Analysis
-
max time kernel
178s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2022, 17:52
Static task
static1
Behavioral task
behavioral1
Sample
4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416.exe
-
Size
216KB
-
MD5
24e158ae7733817d2f4fa84a000bb8b5
-
SHA1
cd4b002c5cf9f7f6ff75cf2d649e690dd30daef3
-
SHA256
4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416
-
SHA512
22f08cb0f3a706318859574c677cafc19bd7e5b000d9edfe9825906d9298eac0e8cf90d8f5a53b7a7010f8be4d89dd9cb52becf3acaaa99a60c24bc8bd34a466
-
SSDEEP
3072:mO4PKUZEzLtpL3lguaNt828dRU3QiaURaAWRhm6/5WxovELO:m4jLrL3/aOdRMVRJWRzlcL
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1528-133-0x0000000000620000-0x0000000000629000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1528 4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416.exe 1528 4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416.exe 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found 2976 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2976 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1528 4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416.exe"C:\Users\Admin\AppData\Local\Temp\4d79d8b2957bf4c6b2f9023f60ec5908a55daf91b7a747eb472b3d0a62028416.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1528