Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07-11-2022 12:31
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
file.exe
-
Size
217KB
-
MD5
48ff8797395c3285bf8464c0d64db3d3
-
SHA1
5676eb4d1b3cbeb5427cc09fe84f7cbdbda81b0d
-
SHA256
974b8ae531a20676d7bc80cadcbcfd10279c922c8bcec84a53c65ac5403a6ad5
-
SHA512
0880446f30946924740fa04e97fa2a4f858d88873baf3ef0bcd27640e1d97551b8f6b9a558ad0f869f4ba18cf2ed3ec400abd08d525cbaa7423697d73a6e8cbc
-
SSDEEP
3072:/3Hqjma8ki58+ACLOa5QC561hN5FwB51THOyg3f+kgiJ/XM160lsERu:/3Ym/rtLx5ubwBLTbgvMat
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral2/memory/5000-133-0x00000000006F0000-0x00000000006F9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 5000 file.exe 5000 file.exe 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found 760 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 760 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 5000 file.exe