Analysis
-
max time kernel
150s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08/09/2022, 12:06
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
General
-
Target
file.exe
-
Size
290KB
-
MD5
60e040fb9d158f64855ada283f365993
-
SHA1
359544fbbea7e11c5fc87e98aa7a1c4a280d75bb
-
SHA256
278112b324b4baf0de15924dd94225df2579d2e5e23a16a270c11e55e5f7384f
-
SHA512
d4e9270050b7704ce5e921f8840e09e4a589e70f019648aca8463ce4d449b2f67c3fd77d9cbd8b866162378d33b87f7f958d8597bd95cb9d2c018b88254a1ba1
-
SSDEEP
6144:UhnkXDKb2qlouDXCLVUOuxZRS0ohly5myleAWLYluevu9pNw9:LXE2qlouWOOuxZwM5mydcY4em97
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1720-56-0x00000000001B0000-0x00000000001B9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1720 file.exe 1720 file.exe 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found 1260 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1720 file.exe