Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02/11/2022, 13:03
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
amadeydjvuredlinesmokeloadergoogle2mario23_10slovarik1btcbackdoorcollectiondiscoveryinfostealerpersistenceransomwarespywarestealertrojanupx
windows10-2004-x64
37 signatures
150 seconds
General
-
Target
file.exe
-
Size
322KB
-
MD5
e6aa25f27922ba4a68f4b3abcaa8267c
-
SHA1
410942b935f569d906a2ce7a2fa75f9c63cdd7e0
-
SHA256
e7bbc40e96e3caab80c38ae13b897438c03600e29ed07b128393bb713dd7951b
-
SHA512
a6d93adc5969b02e56f65a9e28a57e384926b44d3db2cdcd969d3806b57538b191231b1b8f870c3ee1110ef2cfe038086b7f2e600798b5c74856d71ad4abbd7f
-
SSDEEP
3072:hnq8r2A3okywgUh5y1NuftmPN2LNqMj0R7k5zgSsc/jj879UUVggjcGkNIVqI:E8r2iy/StmP2NtjgizpsG+977ITsq
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/948-56-0x0000000000220000-0x0000000000229000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 948 file.exe 948 file.exe 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found 1268 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 948 file.exe