Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2022, 05:55
Static task
static1
Behavioral task
behavioral1
Sample
fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835.exe
-
Size
210KB
-
MD5
5969b439e7bbe9157cba83f31ec690f0
-
SHA1
c8da785fbce898a56cc5851458eeae04aacdce17
-
SHA256
fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835
-
SHA512
3cc95b2e80a7206da2e670f82f515d61210e5f99ccb9d9f150c9a16e3383832829cfb0c82768c55c1ecf742af8ca5edef2579583a2776df40464654a9a49d27c
-
SSDEEP
3072:9sTH6uT1aNM9B/wDLxPp6t2X52eBWdaQIIM5HX6wipEBbrBx:9sBTIemLxPpvsWGw7BbF
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/2268-133-0x0000000000710000-0x0000000000719000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2268 fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835.exe 2268 fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835.exe 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found 2424 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2424 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2268 fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835.exe"C:\Users\Admin\AppData\Local\Temp\fd2f67b0252135590556d0ecb948db806154d30a503cee579521ce716c8f7835.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2268