Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
28/09/2022, 03:59
Static task
static1
Behavioral task
behavioral1
Sample
0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5.exe
-
Size
326KB
-
MD5
eb4af4b9187c97d4b11418bc2ee693b6
-
SHA1
0d21e00d3754179827e9cb26db3ed8c5eee48865
-
SHA256
0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5
-
SHA512
efb5a764672a5bc354539ef421232a82be5ef53ff903684407fba9dcf431bdd6eaff2f4e454f6454354c619fda74d47140c2d1055cb4300055916a909a8404bf
-
SSDEEP
6144:1jq3HLYcO94uF3O4eOi9Oi0A21BnigabwVfsP:1jq7Y594ulNsAniBP
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/4756-133-0x00000000004D0000-0x00000000004D9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4756 0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5.exe 4756 0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5.exe 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found 3044 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3044 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 4756 0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5.exe"C:\Users\Admin\AppData\Local\Temp\0cef16e2ddac546d51cc980104078aad9b4128224140028a38a594120f13b3d5.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4756