Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

c3b0bf7d0c...49.exe

windows7-x64

10

c3b0bf7d0c...49.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2022, 07:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3b0bf7d0c11b5b2cf88a5a05879c649.exe

  • Size

    146KB

  • MD5

    c3b0bf7d0c11b5b2cf88a5a05879c649

  • SHA1

    063791ec150bdc93c5af7768cc0deabec1aafebc

  • SHA256

    53e91aa8e47dc26f0289b1800aa76bafe0b8274e99585d91e2da679d8353d6a3

  • SHA512

    f0bd7f97b1c1be55da42a8c5eb644330806c7021765c78ae0780374ce02432334d3379b1198d0590a1ea2fd3bc43fcc0c713a06a9a5d3be9fc5d4fe4e8ab6416

  • SSDEEP

    1536:aJ2AD/fxK+FT+BN2++t4Bj8BkzCTl8XYiDraPCMu1iP+oo3r0ov1piQOuwluhOi:aJ2ADBlb++GB/2Tl8kCfXRZ4uhO

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3b0bf7d0c11b5b2cf88a5a05879c649.exe
    "C:\Users\Admin\AppData\Local\Temp\c3b0bf7d0c11b5b2cf88a5a05879c649.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4328
  • C:\Users\Admin\AppData\Local\Temp\2693.exe
    C:\Users\Admin\AppData\Local\Temp\2693.exe
    1⤵
    • Executes dropped EXE
    PID:2932
  • C:\Users\Admin\AppData\Local\Temp\2B08.exe
    C:\Users\Admin\AppData\Local\Temp\2B08.exe
    1⤵
    • Executes dropped EXE
    PID:380
  • C:\Users\Admin\AppData\Local\Temp\33A5.exe
    C:\Users\Admin\AppData\Local\Temp\33A5.exe
    1⤵
    • Executes dropped EXE
    PID:1408
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:2776
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:944
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:1404
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:548
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:3128
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:4048
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:4476
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:1572
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:4364

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\2693.exe
                      Filesize

                      316KB

                      MD5

                      27cdcc66310e8a239ef822684833efd2

                      SHA1

                      7f3e3055ba30047819094b0121b316d9364e2707

                      SHA256

                      07c94a43d67cc347c043105b104a8ccc57eb97f7ffe4f5114ea6c13dcf07aba2

                      SHA512

                      6b0e4811dba1fd6afab3a074da9a440bd318f5eb74ab48cb8d57913c410115e6811f51dc5f3bd04240821dcee84db772accf3af858ab0db18e6dcd9ef2de9a54

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\2693.exe
                      Filesize

                      316KB

                      MD5

                      27cdcc66310e8a239ef822684833efd2

                      SHA1

                      7f3e3055ba30047819094b0121b316d9364e2707

                      SHA256

                      07c94a43d67cc347c043105b104a8ccc57eb97f7ffe4f5114ea6c13dcf07aba2

                      SHA512

                      6b0e4811dba1fd6afab3a074da9a440bd318f5eb74ab48cb8d57913c410115e6811f51dc5f3bd04240821dcee84db772accf3af858ab0db18e6dcd9ef2de9a54

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\2B08.exe
                      Filesize

                      363KB

                      MD5

                      e292a6cbeb112872c04796311b52ae30

                      SHA1

                      8ecefecab9231e42429a33256f5db84eff302948

                      SHA256

                      39c4fa10490d1f6e5f909786dee9ab0d8e8eb79bb04a9c541d2209224367ad16

                      SHA512

                      c506b3c796d99f8fb3e70d36596720bd1a6328a653c77769e20cbb358da122e576d72518508f63217e80985eb9abaa79abaa681312e9100445e391828029577e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\2B08.exe
                      Filesize

                      363KB

                      MD5

                      e292a6cbeb112872c04796311b52ae30

                      SHA1

                      8ecefecab9231e42429a33256f5db84eff302948

                      SHA256

                      39c4fa10490d1f6e5f909786dee9ab0d8e8eb79bb04a9c541d2209224367ad16

                      SHA512

                      c506b3c796d99f8fb3e70d36596720bd1a6328a653c77769e20cbb358da122e576d72518508f63217e80985eb9abaa79abaa681312e9100445e391828029577e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\33A5.exe
                      Filesize

                      363KB

                      MD5

                      ad170ecbf3579649162c3cb67d398672

                      SHA1

                      838306ef60ae4286030be9b395c866abd0c8ff47

                      SHA256

                      5e924125ff6aeb76684f4fb7f578c6d9278b243ed18e9a9eff8b2b28045ec5a5

                      SHA512

                      83a5511b668f49d4361a4a9dd5c8944c6395504f8f31c3a0ab94a9ea1d75d4b17c72c433c53d73cd9dfbb641c34b2741ef15474bacc7c6728e889511ffafc185

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\33A5.exe
                      Filesize

                      363KB

                      MD5

                      ad170ecbf3579649162c3cb67d398672

                      SHA1

                      838306ef60ae4286030be9b395c866abd0c8ff47

                      SHA256

                      5e924125ff6aeb76684f4fb7f578c6d9278b243ed18e9a9eff8b2b28045ec5a5

                      SHA512

                      83a5511b668f49d4361a4a9dd5c8944c6395504f8f31c3a0ab94a9ea1d75d4b17c72c433c53d73cd9dfbb641c34b2741ef15474bacc7c6728e889511ffafc185

                      Download Submit

                    • memory/548-156-0x0000000000DE0000-0x0000000000DEC000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/548-155-0x0000000000DF0000-0x0000000000DF6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/944-173-0x00000000001F0000-0x00000000001F9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/944-149-0x00000000001F0000-0x00000000001F9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/944-150-0x00000000001E0000-0x00000000001EF000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/1404-174-0x0000000000E90000-0x0000000000E95000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/1404-153-0x0000000000E80000-0x0000000000E89000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/1404-152-0x0000000000E90000-0x0000000000E95000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/1572-167-0x00000000009D0000-0x00000000009D7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/1572-168-0x00000000009C0000-0x00000000009CD000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/1572-178-0x00000000009D0000-0x00000000009D7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/2776-146-0x0000000000AD0000-0x0000000000AD7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/2776-147-0x0000000000AC0000-0x0000000000ACB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/2776-172-0x0000000000AD0000-0x0000000000AD7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/3128-158-0x0000000001200000-0x0000000001222000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/3128-159-0x0000000000FD0000-0x0000000000FF7000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/3128-175-0x0000000001200000-0x0000000001222000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4048-162-0x0000000000A40000-0x0000000000A49000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4048-176-0x0000000000A50000-0x0000000000A55000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4048-161-0x0000000000A50000-0x0000000000A55000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4328-133-0x0000000002180000-0x0000000002189000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4328-132-0x000000000067D000-0x000000000068E000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/4328-134-0x0000000000400000-0x0000000000581000-memory.dmp

                      Filesize

                      1.5MB

                      Download

                    • memory/4328-135-0x0000000000400000-0x0000000000581000-memory.dmp

                      Filesize

                      1.5MB

                      Download

                    • memory/4364-170-0x0000000001030000-0x0000000001038000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/4364-171-0x0000000001020000-0x000000000102B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4364-179-0x0000000001030000-0x0000000001038000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/4476-165-0x0000000000BC0000-0x0000000000BCB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4476-164-0x0000000000BD0000-0x0000000000BD6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4476-177-0x0000000000BD0000-0x0000000000BD6000-memory.dmp

                      Filesize

                      24KB

                      Download