Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    165s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/11/2022, 05:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    144KB

  • MD5

    c1f8a4b2c2a1860ad80af57ea4669efa

  • SHA1

    e52436d8d8d9ff8a4e41668ac7f4e2f49e495126

  • SHA256

    df739f6af2b830e5494a89d291d6d75713383d015c2ac1b61c718d26270d1262

  • SHA512

    854be658964b6c4360ad58424f81c565e6958a74276e1d539358de554bd7c71fa9565b199cf3c5354432069dd49f10801fc08ec37e9e123f3820242c23d450b2

  • SSDEEP

    3072:wxzevrZuun1S+5nfxJv2CisQMuhJhuthLml/:+evQ41vlQMwhuW

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1088
  • C:\Users\Admin\AppData\Local\Temp\B87D.exe
    C:\Users\Admin\AppData\Local\Temp\B87D.exe
    1⤵
    • Executes dropped EXE
    PID:4084

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\B87D.exe
          Filesize

          3.6MB

          MD5

          7d9db457b9ad7a4ba3e295d7d57aa700

          SHA1

          5b4d68862b7e28eb2db4f53633c28c97a9778bc1

          SHA256

          61861d7235d4a8e8d56e6128865c4f27adb41b631723f79646839c8cc1148c66

          SHA512

          93a7aa69c2906611fbacade03c726030d94bc80d666fa80e8bd7b4e1295482b034e5b77952bae40a9959090ba11fa849c437edddfbd05382f335e71815e0cb06

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\B87D.exe
          Filesize

          3.4MB

          MD5

          3243a67484222542ec8730014aaeaad9

          SHA1

          ec7751ea97e276e526ffd1e33d15649845220bb6

          SHA256

          ed1a980332ed9dcf76c786de7104c0aa26dd768da973f9e5946c837d2e99b79d

          SHA512

          83dd79ca2f49e701764110a0959bf9944257087e80b6a9336b6a49f80f491ebf0306371ec74c06916c4ce3afec89827e493dfb076a4c092c3eddc5f8ae8ab8fe

          Download Submit

        • memory/1088-132-0x000000000084D000-0x000000000085D000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1088-133-0x00000000007B0000-0x00000000007B9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1088-134-0x0000000000400000-0x000000000045A000-memory.dmp

          Filesize

          360KB

          Download

        • memory/1088-135-0x000000000084D000-0x000000000085D000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1088-136-0x0000000000400000-0x000000000045A000-memory.dmp

          Filesize

          360KB

          Download

        • memory/2644-137-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-138-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-139-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-140-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-141-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-142-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-143-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-144-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-145-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-146-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-147-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-148-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-149-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-150-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-151-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-152-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-153-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-154-0x0000000001340000-0x0000000001350000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-155-0x0000000001340000-0x0000000001350000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-156-0x0000000001340000-0x0000000001350000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-157-0x0000000001340000-0x0000000001350000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-158-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-159-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-160-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-161-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-162-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-163-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-164-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-165-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-166-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-167-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-168-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-169-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-170-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-171-0x00000000030C0000-0x00000000030D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-172-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-173-0x00000000030D0000-0x00000000030E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-174-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-175-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-176-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-177-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-178-0x00000000030D0000-0x00000000030E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-179-0x0000000001300000-0x0000000001310000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-180-0x00000000030C0000-0x00000000030D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-181-0x00000000030D0000-0x00000000030E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-182-0x00000000030D0000-0x00000000030E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2644-183-0x00000000030D0000-0x00000000030E0000-memory.dmp

          Filesize

          64KB

          Download