Overview

overview

10

Static

static

10

7e057353f3...ab.exe

windows7-x64

10

7e057353f3...ab.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/12/2022, 10:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e057353f31e374c964a61d9364b9b55017fa9bec62a2717b7d527773a36e6ab.exe

  • Size

    30KB

  • MD5

    0e1800e4c50951aeebdf95d8e37dd738

  • SHA1

    e69af9f01880a973d4235582a5abf887b494f73e

  • SHA256

    7e057353f31e374c964a61d9364b9b55017fa9bec62a2717b7d527773a36e6ab

  • SHA512

    dedf798c5ec483988dcc718d378bcc49d58b0b3e1624624ca814476b3d260ab2019ed6f0a02ad8c639a5471b2fdd308cfe906caee12991b99ce6bda1fa8c98fe

  • SSDEEP

    768:hG7spfR8RX35MzADt9JgXAtL9q3eDXBQjN:E7CsBDt9Jbl7C

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 2 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e057353f31e374c964a61d9364b9b55017fa9bec62a2717b7d527773a36e6ab.exe
    "C:\Users\Admin\AppData\Local\Temp\7e057353f31e374c964a61d9364b9b55017fa9bec62a2717b7d527773a36e6ab.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4564

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2756-134-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-135-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-136-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-137-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-138-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-139-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-140-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-141-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-142-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-143-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-144-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-145-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-146-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-147-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-148-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-149-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-150-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-151-0x00000000030F0000-0x0000000003100000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-152-0x0000000003110000-0x0000000003120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-153-0x0000000003110000-0x0000000003120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-154-0x0000000003110000-0x0000000003120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-155-0x0000000003110000-0x0000000003120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-156-0x0000000003110000-0x0000000003120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-157-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-158-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-159-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-160-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-161-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-162-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-163-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-164-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-165-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-166-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-167-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-168-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-169-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-170-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-171-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-172-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-173-0x00000000030E0000-0x00000000030F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-174-0x0000000001090000-0x00000000010A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-175-0x00000000010B0000-0x00000000010C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-176-0x00000000010B0000-0x00000000010C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-177-0x00000000010B0000-0x00000000010C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-178-0x0000000001090000-0x00000000010A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-179-0x00000000010B0000-0x00000000010C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-180-0x00000000010B0000-0x00000000010C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2756-181-0x00000000010B0000-0x00000000010C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-132-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4564-133-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download