Analysis
-
max time kernel
150s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
07/01/2023, 07:06
Static task
static1
Behavioral task
behavioral1
Sample
c381deebc66153d21111d53654b38270.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c381deebc66153d21111d53654b38270.exe
Resource
win10v2004-20220812-en
General
-
Target
c381deebc66153d21111d53654b38270.exe
-
Size
300KB
-
MD5
c381deebc66153d21111d53654b38270
-
SHA1
642f0cc887c5e3277878ee374fdf985b8c5d0687
-
SHA256
6fb4667290e8cf88e1e749120d054be161eb5ed1eaf2d1e2eb51c6121bcbce5d
-
SHA512
dd0d46f558e3921e773369d79fa1cb78020d4479a1eae0006aa492be081687cc7124a0dd7e83eb8ae2d02361308242c03ed1714708f7148154cf4e55e61f8bcf
-
SSDEEP
3072:xHXALoogecS5AMFXqpyA+SPc++IBWSpyim7QXC9IXfWHgqyI4xZdAqTv0BJ1:JALohecRMFXbe0g9S7Qpf+a1v0BJ
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1352-56-0x0000000000220000-0x0000000000229000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI c381deebc66153d21111d53654b38270.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI c381deebc66153d21111d53654b38270.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI c381deebc66153d21111d53654b38270.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1352 c381deebc66153d21111d53654b38270.exe 1352 c381deebc66153d21111d53654b38270.exe 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found 1360 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1360 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1352 c381deebc66153d21111d53654b38270.exe