Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    54s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/02/2023, 13:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a7e2c38496116c8ae8bb719405111b77e7dfdf7399d8550b4dec522a601fac2.exe

  • Size

    192KB

  • MD5

    56bdc23d86e6770e67c505f36951f86d

  • SHA1

    c66da8b54d71e667b486d1d48d3a52600f1d8a56

  • SHA256

    3a7e2c38496116c8ae8bb719405111b77e7dfdf7399d8550b4dec522a601fac2

  • SHA512

    19dbba701f7b3f6dd14de5d4fe98989903a2ed7e813cc5542cd460e628aa9fe0bab5ea644787c23d7fc2eff80e35df21f07a7ee56d39dc04e45a737c1c44be26

  • SSDEEP

    3072:6WLPGXwMqLoGg/AsWle5Tt4D2kokJljvZ3TwTtRkTwVty7B+9Ym:6W0qL7gYsJE2knGTtOTI6BcYm

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 5 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a7e2c38496116c8ae8bb719405111b77e7dfdf7399d8550b4dec522a601fac2.exe
    "C:\Users\Admin\AppData\Local\Temp\3a7e2c38496116c8ae8bb719405111b77e7dfdf7399d8550b4dec522a601fac2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Users\Admin\AppData\Local\Temp\3a7e2c38496116c8ae8bb719405111b77e7dfdf7399d8550b4dec522a601fac2.exe
      "C:\Users\Admin\AppData\Local\Temp\3a7e2c38496116c8ae8bb719405111b77e7dfdf7399d8550b4dec522a601fac2.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4120

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2656-152-0x0000000000766000-0x0000000000779000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2656-123-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-122-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-124-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-121-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-126-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-125-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-127-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-131-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-132-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-133-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-134-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-130-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-129-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-128-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-135-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-136-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-137-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-138-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-139-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-140-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-142-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-143-0x0000000000766000-0x0000000000779000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2656-145-0x0000000000710000-0x0000000000719000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2656-144-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-141-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-146-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-147-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-148-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2656-120-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-149-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4120-167-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-153-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-151-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-154-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-155-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-157-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-156-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-158-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-159-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-160-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-161-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4120-162-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-163-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-165-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-164-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-166-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-168-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-169-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-170-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-171-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-172-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-173-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-174-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-176-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-175-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-177-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-178-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-179-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-180-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-181-0x0000000077560000-0x00000000776EE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4120-182-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download