Analysis
-
max time kernel
150s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26-09-2022 19:17
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
file.exe
-
Size
129KB
-
MD5
aaad2400aaa4544edf9ea75c189a3c55
-
SHA1
bdc023a1fcbe414c255e855832c3a68c1f6bb9f2
-
SHA256
d3a12feea2622c04f5b6e8dc9619aef38e1937ffbc998daba56eae0fb299b0ab
-
SHA512
526d10a5807e7bdcaff3175dba0e7b29b84038f281ed837f0f2cd1835c938d4b2eb819374bd7f09c1511132439eeb3b88dd8314c0282af6433d84baebd5a1dfa
-
SSDEEP
3072:tgp0T55r4KL8Tliv7ZLmBj+j9GSjyneRqdhvU5B:yO4QuW7Us5GYRsN
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1576-56-0x0000000000220000-0x0000000000229000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1576 file.exe 1576 file.exe 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1576 file.exe