Analysis
-
max time kernel
75s -
max time network
136s -
platform
windows10_x64 -
resource
win10 -
submitted
17-06-2020 16:17
Static task
static1
Behavioral task
behavioral1
Sample
2c99759a02ca32d1a7e8afa09130633f.exe
Resource
win7
Behavioral task
behavioral2
Sample
2c99759a02ca32d1a7e8afa09130633f.exe
Resource
win10
General
-
Target
2c99759a02ca32d1a7e8afa09130633f.exe
-
Size
237KB
-
MD5
2c99759a02ca32d1a7e8afa09130633f
-
SHA1
ddf98971664eb7b554c86b4ab2e2ba7d469f893c
-
SHA256
b65806521aa662bff2c655c8a7a3b6c8e598d709e35f3390df880a70c3fded40
-
SHA512
89df4e78c583f409beb3dde03a4e439ba52676dc8ecacd02271d2c30e3fc151c677446652cb7ec7a080c4c00dfc80d63fbdfb369b25deace1752d77b93310dcc
Malware Config
Extracted
smokeloader
2018
http://ukcompany.me/
http://ukcompany.pw/
http://ukcompany.top/
Signatures
-
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
2c99759a02ca32d1a7e8afa09130633f.exepid process 3060 2c99759a02ca32d1a7e8afa09130633f.exe 3060 2c99759a02ca32d1a7e8afa09130633f.exe -
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
2c99759a02ca32d1a7e8afa09130633f.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum 2c99759a02ca32d1a7e8afa09130633f.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum\0 2c99759a02ca32d1a7e8afa09130633f.exe -
SmokeLoader
Modular backdoor trojan in use since 2014.