General
-
Target
3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc
-
Size
311KB
-
Sample
221219-rnh8safb99
-
MD5
e471ee462cabc829b7f98094ec9ed40c
-
SHA1
6f9bc1e5a5df156c9f0fc8fbd6cfc52eef7dd868
-
SHA256
3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc
-
SHA512
22b5ae685ea50787fc5048e9ce894fe7aaca952b321e2af66967a3fb676f578754eb194a710af7072e3604e18a0a016f2df8a96f05d0ccf1009fb3c4e89b3259
-
SSDEEP
6144:sSlLoqgLs+GSquhTLIpbPIiIHmvEK8H4rWlRjO1n:ssUqgVqynIpbPIDGcKfrW9u
Static task
static1
Behavioral task
behavioral1
Sample
3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc
-
Size
311KB
-
MD5
e471ee462cabc829b7f98094ec9ed40c
-
SHA1
6f9bc1e5a5df156c9f0fc8fbd6cfc52eef7dd868
-
SHA256
3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc
-
SHA512
22b5ae685ea50787fc5048e9ce894fe7aaca952b321e2af66967a3fb676f578754eb194a710af7072e3604e18a0a016f2df8a96f05d0ccf1009fb3c4e89b3259
-
SSDEEP
6144:sSlLoqgLs+GSquhTLIpbPIiIHmvEK8H4rWlRjO1n:ssUqgVqynIpbPIDGcKfrW9u
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-