Overview

overview

10

Static

static

e882606b1e...5f.exe

windows7-x64

10

e882606b1e...5f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2022, 08:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e882606b1eb0719832fabbe3cae84d5f.exe

  • Size

    134KB

  • MD5

    e882606b1eb0719832fabbe3cae84d5f

  • SHA1

    f404b58807ab7a37007d00c7f480dd1d6d07153f

  • SHA256

    6a7d48f08212a61d9fc4202234cd290a42fdd8eebbb53d90c57dc971a159caf3

  • SHA512

    8a432410bbb4f4174a05798c945799d6b09c38e77c6c337f857bfb8c191ce0fb74a6d11bb544ed4c6b66a23938022c30616638cfddbfbf625f09bfffac912a23

  • SSDEEP

    3072:3l204dRK18bt4fjsa3TEaQ6F8j3D5uEG:jT1eKflLQzjduE

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e882606b1eb0719832fabbe3cae84d5f.exe
    "C:\Users\Admin\AppData\Local\Temp\e882606b1eb0719832fabbe3cae84d5f.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4940
  • C:\Users\Admin\AppData\Local\Temp\388F.exe
    C:\Users\Admin\AppData\Local\Temp\388F.exe
    1⤵
    • Executes dropped EXE
    PID:4456
  • C:\Users\Admin\AppData\Local\Temp\47A4.exe
    C:\Users\Admin\AppData\Local\Temp\47A4.exe
    1⤵
    • Executes dropped EXE
    PID:1540
  • C:\Users\Admin\AppData\Local\Temp\57D1.exe
    C:\Users\Admin\AppData\Local\Temp\57D1.exe
    1⤵
    • Executes dropped EXE
    PID:1996

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\388F.exe
    Filesize

    466KB

    MD5

    2955a7fdcda8c0768d106b135a352173

    SHA1

    1de1f74183421d4f811af2dc469840c8d266eec9

    SHA256

    3238f627cf753b195a814ad7a01bd16fa13616802e39f48a981c5c8703a2ff6f

    SHA512

    c87bf10bc4eaaa912a74da441c3a3894535e54764e60a76c505c628e70e35822fcbe147aaabd117ddacbc88294ad16243c7f721400ac64178681633db8898bbb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\47A4.exe
    Filesize

    315KB

    MD5

    6b6cf541f7e8d8a4973afb7f212c9ddc

    SHA1

    a7f1a3671295ce9016edf7f660c23f3ecf890e79

    SHA256

    6398a682b929077fa895ca80e77f5ada30103387b76cb0021712e33ab8122dde

    SHA512

    e3faa66f1feb93129e56937a0e232728ece6a1f17e36b8dd8baef94e4279e6f3cce00304711a64b2f8b74314699c2943de3ccd49a709f45d0934749b78485791

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\47A4.exe
    Filesize

    315KB

    MD5

    6b6cf541f7e8d8a4973afb7f212c9ddc

    SHA1

    a7f1a3671295ce9016edf7f660c23f3ecf890e79

    SHA256

    6398a682b929077fa895ca80e77f5ada30103387b76cb0021712e33ab8122dde

    SHA512

    e3faa66f1feb93129e56937a0e232728ece6a1f17e36b8dd8baef94e4279e6f3cce00304711a64b2f8b74314699c2943de3ccd49a709f45d0934749b78485791

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\57D1.exe
    Filesize

    4.3MB

    MD5

    06a1dc7aae769814998f99c0bca5ea41

    SHA1

    81ea40089386bffadd0e0a6bb780b7ddd4dc71a9

    SHA256

    ed14ed57c0a785e01024deffe5a05a79ed9d61a21c58ea8be136c79d31e2daa6

    SHA512

    aa4a4f8cfe7d7e68c6751e518763cbc509a7ba31699dc7541104170af1a19b439e9ae687d92c8b09450088317e58b5fc78b921646ddba0a28b1f080b7190f65b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\57D1.exe
    Filesize

    4.3MB

    MD5

    06a1dc7aae769814998f99c0bca5ea41

    SHA1

    81ea40089386bffadd0e0a6bb780b7ddd4dc71a9

    SHA256

    ed14ed57c0a785e01024deffe5a05a79ed9d61a21c58ea8be136c79d31e2daa6

    SHA512

    aa4a4f8cfe7d7e68c6751e518763cbc509a7ba31699dc7541104170af1a19b439e9ae687d92c8b09450088317e58b5fc78b921646ddba0a28b1f080b7190f65b

    Download Submit

  • memory/4940-132-0x00000000007AD000-0x00000000007BE000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4940-133-0x00000000006D0000-0x00000000006D9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4940-134-0x0000000000400000-0x000000000057F000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4940-135-0x0000000000400000-0x000000000057F000-memory.dmp

    Filesize

    1.5MB

    Download