Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2022, 14:55
Static task
static1
Behavioral task
behavioral1
Sample
6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0.exe
-
Size
201KB
-
MD5
f8df6dd7832acb30157dde23558cc8b3
-
SHA1
f39d046cd9d12f5d88d675449cf863cd8e91d8f0
-
SHA256
6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0
-
SHA512
3a09810d39601675606cb3c0e993ccb87e0ba8a2397d1952643216389351262028f7d3eec9f32c6e006243a0f9c54292cfacb3bc9e0580a186fa4c28adb34ed2
-
SSDEEP
3072:B6mVwTFMQj5331m8ba6PjFT7yMwfC6Dpj1BLVvMx/PkzXx:A2C4p0jFyNjX
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/3196-133-0x0000000000720000-0x0000000000729000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3196 6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0.exe 3196 6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0.exe 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found 2984 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2984 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 3196 6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0.exe"C:\Users\Admin\AppData\Local\Temp\6cc3947d9a355c3aedf0d96fab15dc200a1f01fdf2260169190f90d94101c1c0.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3196