Analysis
-
max time kernel
150s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
18/12/2022, 07:46
Static task
static1
Behavioral task
behavioral1
Sample
14fc3f7aa86e6a1d3aa9f495f655bd3c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
14fc3f7aa86e6a1d3aa9f495f655bd3c.exe
Resource
win10v2004-20220812-en
General
-
Target
14fc3f7aa86e6a1d3aa9f495f655bd3c.exe
-
Size
215KB
-
MD5
14fc3f7aa86e6a1d3aa9f495f655bd3c
-
SHA1
e2b3671d1ea075869364feae1bb25211d1b67eb3
-
SHA256
3fda0717577158ee8900f86e513ed75353c6318a406ac58c5d65b7879416c51c
-
SHA512
dd774eebdfc759e5b7f724641dab1239abb810a905713c848921dc79a487389d0debcedf9427023abf3bc1882426216200ef0e13d38c2c820e4a8111193e233d
-
SSDEEP
3072:aT/HcX0LGlZwRNcycMvIdu++dbKgcVW3ni9D8/g3xodZWGhG/G3ERWR3Le:S/HC0LGlVvMAdu1FJni9Ag3CBGuU0V6
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1336-57-0x0000000000220000-0x0000000000229000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 14fc3f7aa86e6a1d3aa9f495f655bd3c.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 14fc3f7aa86e6a1d3aa9f495f655bd3c.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 14fc3f7aa86e6a1d3aa9f495f655bd3c.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1336 14fc3f7aa86e6a1d3aa9f495f655bd3c.exe 1336 14fc3f7aa86e6a1d3aa9f495f655bd3c.exe 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1248 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1336 14fc3f7aa86e6a1d3aa9f495f655bd3c.exe