-142-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-127-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-126-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-157-0x0000000000400000-0x0000000002BA1000-memory.dmp

    Filesize

    39.6MB

    Download

  • memory/3824-156-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-154-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-153-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-125-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-152-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-151-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-149-0x0000000000400000-0x0000000002BA1000-memory.dmp

    Filesize

    39.6MB

    Download

  • memory/3824-150-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-148-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-145-0x0000000002CD0000-0x0000000002CD9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3824-146-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-143-0x0000000002CF0000-0x0000000002E3A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3824-144-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-120-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-155-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-141-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-140-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-139-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-138-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-137-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-135-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-134-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-133-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-132-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-131-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-130-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-129-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-128-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-124-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-123-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-122-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3824-121-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3996-298-0x0000000002CD0000-0x0000000002E1A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3996-299-0x0000000000400000-0x0000000002BA1000-memory.dmp

    Filesize

    39.6MB

    Download

  • memory/3996-300-0x0000000000400000-0x0000000002BA1000-memory.dmp

    Filesize

    39.6MB

    Download