Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
10/09/2022, 10:11
Static task
static1
Behavioral task
behavioral1
Sample
abd6cd3cfb180beacd03e0a97a2d7547.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
abd6cd3cfb180beacd03e0a97a2d7547.exe
Resource
win10v2004-20220812-en
General
-
Target
abd6cd3cfb180beacd03e0a97a2d7547.exe
-
Size
275KB
-
MD5
abd6cd3cfb180beacd03e0a97a2d7547
-
SHA1
40957e0425ebc0f02dd10437ad020a341aa87aed
-
SHA256
585a35f120f39562e9acba6c1dfbf18ff814cf4c59254499b75790665dc749e7
-
SHA512
bf6f7cc14b789a8a6fa522fdefef48035730e6d97fea3760e162681a44b83686a97f7758b101732ef30c3d3944b534afbd59c3bdad7c5a8fa003b19b1ca5d23f
-
SSDEEP
6144:pEE2kMZFfyDuL9vG08X/aNJ39IYQVsCX69YHZV/lghR:yE2/Ffy65O08X/aNJ39ITsCXF5PgP
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1096-57-0x00000000003A0000-0x00000000003A9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI abd6cd3cfb180beacd03e0a97a2d7547.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI abd6cd3cfb180beacd03e0a97a2d7547.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI abd6cd3cfb180beacd03e0a97a2d7547.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1096 abd6cd3cfb180beacd03e0a97a2d7547.exe 1096 abd6cd3cfb180beacd03e0a97a2d7547.exe 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1096 abd6cd3cfb180beacd03e0a97a2d7547.exe