Analysis
-
max time kernel
220s -
max time network
247s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
05-12-2022 23:24
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
file.exe
-
Size
273KB
-
MD5
d8561b11d67b1ca53dff22409d35c99d
-
SHA1
acde4e6ad2e0ec8202b998b9d6bf248f2df05758
-
SHA256
e556cf437e16121da120fb5302ab76cc5d11e6bc2e749e31004915f9ba791761
-
SHA512
488dddcec48ce31c22c955fa2a7ea4422a48fddfa3dd6d6fdf383cd3dbe940e5e0376dd43b11730859df5acde8f48ef1d02c473058817299d58dfdca291f0809
-
SSDEEP
3072:7B2XVpXYcmeVjHET8aoWn52i81bXkO5TRQwnkq3JkiVRvJTcp8yDNYgV2qs64C:7BeUmET8ayiEUrWkqZkIDcvNVS
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral2/memory/2172-133-0x00000000005B0000-0x00000000005B9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2172 file.exe 2172 file.exe 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found 2476 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2476 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2172 file.exe