Analysis
-
max time kernel
13s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-12-2020 08:26
Static task
static1
Behavioral task
behavioral1
Sample
d92882345373d476c839231ec52d8047.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
d92882345373d476c839231ec52d8047.exe
Resource
win10v20201028
General
-
Target
d92882345373d476c839231ec52d8047.exe
-
Size
32KB
-
MD5
d92882345373d476c839231ec52d8047
-
SHA1
5dc2c5996e4570feb0ea9ba323c8c8bb07d1a889
-
SHA256
c390f1f12cf19aa6e9cd4745f24453f6321e5baaa061e6af1769aa90e8e86fe4
-
SHA512
a198d70b9f6820bef83d3ef59bb36ce994d8a0bd1b93d79063843bbe1ade5a05c6651ccf6172ecd39b1dcbe7e0ee30384570907bba03010cc8ee57881aac48f1
Malware Config
Extracted
smokeloader
2018
http://vipengland.com/2/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
d92882345373d476c839231ec52d8047.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum\0 d92882345373d476c839231ec52d8047.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum d92882345373d476c839231ec52d8047.exe -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
d92882345373d476c839231ec52d8047.exepid process 3008 d92882345373d476c839231ec52d8047.exe 3008 d92882345373d476c839231ec52d8047.exe