Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
19-10-2022 19:59
Static task
static1
Behavioral task
behavioral1
Sample
77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe
-
Size
229KB
-
MD5
323eec36d438709a3e745d5247cc83e9
-
SHA1
55b2bd1311736bf3a4125d8dffa69a922d3f75f6
-
SHA256
77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a
-
SHA512
eed56a1049498786381070f3ac30f5849a4408b5e9be36e1cc45188e18cd36836e7e67bf13d4882e15ca54e0759ee93bb14b1af880ba8d7c6e783ea6b1114c99
-
SSDEEP
3072:tb5+USHs19cAqdLzrYrWqXPq6FVrcFep81sX9C/byeD/HPGWF5:tblUsfoLPYrXPrcIp8EtE+
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1204-57-0x00000000002A0000-0x00000000002A9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1204 77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe 1204 77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found 1288 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1288 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1204 77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe"C:\Users\Admin\AppData\Local\Temp\77cb80456d210a88217896c269e59867528f06d7989ef085e450a087d069606a.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1204