Analysis
-
max time kernel
152s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
08-09-2022 10:01
Static task
static1
Behavioral task
behavioral1
Sample
103096543f30959753a10629fb595442.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
103096543f30959753a10629fb595442.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
103096543f30959753a10629fb595442.exe
-
Size
275KB
-
MD5
103096543f30959753a10629fb595442
-
SHA1
b596e2b86b4bad3d932668fc75bf48f206819a23
-
SHA256
438c244c741ccdb5e904027ba6879d37584b2ffd427dc0dc6a852f910ba3598f
-
SHA512
1cef0ba708d32232aaf26b5b6c2b72b8a69133af9e8bd77c19e9fae738cf7f6f226aa91e022921415f424f558f253bc23044ba8e5f4709b2697cfe122b46b2b3
-
SSDEEP
6144:CPGgN0L7ODJEe07kfiUwDiw5prmJC1LHc/AKZrnH4iw3enGTi3:VgNwOVtSkfiUwDiw5prd1LHyxH4Ih
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1700-56-0x0000000000220000-0x0000000000229000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 103096543f30959753a10629fb595442.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 103096543f30959753a10629fb595442.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 103096543f30959753a10629fb595442.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1700 103096543f30959753a10629fb595442.exe 1700 103096543f30959753a10629fb595442.exe 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1208 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1700 103096543f30959753a10629fb595442.exe