Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04/10/2022, 23:23
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
file.exe
-
Size
266KB
-
MD5
33f4ba2a8c368a2d835b701879cf47f4
-
SHA1
ef00a2efec08d9a4484c681c0f27f77b17795ebb
-
SHA256
2d856cad166f69421da2db2d41ec22f3ca09df54f8dd8b5f4454113379625ac2
-
SHA512
d0d557dbd0bc5b46527c9bb0a8c1ea9adb6c89bda9da491562db9804b433d6991f8dc813a7768965cc15bfcb30ff5ec420c4f439702ab5654323751b54021d59
-
SSDEEP
3072:aXhOgpITLrGNQ0n/SU5IAgGd8gPy1e48aeuJVtFWrxpzbgqru1hpZa9uD6VdyhkT:6bmLN0nMBI8h5Je4Tuzbgwu1hwVf
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1092-56-0x0000000000220000-0x0000000000229000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1092 file.exe 1092 file.exe 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found 1276 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1092 file.exe