Analysis
-
max time kernel
151s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
20/10/2022, 13:13
Static task
static1
Behavioral task
behavioral1
Sample
46dc0199f3471f3cc620c4a52770c1e1.exe
Resource
win7-20220901-en
windows7-x64
6 signatures
150 seconds
General
-
Target
46dc0199f3471f3cc620c4a52770c1e1.exe
-
Size
229KB
-
MD5
46dc0199f3471f3cc620c4a52770c1e1
-
SHA1
b56e80b3fb1b4b10b78a782f20b0da2e9b6aaef2
-
SHA256
8ac18534e46b93c2cfa2b9b35cffdb3b5cce368ca9aec59b5533c32c5fdc037a
-
SHA512
92b4835320a3b73d18881322f6210d43f3b92e467dcce5ad8864f839609603c1fcfa10da92ccd6f9a3917fe321382ab32f9e08f64b3d949e556e4b53cdf183f3
-
SSDEEP
3072:8028E+Z0FPC/EAwLrOgheWUMm9y4HLZRBVhSN95moZkE+axTfifzBr59mb+:80x0oEPLqghexx+NLNuW7iLpji
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/852-57-0x00000000003A0000-0x00000000003A9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 46dc0199f3471f3cc620c4a52770c1e1.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 46dc0199f3471f3cc620c4a52770c1e1.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 46dc0199f3471f3cc620c4a52770c1e1.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 852 46dc0199f3471f3cc620c4a52770c1e1.exe 852 46dc0199f3471f3cc620c4a52770c1e1.exe 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found 1280 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1280 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 852 46dc0199f3471f3cc620c4a52770c1e1.exe