General
-
Target
9e6e122e4798d36ef04fa932941a529214294b4707c4c4432b3952efc1297937
-
Size
188KB
-
Sample
220127-tw5g4agce5
-
MD5
147a520cda06d08b58f84abbed5381b6
-
SHA1
6e6f39764b253c7e02b2c533463199d59ab6517f
-
SHA256
9e6e122e4798d36ef04fa932941a529214294b4707c4c4432b3952efc1297937
-
SHA512
6a2b7e1e612ed8e96ae09b21d1db9cb1ebddc630a14e7dc16ad249271f68bae4e4f9f491ec305c5cc799f3d90855dc19ed2d13974facd128300a3d8b9e117d3d
Static task
static1
Behavioral task
behavioral1
Sample
9e6e122e4798d36ef04fa932941a529214294b4707c4c4432b3952efc1297937.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
smokeloader
2020
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
9e6e122e4798d36ef04fa932941a529214294b4707c4c4432b3952efc1297937
-
Size
188KB
-
MD5
147a520cda06d08b58f84abbed5381b6
-
SHA1
6e6f39764b253c7e02b2c533463199d59ab6517f
-
SHA256
9e6e122e4798d36ef04fa932941a529214294b4707c4c4432b3952efc1297937
-
SHA512
6a2b7e1e612ed8e96ae09b21d1db9cb1ebddc630a14e7dc16ad249271f68bae4e4f9f491ec305c5cc799f3d90855dc19ed2d13974facd128300a3d8b9e117d3d
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-