General
-
Target
cc3aaba428a1c44fe66637a0a8cdb6e8d83754a158f24b2ef715120bcb143b2e
-
Size
333KB
-
Sample
220126-rys6qsech9
-
MD5
255f22042f10c16c999fa284e1fed1bb
-
SHA1
e1dbbf99d89203a1c908a081e207e905ebddd4fd
-
SHA256
cc3aaba428a1c44fe66637a0a8cdb6e8d83754a158f24b2ef715120bcb143b2e
-
SHA512
5787b0132c1507f586571bc33c29fb183d3f34e744dc75d3fdf2fdf92f121dcbd02dac4d495eed01c578a438ae7fb4844d8dc1971389ccbcb3e652916bc97657
Static task
static1
Behavioral task
behavioral1
Sample
cc3aaba428a1c44fe66637a0a8cdb6e8d83754a158f24b2ef715120bcb143b2e.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
smokeloader
2020
http://abpa.at/upload/
http://emaratghajari.com/upload/
http://d7qw.cn/upload/
http://alumik-group.ru/upload/
http://zamkikurgan.ru/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
cc3aaba428a1c44fe66637a0a8cdb6e8d83754a158f24b2ef715120bcb143b2e
-
Size
333KB
-
MD5
255f22042f10c16c999fa284e1fed1bb
-
SHA1
e1dbbf99d89203a1c908a081e207e905ebddd4fd
-
SHA256
cc3aaba428a1c44fe66637a0a8cdb6e8d83754a158f24b2ef715120bcb143b2e
-
SHA512
5787b0132c1507f586571bc33c29fb183d3f34e744dc75d3fdf2fdf92f121dcbd02dac4d495eed01c578a438ae7fb4844d8dc1971389ccbcb3e652916bc97657
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-