Analysis
-
max time kernel
150s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
16/12/2022, 16:02
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
16 signatures
150 seconds
General
-
Target
file.exe
-
Size
215KB
-
MD5
d1cf3c8a3990acddc9de7443ebf35c90
-
SHA1
ef0af0bed701b78ee4b94a3cd0895a759b3687d9
-
SHA256
660484295e9e209725d9c96fc84d21a8dd880182f5d07e06805cf4a73a6cbe7d
-
SHA512
6ab7f4460205421a78504f7ec9d4a70221d68be4ff4ee0701726bdd234f9c7ed00eace14effbf90b1c012ee4085a8c7e8f8740a6694f9e2945bbdb92166b8312
-
SSDEEP
3072:qZaH24LUBio6SRvwNLqOCbUokAF9VM7dweJvBLsz3rOLQRyzT40zwUzQRKF+:UCL6iUAxokM92GehBgz3rOEy340M2b
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1696-57-0x00000000003A0000-0x00000000003A9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1696 file.exe 1696 file.exe 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found 1284 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1284 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1696 file.exe