Analysis
-
max time kernel
150s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
28/12/2022, 23:42
Static task
static1
Behavioral task
behavioral1
Sample
09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe
-
Size
230KB
-
MD5
d72f196d671e6ed07655df95bcf8e5ea
-
SHA1
39fbd6707b3ff236e7b4db91056c8e7229d88a20
-
SHA256
09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d
-
SHA512
c49da584ab86720d757862d64069e27a65464dcd930d543ae17e5b0a31218c9b92e730fe874a5ab52301b1bb73470e661af453910f5570cd6387a974a6e1ce1d
-
SSDEEP
3072:CWslLTlKjN5UZQC58aOB/binsSZTscsieCHSM7iiT4PtYKs/xAI99:SlLTlI6QUyh3SxJs7CrP41YDZ
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1804-56-0x0000000000220000-0x0000000000229000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1804 09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe 1804 09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found 1244 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1244 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1804 09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe"C:\Users\Admin\AppData\Local\Temp\09e2a2e3eaf3cca33bc8529ac46be060d34e144fbb6376356af679e2e7552e1d.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1804