Analysis
-
max time kernel
150s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06/10/2022, 07:01
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
file.exe
-
Size
146KB
-
MD5
388c7aa91556f342dac1ec505201674b
-
SHA1
d585fd0f7edddb89565dad9fe0788788588151d7
-
SHA256
ab6c7a79e5349bf7a41ece9b0616086c8ca6ef2feab0a0c08cd6283c7cb2f017
-
SHA512
2050715840518d3dc282f273fa764bd498ad3597d144ff262673f285131da753599ce418f67a33e78662724cc6bc2476af805bf315bc3e7267ad3caaec2d5b74
-
SSDEEP
3072:dI2MyC++Oy8CLxpFM1xhiwOIrfiXXTQ8gQJ4I/O:2UcJxpwKuOnTQ8gBI/
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral2/memory/4664-133-0x0000000000740000-0x0000000000749000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4664 file.exe 4664 file.exe 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found 2712 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2712 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 4664 file.exe