Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
271s -
max time network
287s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
25/11/2022, 23:39
General
-
Target
85babae9d92830e5e66989c0334690108dc5ea99f5c0fcbb31a0cfa91482f0ef.exe
-
Size
167KB
-
MD5
4a64d7d703c6884e6eb5ba5df8454c09
-
SHA1
8e74eca90f1c440ba882bb71754aea5a8705b569
-
SHA256
85babae9d92830e5e66989c0334690108dc5ea99f5c0fcbb31a0cfa91482f0ef
-
SHA512
db59b8bb52534e101a85e99819a7cd17da4ae4ad38cd62acae0fab0b651ffcc87ad6f6d30387ce49cd8e6c1e9cf33bcc17156145354684a71b4e26607009e963
-
SSDEEP
3072:hRouTQ9KWS0KEVu5fHd39r+0hmpeQ/X+b9CPYVxG:hpc80KEG939Zh02hoYVw
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 2 IoCs
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\85babae9d92830e5e66989c0334690108dc5ea99f5c0fcbb31a0cfa91482f0ef.exe"C:\Users\Admin\AppData\Local\Temp\85babae9d92830e5e66989c0334690108dc5ea99f5c0fcbb31a0cfa91482f0ef.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
-
Filesize
36KB
-
Filesize
3.0MB
-
Filesize
64KB
-
Filesize
36KB
-
Filesize
3.0MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB