Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/12/2022, 14:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    213KB

  • MD5

    7e79f54b49539f900db591d5c07af6c5

  • SHA1

    cf62c293e4206073c7a18caff58ff15fd812e14e

  • SHA256

    cc5581a7e54f55b4b84718906d49662340f8f1b2d58a11c4c525e795a2605bb0

  • SHA512

    f4b8292b1baddd0aa45e515a5cee42d608c8227cc13683a42b280810eaff3f9e7aca55bdf1a020e921ca29f3bed7c812ef39f7eac524b4f1cdd59c8c6b2d58b6

  • SSDEEP

    3072:xzLxv7RW6U+4H1spBnL7bWa8L57b/jgeLMFNHCDml:9Lx4waWnjWplbpSCa

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 6 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4440
    • C:\Users\Admin\AppData\Local\Temp\file.exe
      "C:\Users\Admin\AppData\Local\Temp\file.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:1620
  • C:\Users\Admin\AppData\Roaming\dvacaib
    C:\Users\Admin\AppData\Roaming\dvacaib
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2832
    • C:\Users\Admin\AppData\Roaming\dvacaib
      C:\Users\Admin\AppData\Roaming\dvacaib
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      • Suspicious behavior: MapViewOfSection
      PID:2036

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\dvacaib
          Filesize

          213KB

          MD5

          7e79f54b49539f900db591d5c07af6c5

          SHA1

          cf62c293e4206073c7a18caff58ff15fd812e14e

          SHA256

          cc5581a7e54f55b4b84718906d49662340f8f1b2d58a11c4c525e795a2605bb0

          SHA512

          f4b8292b1baddd0aa45e515a5cee42d608c8227cc13683a42b280810eaff3f9e7aca55bdf1a020e921ca29f3bed7c812ef39f7eac524b4f1cdd59c8c6b2d58b6

          Download Submit

        • C:\Users\Admin\AppData\Roaming\dvacaib
          Filesize

          213KB

          MD5

          7e79f54b49539f900db591d5c07af6c5

          SHA1

          cf62c293e4206073c7a18caff58ff15fd812e14e

          SHA256

          cc5581a7e54f55b4b84718906d49662340f8f1b2d58a11c4c525e795a2605bb0

          SHA512

          f4b8292b1baddd0aa45e515a5cee42d608c8227cc13683a42b280810eaff3f9e7aca55bdf1a020e921ca29f3bed7c812ef39f7eac524b4f1cdd59c8c6b2d58b6

          Download Submit

        • C:\Users\Admin\AppData\Roaming\dvacaib
          Filesize

          213KB

          MD5

          7e79f54b49539f900db591d5c07af6c5

          SHA1

          cf62c293e4206073c7a18caff58ff15fd812e14e

          SHA256

          cc5581a7e54f55b4b84718906d49662340f8f1b2d58a11c4c525e795a2605bb0

          SHA512

          f4b8292b1baddd0aa45e515a5cee42d608c8227cc13683a42b280810eaff3f9e7aca55bdf1a020e921ca29f3bed7c812ef39f7eac524b4f1cdd59c8c6b2d58b6

          Download Submit

        • memory/388-148-0x00000000022A0000-0x00000000022B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-139-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-197-0x0000000002560000-0x0000000002570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-138-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-195-0x0000000002560000-0x0000000002570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-140-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-141-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-142-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-143-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-144-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-145-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-146-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-196-0x0000000002560000-0x0000000002570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-150-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-152-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-151-0x0000000002560000-0x0000000002570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-147-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-154-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-155-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-156-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-157-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-158-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-159-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-160-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-161-0x0000000002560000-0x0000000002570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-162-0x0000000002560000-0x0000000002570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-194-0x00000000022B0000-0x00000000022C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-193-0x0000000002560000-0x0000000002570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-192-0x0000000002560000-0x0000000002570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-177-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-191-0x0000000002560000-0x0000000002570000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-190-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-189-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-171-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-172-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-173-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-174-0x00000000022B0000-0x00000000022C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-175-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-176-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-188-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-178-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-179-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-180-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-181-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-182-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-183-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-184-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-185-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-186-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/388-187-0x0000000002290000-0x00000000022A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1620-133-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1620-136-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/1620-137-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2036-170-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2036-169-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2832-168-0x0000000000718000-0x0000000000728000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4440-134-0x0000000000619000-0x000000000062A000-memory.dmp

          Filesize

          68KB

          Download

        • memory/4440-135-0x00000000005B0000-0x00000000005B9000-memory.dmp

          Filesize

          36KB

          Download