Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/02/2023, 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b.exe

  • Size

    193KB

  • MD5

    955226b512ca0f7eed2e9cbcbb426b5f

  • SHA1

    dedb3a694680d09945ed510a37999fae02c2ad0b

  • SHA256

    9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b

  • SHA512

    f733d7885af68c6dcfdd987f6da913647f1db27701a13853bb3e533e3d1f451c1e9548f6655aac6d3870216a3d798aa6d21b5f9136fd703acb0bf3e22e546e5a

  • SSDEEP

    3072:rhNoc+LSCON5aeuY2n15TZvY1EZbsIQ/K9rpqmbCIfm9EHVW4k:qLvOaHYg1VVgE8/K9omAEHVRk

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 20 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b.exe
    "C:\Users\Admin\AppData\Local\Temp\9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4912
  • C:\Users\Admin\AppData\Local\Temp\1CB0.exe
    C:\Users\Admin\AppData\Local\Temp\1CB0.exe
    1⤵
    • Executes dropped EXE
    PID:4708
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:4064
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:4200
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:3900
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:3724
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:4544
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:3496
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:4376
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:3392
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:4560
                    • C:\Users\Admin\AppData\Roaming\sjuhcbj
                      C:\Users\Admin\AppData\Roaming\sjuhcbj
                      1⤵
                      • Executes dropped EXE
                      • Checks SCSI registry key(s)
                      • Suspicious behavior: MapViewOfSection
                      PID:2272

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\1CB0.exe
                      Filesize

                      4KB

                      MD5

                      9748489855d9dd82ab09da5e3e55b19e

                      SHA1

                      6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                      SHA256

                      05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                      SHA512

                      7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\1CB0.exe
                      Filesize

                      4KB

                      MD5

                      9748489855d9dd82ab09da5e3e55b19e

                      SHA1

                      6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                      SHA256

                      05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                      SHA512

                      7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\sjuhcbj
                      Filesize

                      193KB

                      MD5

                      955226b512ca0f7eed2e9cbcbb426b5f

                      SHA1

                      dedb3a694680d09945ed510a37999fae02c2ad0b

                      SHA256

                      9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b

                      SHA512

                      f733d7885af68c6dcfdd987f6da913647f1db27701a13853bb3e533e3d1f451c1e9548f6655aac6d3870216a3d798aa6d21b5f9136fd703acb0bf3e22e546e5a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\sjuhcbj
                      Filesize

                      193KB

                      MD5

                      955226b512ca0f7eed2e9cbcbb426b5f

                      SHA1

                      dedb3a694680d09945ed510a37999fae02c2ad0b

                      SHA256

                      9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b

                      SHA512

                      f733d7885af68c6dcfdd987f6da913647f1db27701a13853bb3e533e3d1f451c1e9548f6655aac6d3870216a3d798aa6d21b5f9136fd703acb0bf3e22e546e5a

                      Download Submit

                    • memory/2272-176-0x000000000099F000-0x00000000009B5000-memory.dmp

                      Filesize

                      88KB

                      Download

                    • memory/2272-181-0x0000000000400000-0x000000000074E000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/2272-177-0x0000000000400000-0x000000000074E000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/3392-163-0x0000000000780000-0x0000000000787000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/3392-179-0x0000000000780000-0x0000000000787000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/3392-164-0x0000000000770000-0x000000000077D000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/3496-175-0x0000000000850000-0x0000000000855000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/3496-158-0x0000000000840000-0x0000000000849000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3496-157-0x0000000000850000-0x0000000000855000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/3724-171-0x00000000005B0000-0x00000000005B6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/3724-151-0x00000000005B0000-0x00000000005B6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/3724-152-0x00000000005A0000-0x00000000005AC000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/3900-170-0x00000000007F0000-0x00000000007F5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/3900-149-0x00000000007E0000-0x00000000007E9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3900-148-0x00000000007F0000-0x00000000007F5000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4064-168-0x0000000000320000-0x0000000000327000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4064-143-0x0000000000310000-0x000000000031B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4064-142-0x0000000000320000-0x0000000000327000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4200-145-0x0000000000DF0000-0x0000000000DF9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4200-169-0x0000000000DF0000-0x0000000000DF9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4200-146-0x0000000000DE0000-0x0000000000DEF000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/4376-161-0x0000000000720000-0x000000000072B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4376-160-0x0000000000730000-0x0000000000736000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4376-178-0x0000000000730000-0x0000000000736000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4544-155-0x0000000001020000-0x0000000001047000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/4544-154-0x0000000001050000-0x0000000001072000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4544-174-0x0000000001050000-0x0000000001072000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4560-167-0x0000000001020000-0x000000000102B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4560-166-0x0000000001030000-0x0000000001038000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/4560-180-0x0000000001030000-0x0000000001038000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/4708-140-0x00007FFDFA820000-0x00007FFDFB2E1000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/4708-139-0x0000000000BC0000-0x0000000000BC8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/4912-132-0x000000000086E000-0x0000000000883000-memory.dmp

                      Filesize

                      84KB

                      Download

                    • memory/4912-135-0x0000000000400000-0x000000000074E000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/4912-134-0x0000000000400000-0x000000000074E000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/4912-133-0x0000000000810000-0x0000000000819000-memory.dmp

                      Filesize

                      36KB

                      Download