Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    113s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/02/2023, 22:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b05e642fdd869ac31678cbe8ec8e869845c5cb9dbc257854efff248f00facae7.exe

  • Size

    181KB

  • MD5

    72dfb8e19ccf73f974818c27ea3e677b

  • SHA1

    8643c2cdf008e5f13bf455ac0ffee3979f6a5219

  • SHA256

    b05e642fdd869ac31678cbe8ec8e869845c5cb9dbc257854efff248f00facae7

  • SHA512

    6dfbda830528be7c09c5057dae62b900d8ce4076bea8eba5a06261266b34bc97ebb29981220c41aaae0a3e0e2339d9d61d235d6575919fa4491a6166fc6f199b

  • SSDEEP

    3072:Xg0ZtvV+5HNO19+VsG+w5p/xvlNrEBPDdIykFewWtDg:B7V0oFgvfEBPDzkY1g

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b05e642fdd869ac31678cbe8ec8e869845c5cb9dbc257854efff248f00facae7.exe
    "C:\Users\Admin\AppData\Local\Temp\b05e642fdd869ac31678cbe8ec8e869845c5cb9dbc257854efff248f00facae7.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2176
  • C:\Users\Admin\AppData\Local\Temp\71B5.exe
    C:\Users\Admin\AppData\Local\Temp\71B5.exe
    1⤵
    • Executes dropped EXE
    PID:4048
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:4328
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:3404
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:1916
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:3972
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:4032
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:4144
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:5032
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:1864
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:1172

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\71B5.exe
                      Filesize

                      4KB

                      MD5

                      9748489855d9dd82ab09da5e3e55b19e

                      SHA1

                      6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                      SHA256

                      05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                      SHA512

                      7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\71B5.exe
                      Filesize

                      4KB

                      MD5

                      9748489855d9dd82ab09da5e3e55b19e

                      SHA1

                      6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                      SHA256

                      05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                      SHA512

                      7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                      Download Submit

                    • memory/1172-519-0x0000000000DA0000-0x0000000000DAB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/1172-518-0x0000000000DB0000-0x0000000000DB8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/1172-526-0x0000000000DB0000-0x0000000000DB8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/1864-443-0x0000000000770000-0x000000000077D000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/1864-442-0x0000000000780000-0x0000000000787000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/1864-523-0x0000000000780000-0x0000000000787000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/1916-358-0x0000000000D80000-0x0000000000D89000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/1916-310-0x0000000000D90000-0x0000000000D95000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/2176-133-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-155-0x0000000000400000-0x0000000000789000-memory.dmp

                      Filesize

                      3.5MB

                      Download

                    • memory/2176-135-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-136-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-137-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-138-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-139-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-140-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-141-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-142-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-143-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-145-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-146-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-147-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-148-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-149-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-150-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-151-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-153-0x0000000000790000-0x000000000083E000-memory.dmp

                      Filesize

                      696KB

                      Download

                    • memory/2176-152-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-154-0x0000000000920000-0x0000000000929000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/2176-134-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-156-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-157-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-158-0x0000000000400000-0x0000000000789000-memory.dmp

                      Filesize

                      3.5MB

                      Download

                    • memory/2176-121-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-132-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-131-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-130-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-120-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-129-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-128-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-127-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-126-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-125-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-124-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-123-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/2176-122-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/3404-520-0x00000000003F0000-0x00000000003F9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3404-185-0x00000000003E0000-0x00000000003EF000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/3404-183-0x00000000003F0000-0x00000000003F9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3972-238-0x0000000000BB0000-0x0000000000BB6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/3972-240-0x0000000000BA0000-0x0000000000BAC000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/3972-521-0x0000000000BB0000-0x0000000000BB6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4032-362-0x0000000000C70000-0x0000000000C97000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/4032-522-0x0000000000CA0000-0x0000000000CC2000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4032-360-0x0000000000CA0000-0x0000000000CC2000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4048-162-0x0000000000E70000-0x0000000000E78000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/4144-447-0x0000000000A10000-0x0000000000A15000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4144-450-0x0000000000A00000-0x0000000000A09000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4144-524-0x0000000000A10000-0x0000000000A15000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4328-193-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-165-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-196-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-192-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-173-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-190-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-191-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-189-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-194-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-172-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-178-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-188-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-305-0x00000000001F0000-0x00000000001F7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4328-171-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-182-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-170-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-356-0x00000000001E0000-0x00000000001EB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4328-184-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-187-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-179-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-168-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-169-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-186-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-167-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-166-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-174-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-176-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-180-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-195-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-164-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-175-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4328-181-0x0000000077840000-0x00000000779CE000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/5032-517-0x00000000009C0000-0x00000000009CB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/5032-515-0x00000000009D0000-0x00000000009D6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/5032-525-0x00000000009D0000-0x00000000009D6000-memory.dmp

                      Filesize

                      24KB

                      Download