Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04/11/2022, 19:26
Static task
static1
Behavioral task
behavioral1
Sample
6b2417eeac6a435ce8ef52ec4b98082b.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
6b2417eeac6a435ce8ef52ec4b98082b.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
6b2417eeac6a435ce8ef52ec4b98082b.exe
-
Size
292KB
-
MD5
6b2417eeac6a435ce8ef52ec4b98082b
-
SHA1
46a459c36a345038af6cf8ebf2d9bfa4db1a8df0
-
SHA256
9804e56a73b0af43b7b519da92467c63365bf8cdd27090e2b0641616b9992632
-
SHA512
46a395a047075979cc36b3415750c9a837a3975d8b2ddaa86c0c870687e93427a91fcb9192f0caec06bf6724ee060a940272bb0dae185bf920f1fa6ab9616cb4
-
SSDEEP
3072:31S1BIEjT02LyIk3u5rAy3zzStYfMoNwIYt2Y03P5emgbvQih/98KD:ABI92Le3q3itYfLJ9Y03P5emgT7/L
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1184-56-0x00000000001B0000-0x00000000001B9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 6b2417eeac6a435ce8ef52ec4b98082b.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 6b2417eeac6a435ce8ef52ec4b98082b.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 6b2417eeac6a435ce8ef52ec4b98082b.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1184 6b2417eeac6a435ce8ef52ec4b98082b.exe 1184 6b2417eeac6a435ce8ef52ec4b98082b.exe 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found 1412 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1184 6b2417eeac6a435ce8ef52ec4b98082b.exe