Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    59s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/02/2023, 03:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    344a4c4462ceaf3c4fe5834bc833d4039e287a1f23abe77eb12a991ee4210948.exe

  • Size

    204KB

  • MD5

    37259045d151e550432de1709310c2f5

  • SHA1

    1bf0dd3779825e9a3978e6a7abd186ba86858529

  • SHA256

    344a4c4462ceaf3c4fe5834bc833d4039e287a1f23abe77eb12a991ee4210948

  • SHA512

    0e3c98580564c197e533eb5deda52eecbfa00260c5ab2a4297218fa1ff6fae9c64714c0ab187ed69cd9788242d42a6767b3e8754512e14d6c78c7313de0bf45f

  • SSDEEP

    3072:rYkUfrqMFYMoVONClgp9yQFr/jswFJu71hb1OchSeo0Alp3B9Ejp/reLzQ:EHfrqQNmw0QOwjYf1OchSeo0Alyjpi

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 4 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\344a4c4462ceaf3c4fe5834bc833d4039e287a1f23abe77eb12a991ee4210948.exe
    "C:\Users\Admin\AppData\Local\Temp\344a4c4462ceaf3c4fe5834bc833d4039e287a1f23abe77eb12a991ee4210948.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Users\Admin\AppData\Local\Temp\344a4c4462ceaf3c4fe5834bc833d4039e287a1f23abe77eb12a991ee4210948.exe
      "C:\Users\Admin\AppData\Local\Temp\344a4c4462ceaf3c4fe5834bc833d4039e287a1f23abe77eb12a991ee4210948.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:3304

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2656-120-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-121-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-122-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-124-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-123-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-126-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-125-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-127-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-128-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-129-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-131-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-132-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-133-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-130-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-134-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-135-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-136-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-137-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-138-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-139-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-140-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-141-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-142-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-143-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-144-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-146-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-148-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-149-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-151-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-150-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-147-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-145-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-153-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-154-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-155-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-156-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2656-157-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-160-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-161-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-158-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3304-163-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-165-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-164-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-166-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-167-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-162-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-169-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3304-168-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-170-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-171-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-172-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-174-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-173-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-175-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-176-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-177-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-178-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-179-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-180-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-181-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-182-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-183-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-184-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-185-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-186-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3304-190-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download