Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05/11/2022, 14:02
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
djvuredlinesmokeloadermast1000backdoorcollectiondiscoveryinfostealerpersistenceransomwarespywarestealertrojan
windows10-2004-x64
38 signatures
150 seconds
General
-
Target
file.exe
-
Size
285KB
-
MD5
6843c59f36049c4995bb8b8d7388c480
-
SHA1
cb3b694e40d18c5e38826d53fb67cfb89f4954ec
-
SHA256
ed1ac43c1959cf965024bab1d57a1ed1e14170256f003cc91ead9c5c76e09a6a
-
SHA512
30b5db941dc8faeb38aa6d6352fddecc97c50bebdc2c94de7a7d2da09ba2aa3685138d99e1615fa05acbb5d9e1f3b3de8b20cd41d2cca004448da42f3cc943ca
-
SSDEEP
3072:121qhc9ggkLf5qyrHtxlV057l8xHMVDO3sH8Dmb2AwsZGbeSxTR3HuVUs:41qqkkeNxlA7wHOO3CqS2AwsE3Oys
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1196-56-0x0000000000220000-0x0000000000229000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1196 file.exe 1196 file.exe 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found 1388 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1196 file.exe