General
-
Target
7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e
-
Size
215KB
-
Sample
221218-2d281sgh2x
-
MD5
efdffe31016f54cbc72a8b17503bc7dc
-
SHA1
5259431d6043506c31a1c15c2de50d0f0ec6444f
-
SHA256
7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e
-
SHA512
da538d14bd416626220f73cbbc33d025b91b5904089f52eb02caf5caa308896ef31b1f8d1e7eb127108026c5584e05abfbef91d65b1898173f085700cd6b2ddf
-
SSDEEP
3072:WBTMKLdpMpNaRyyhewP0YfUNX61SuSdaNRAtOba+/zdn+hjcbImdzmuX:WKKLDMpfUfW61480Mdn+hjcbXF
Static task
static1
Behavioral task
behavioral1
Sample
7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e
-
Size
215KB
-
MD5
efdffe31016f54cbc72a8b17503bc7dc
-
SHA1
5259431d6043506c31a1c15c2de50d0f0ec6444f
-
SHA256
7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e
-
SHA512
da538d14bd416626220f73cbbc33d025b91b5904089f52eb02caf5caa308896ef31b1f8d1e7eb127108026c5584e05abfbef91d65b1898173f085700cd6b2ddf
-
SSDEEP
3072:WBTMKLdpMpNaRyyhewP0YfUNX61SuSdaNRAtOba+/zdn+hjcbImdzmuX:WKKLDMpfUfW61480Mdn+hjcbXF
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-