Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27/09/2022, 10:27
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
file.exe
-
Size
317KB
-
MD5
0cbbefce32c6a5f8bcf9a9dcf1529418
-
SHA1
ab005cfde1cc3a3c6a150d90e77fe34771408485
-
SHA256
0b4f9c87667c6b21e1302efc0c1b434afbca4fad31428bd30ccb3e48453968e2
-
SHA512
984731950bcd16b97fa064e58aa29d7c8043b9c453484d9a188b1a3e2025b1535f8ae55b4f3dc70e8f10c28f556189d4eab6e9b3f6293b8a68d7edf3bc4e03a7
-
SSDEEP
6144:xVQkGOjOwsz4uwN38Fy0wzgonigabwVf:xVlGOhuwAZoi
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral2/memory/4456-133-0x0000000000520000-0x0000000000529000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4456 file.exe 4456 file.exe 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found 2804 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2804 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 4456 file.exe