Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
01/11/2022, 11:01
Static task
static1
Behavioral task
behavioral1
Sample
3e33cba3607467b99b975f6b69b90dfa3d63fc670e844.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
3e33cba3607467b99b975f6b69b90dfa3d63fc670e844.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
3e33cba3607467b99b975f6b69b90dfa3d63fc670e844.exe
-
Size
320KB
-
MD5
d4fae7a6d40bfaced3456d116c06636b
-
SHA1
08be33fe4ef5d9600b401b8d188da09236fe6ad8
-
SHA256
3e33cba3607467b99b975f6b69b90dfa3d63fc670e8449f37dd7c3356ec39fd3
-
SHA512
38788407eb16e8583099a0ba82c90e9c02fff037aba46b5fd381db87c7ed74a3625b27fd5e57fafa93c4ad08a7499706656630d45e47c7724762d79ce04ed471
-
SSDEEP
3072:XE1wAS2i/i5li6Y+VcuOuNMxCnFSe2KdVDAiFJRgO0VggjcGkNIVqIV7:uwAS2iapYacuO+QaJrDR3RXw7ITsq
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/768-56-0x00000000001B0000-0x00000000001B9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 3e33cba3607467b99b975f6b69b90dfa3d63fc670e844.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 3e33cba3607467b99b975f6b69b90dfa3d63fc670e844.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 3e33cba3607467b99b975f6b69b90dfa3d63fc670e844.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 768 3e33cba3607467b99b975f6b69b90dfa3d63fc670e844.exe 768 3e33cba3607467b99b975f6b69b90dfa3d63fc670e844.exe 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found 1396 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 768 3e33cba3607467b99b975f6b69b90dfa3d63fc670e844.exe