Analysis
-
max time kernel
150s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
28/09/2022, 20:52
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
13 signatures
150 seconds
General
-
Target
file.exe
-
Size
270KB
-
MD5
8e585d7c9fcc8aef9ab94febdc17de82
-
SHA1
df345a065922b89243780b45d5fd8769a7e7b24c
-
SHA256
a6650e8e5968e516505133725bc634c8d524c925bed6de04b068f0f25d469d2b
-
SHA512
060a11693aa56a03ccc71a54b246264e87c5ce207cbd2dd75fc0e4667f238fa4a9ac163f59b9f7060e0a26b65a8bea81325f48f42785f480ac76b034c5d03f07
-
SSDEEP
3072:EXhklC/qA0TAJ5MD4/Mb5pBMEcTTvrZakX+cePKOG7xysxkgaBChUpZa9uD6VdyE:A+l3cJ5S46YTQk7eKxviga3wVfg
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/932-57-0x0000000000220000-0x0000000000229000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 932 file.exe 932 file.exe 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found 1208 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 932 file.exe