Analysis
-
max time kernel
149s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
29/10/2022, 16:33
Static task
static1
Behavioral task
behavioral1
Sample
51e0c286d021486c952d497dcc78fe87.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
51e0c286d021486c952d497dcc78fe87.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
51e0c286d021486c952d497dcc78fe87.exe
-
Size
260KB
-
MD5
51e0c286d021486c952d497dcc78fe87
-
SHA1
13ff8a56db4a6445505f35015b50727d163e4592
-
SHA256
28815400993d7fc9ffd14560291d2a9441effad98ffcd722b7501bf95c44d436
-
SHA512
7bf579bda867425a63e0c51ac33b5925f3cfc570f8b25888063c11314b1fedf54a9c3ae2a2d9812963a1b4eaa6396e38d6e7d56fa6e6c66c5bf388dfcf969d9b
-
SSDEEP
3072:4Z/ExBRK6SILh2MA/q5h9fNAcEKmy722YwiZV7EYUB7wz4Qj/KO1pM/h3s:dxBsPILAMpf+bODQ4d724QrKK
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1752-56-0x0000000000230000-0x0000000000239000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 51e0c286d021486c952d497dcc78fe87.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 51e0c286d021486c952d497dcc78fe87.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 51e0c286d021486c952d497dcc78fe87.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1752 51e0c286d021486c952d497dcc78fe87.exe 1752 51e0c286d021486c952d497dcc78fe87.exe 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found 1236 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1236 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1752 51e0c286d021486c952d497dcc78fe87.exe