Analysis

  • max time kernel
    153s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 22:55

General

  • Target

    91f652990763a1ab5d84684790c5b5594028fec3801f38c69a2d58c0d91e1f88.exe

  • Size

    148KB

  • MD5

    fa907316045e5f7bfb76ecdd647e0beb

  • SHA1

    8e7a1fa58f0177bbd6481c5bac4e84e9d563abf4

  • SHA256

    91f652990763a1ab5d84684790c5b5594028fec3801f38c69a2d58c0d91e1f88

  • SHA512

    1464560191cdedb62fdcd53028b15eba2a59d84f3d267332b2c07b076c142c9c1bfa27bc41d99b1c9b5a0a89c86fa765a5847832c157e4c2ed323e050d00c114

  • SSDEEP

    3072:SXUzDjSuaWh5OvRZlf8x+ThQ20NxhgTx:ckD2ua/vzV+20NbQ

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\91f652990763a1ab5d84684790c5b5594028fec3801f38c69a2d58c0d91e1f88.exe
    "C:\Users\Admin\AppData\Local\Temp\91f652990763a1ab5d84684790c5b5594028fec3801f38c69a2d58c0d91e1f88.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:548

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/548-54-0x0000000076831000-0x0000000076833000-memory.dmp

    Filesize

    8KB

  • memory/548-56-0x0000000000230000-0x0000000000239000-memory.dmp

    Filesize

    36KB

  • memory/548-55-0x0000000000BDB000-0x0000000000BEC000-memory.dmp

    Filesize

    68KB

  • memory/548-57-0x0000000000400000-0x0000000000AD7000-memory.dmp

    Filesize

    6.8MB

  • memory/548-58-0x0000000000400000-0x0000000000AD7000-memory.dmp

    Filesize

    6.8MB