Analysis
-
max time kernel
151s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02/10/2022, 21:02
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
file.exe
-
Size
133KB
-
MD5
a5da3cf5fdba141e6d2244547b94aa7b
-
SHA1
0fae1422d47917a94630bd31f205f74a4c8e2164
-
SHA256
dae958ad23e9057acf0dbea40744cc120a64272e75a78640321fe46a7242f4ba
-
SHA512
b9b7682ef640ff3e8e275d82f18983886e4108904571511a8cc5ca819d0ca3539ebde24becbc570a0b0b677654a34461f28765639c16708db5d48d2cbd4a08dc
-
SSDEEP
1536:37NR/YprrsbORrXSsU//10QwM/grzgkIGPZ9ljBjIA7mobTjMhjdqxsu7m9:37fuyORFyTwegrzgkTXldjIuM/ql7m9
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1952-56-0x00000000001B0000-0x00000000001B9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1952 file.exe 1952 file.exe 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found 1212 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1952 file.exe