Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
04/01/2023, 08:06
Static task
static1
Behavioral task
behavioral1
Sample
39021047c13e6054cb6e714f20563565.exe
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
39021047c13e6054cb6e714f20563565.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
General
-
Target
39021047c13e6054cb6e714f20563565.exe
-
Size
314KB
-
MD5
39021047c13e6054cb6e714f20563565
-
SHA1
c4a4a3e2eac3cc8b410c7ebeab2d376f2b514e95
-
SHA256
0cb4087b8d532e5fae9ff5d39815fd9b394f9e12cbf783a32329f925022350bc
-
SHA512
6f8272c3fe0e475b533db861388731138de49195081b06ff3791c80f4feb07939b8695bfa3c83746655011fff3e73f65371b1b44dbc72e64d9d2ccee072d5b9f
-
SSDEEP
6144:zdjdLbFiXyOjzninVBGb6wlEA/qXD3cAyjcbxe:zjtiCGzniVBGb3EAEDMAygV
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1244-56-0x0000000000220000-0x0000000000229000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 39021047c13e6054cb6e714f20563565.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 39021047c13e6054cb6e714f20563565.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 39021047c13e6054cb6e714f20563565.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1244 39021047c13e6054cb6e714f20563565.exe 1244 39021047c13e6054cb6e714f20563565.exe 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found 1188 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1188 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1244 39021047c13e6054cb6e714f20563565.exe