Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

f11571cfbd...f6.exe

windows7-x64

10

f11571cfbd...f6.exe

windows10-2004-x64

10

Resubmissions

14/10/2022, 23:58

221014-31g22aegf9 10

14/10/2022, 23:21

221014-3b92hsehbn 10

Analysis

  • max time kernel
    151s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2022, 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f11571cfbdb3a9e3bec31b8d95c61345a9f5db1e01b176db6b5acf01bd2bf7f6.exe

  • Size

    215KB

  • MD5

    97d58537589e3a7dc3acf4122eb5da32

  • SHA1

    a9cf2f95373f375c93fda6efd6be4e7a9f51f5bb

  • SHA256

    f11571cfbdb3a9e3bec31b8d95c61345a9f5db1e01b176db6b5acf01bd2bf7f6

  • SHA512

    cca1ca24c0c875352d20d3ccb9038889cc9e14be42bd430ea84005f06f628bf10175063fd0d2d48990e821a54421302f8de6216283f38c574ae2fa002c4335ad

  • SSDEEP

    3072:QPIPq2ZEwvyeeL/i5nkFBt8WGzS5z8EnKH1b6bCXk373fO:QrmYL/iZCH8EEObCXk3r

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f11571cfbdb3a9e3bec31b8d95c61345a9f5db1e01b176db6b5acf01bd2bf7f6.exe
    "C:\Users\Admin\AppData\Local\Temp\f11571cfbdb3a9e3bec31b8d95c61345a9f5db1e01b176db6b5acf01bd2bf7f6.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1964

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1964-54-0x0000000076411000-0x0000000076413000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1964-55-0x000000000077B000-0x000000000078C000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1964-56-0x0000000000220000-0x0000000000229000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1964-57-0x0000000000400000-0x0000000000594000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1964-58-0x0000000000400000-0x0000000000594000-memory.dmp

    Filesize

    1.6MB

    Download