Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24/11/2022, 05:47
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
file.exe
-
Size
186KB
-
MD5
881eec7049674ec1697517325fadded9
-
SHA1
19960cac800acdb7a86dcf2e56218ae39772afb0
-
SHA256
cf8869f3a5aa02619b1fcfccaa16994b9f99b6f6530b9c1055af23b0e391a8e0
-
SHA512
5d9544b4589c567aef2045456f3285c518692e9d920847a9e376a0938c9e105e2edca2fd8310f9a3a56d1b6f857e9ce8653a4632c75fe6a5bddbb50ce666f6ba
-
SSDEEP
3072:AAtdUN456oau1gLfBnD9n0B51xIq6Cplm1phsnF1ma87O:tdoohgLfBDlmxIqnuphsWa
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1488-56-0x00000000002A0000-0x00000000002A9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1488 file.exe 1488 file.exe 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1488 file.exe