Analysis
-
max time kernel
174s -
max time network
186s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06-12-2022 06:31
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
General
-
Target
file.exe
-
Size
320KB
-
MD5
358c190a4987765cd80fbdac29da3ced
-
SHA1
3abfd5446169a85446ef8b23cfe73a35bfdf9e21
-
SHA256
9caa09c05538d36e5498775f0291c4c44c893a96dff07cf27257930288b38472
-
SHA512
4d51d70e3663de93df957c298d4dccb227674b0d1d9ce8ff5e9e150628697763a1c9ee736cf5a55a37f0501121696f1de091a199491673654da078bc707710b6
-
SSDEEP
3072:i08XpGWT8yTXQqnLLftJJLg5aOxNYMjMtAqmKylcIi5iq4qwjxbEMJds0Svt:At8yT/LLVJJLTmYMjMtAqZlIQi59EcF
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2200-133-0x0000000000030000-0x0000000000039000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
file.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
file.exepid process 2200 file.exe 2200 file.exe 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 2832 -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
pid process 2832 -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
file.exepid process 2200 file.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2200-133-0x0000000000030000-0x0000000000039000-memory.dmpFilesize
36KB
-
memory/2200-132-0x0000000000733000-0x0000000000749000-memory.dmpFilesize
88KB
-
memory/2200-134-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2200-135-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB