Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
25/12/2022, 12:30
General
-
Target
f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce.exe
-
Size
232KB
-
MD5
612690d2d2a6c5aec8e5b623e2c390cf
-
SHA1
8f05ab45296839473b91afd9f4ad158f6bd1c2ba
-
SHA256
f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce
-
SHA512
894691078f834e5038c03ab32d46fee12719af18357c48cdd9b511c196828b9e64d8d10a563aac7693eb024fd968fcb2085af03b9072acf7eb58bb9f0888f88c
-
SSDEEP
3072:sl8NLawRLUhJ5hX6YMnfaJJZ4s2/nIVzW+5SeAddxZtJ/SRLjw7RkxmJZs:tLFRLk7J/4BEW+ce6dxPJ/SZGymI
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE 3 IoCs
-
Uses the VBS compiler for execution 1 TTPs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 19 IoCs
-
Suspicious use of WriteProcessMemory 52 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce.exe"C:\Users\Admin\AppData\Local\Temp\f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\AppData\Local\Temp\DA38.exeC:\Users\Admin\AppData\Local\Temp\DA38.exe1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DD75.exeC:\Users\Admin\AppData\Local\Temp\DD75.exe1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E12F.exeC:\Users\Admin\AppData\Local\Temp\E12F.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD59748489855d9dd82ab09da5e3e55b19e
SHA16ed2bf6a1a53a59cd2137812cb43b5032817f6a1
SHA25605bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b
SHA5127eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be
-
Filesize
4KB
MD59748489855d9dd82ab09da5e3e55b19e
SHA16ed2bf6a1a53a59cd2137812cb43b5032817f6a1
SHA25605bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b
SHA5127eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be
-
Filesize
4KB
MD59748489855d9dd82ab09da5e3e55b19e
SHA16ed2bf6a1a53a59cd2137812cb43b5032817f6a1
SHA25605bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b
SHA5127eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be
-
Filesize
4KB
MD59748489855d9dd82ab09da5e3e55b19e
SHA16ed2bf6a1a53a59cd2137812cb43b5032817f6a1
SHA25605bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b
SHA5127eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be
-
Filesize
67KB
MD5666d8f33d37064fd5d14e2166c9bfa69
SHA13b27df9335a9b2efe9da1057e9f8312a72d1ca9d
SHA2567fddf1b75f50d43214867f367223f2d241d62ae63deea334d051c0ee19d18157
SHA512ac3c993f019bb402db474fda65d587ae7717725eea9b3a869acd3530543b7b94d354f19474f6b1c7fc760b5b22622328def2bef26e3900c186b16e8a3d3b90df
-
Filesize
67KB
MD5666d8f33d37064fd5d14e2166c9bfa69
SHA13b27df9335a9b2efe9da1057e9f8312a72d1ca9d
SHA2567fddf1b75f50d43214867f367223f2d241d62ae63deea334d051c0ee19d18157
SHA512ac3c993f019bb402db474fda65d587ae7717725eea9b3a869acd3530543b7b94d354f19474f6b1c7fc760b5b22622328def2bef26e3900c186b16e8a3d3b90df
-
Filesize
408KB
-
Filesize
88KB
-
Filesize
48KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
44KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
60KB
-
Filesize
376KB
-
Filesize
376KB
-
Filesize
36KB
-
Filesize
68KB
-
Filesize
44KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
10.8MB
-
Filesize
28KB
-
Filesize
52KB
-
Filesize
28KB
-
Filesize
156KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
20KB
-
Filesize
36KB
-
Filesize
20KB
-
Filesize
36KB
-
Filesize
20KB
-
Filesize
20KB
-
Filesize
10.8MB
-
Filesize
32KB
-
Filesize
44KB
-
Filesize
32KB
-
Filesize
32KB